#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://www.apache.org/docs/> for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# After this file is processed, the server will look for and process
# /etc/httpd/conf/srm.conf and then /etc/httpd/conf/access.conf
# unless you have overridden these with ResourceConfig and/or
# AccessConfig directives here.
#
# The configuration directives are grouped into three basic sections:
# 1. Directives that control the operation of the Apache server process as a
# whole (the 'global environment').
# 2. Directives that define the parameters of the 'main' or 'default' server,
# which responds to requests that aren't handled by a virtual host.
# These directives also provide default values for the settings
# of all virtual hosts.
# 3. Settings for virtual hosts, which allow Web requests to be sent to
# different IP addresses or hostnames and have them handled by the
# same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "/usr/local/apache" will be interpreted by the
# server as "/usr/local/apache/logs/foo.log".
#
### Section 1: Global Environment
###
### 一:设置全局环境
###
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# ServerType is either inetd, or standalone. Inetd mode is only supported on
# Unix platforms.
#
#设置服务器的类型,您可以选择standalone,如果您的服务器经常性的被访问,那么可以选择此项,
#如果不是被经常访问,您应该选择inetd。但是选择inetd会让每次连接的速度变慢。
#
ServerType standalone
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
# 指定APACHE的服务配置文件和记录文件
#
ServerRoot "/etc/httpd"
#
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
#
# 由于APACHE可以支持并发连接,为了不会造成冲突,就需要加锁。利用LOCAKFILE来指定httpd
# 守护进程的加锁文件。此参数一般不需要太多的设置
#
LockFile /var/run/httpd.lock
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
# 利用PIDFILE指定httpd.pid来记录httpd的进程号。对于httpd只有一个进程为最初启动的进程,
# 当httpd在启动其他进程时,都是这个最初进程的子进程。如果对最初进程发送信号,将影响所有子
# 进程。
#
PidFile /var/run/httpd.pid
#
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this. But if yours does (you'll know because
# this file will be created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
#
# 主要用来维护WEB SERVER服务器内部程序信息的记录文件。一般都不用改变,如果您打算在一台计算机
# 上建立多个WEB SERVER,您必须为每个Apache设置独立的文件。
# ScoreBoardFile /var/run/httpd.scoreboard
#
ScoreBoardFile logs/apache_runtime_status
#
# In the standard configuration, the server will process httpd.conf (this
# file, specified by the -f command line option), srm.conf, and access.conf
# in that order. The latter two files are now distributed empty, as it is
# recommended that all directives be kept in a single file for simplicity.
# The commented-out values below are the built-in defaults. You can have the
# server ignore these files altogether by using "/dev/null" (for Unix) or
# "nul" (for Win32) for the arguments to the directives.
#
# 以下这两个参数ResourceConfig和AccessConfig是为了与过去的Apache使用srm.conf和access.conf
# 兼容而设立的.一般可以注销就OK了。
#
#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf
#
# Timeout: The number of seconds before receives and sends time out.
#
# 如果客户端在超过多少秒还未有请求给服务器,服务器就自动断开这个连接。
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
# 如果您的HTTP是1.1的话应该启动将OFF改为ON,这样就不用客户端每要求一个传输就启动一个
# 连接,而在过去的1.0中客户端每要求一个传输就要启动一个连接。现在比较新的浏览器都支持。
#
KeepAlive Off
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
# 定义每一次连接可以进行的HTTP请求的最大请求数。零为无限制。
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
# 如果服务器在完成一次连接,但客户端在完成连接后就一直没再次请求连接,则过多少秒后服务器
# 自动断开这个连接。
#
KeepAliveTimeout 15
#
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
#
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. The default values are probably OK for most sites.
#
# Apache一般都用创建子进程来响应一个请求,如果每次连接都创建一个子进程那么WEB
# SERVER的反应会变得很慢。因此可以在MinSpareServers和MaxSpareServers上来
# 定义Apache每次启动的时按照MinSpareServers来启动最小的空的子进程数目。这样就
# 可以摆脱系统反应过慢的问题。但是也不能没有最高子进程的设置。不然将会占用CPU和
# 系统的大量资源最后会将系统拖垮。因此可以用MaxSpareServers来设定最多空闲子进程
# 的数量是多少,这样其他多余的子进程就会退出。
#
MinSpareServers 5
MaxSpareServers 20
#
# Number of servers to start initially --- should be a reasonable ballpark
# figure.
#
# 设定APACHE启动后会执行几个httpd的子进程。这个数应该设定在MinSpareServers和MaxSpareServers
# 所定义数值之间。不然就不会有什么意义了。
#
StartServers 8
#
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the system with it as it spirals down...
#
# 定义最多允许有多少客户端同时(并发)连接到WEB SERVER上来。而对于MinSpareServers
# 和MaxSpareServers的数目不应该超过这个数值。
#
MaxClients 150
#
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies. The child will exit so
# as to avoid problems after prolonged use when Apache (and maybe the
# libraries it uses) leak memory or other resources. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries. For these platforms, set to something like 10000
# or so; a setting of 0 means unlimited.
#
# NOTE: This value does not include keepalive requests after the initial
# request per connection. For example, if a child process handles
# an initial request and 10 subsequent "keptalive" requests, it
# would only count as 1 request towards this limit.
#
# 在以前每一个进程都提供一次连接后就退出了,而后在需要的时候又在建立。这样会给服务器的处理
# 带来很大的负担。因此最好的方式是能够让每一个子进程可以为多次连接请求来进行服务。APACHE就
# 采用这种方式。但是有一个问题:每次子进程在执行和结束连接的时都不断的申请和释放内存,一旦
# 次数过多就会造成一些内存垃圾。解决的办法是:定义子进程在处理过多少次请求以后就退出,
# 而后在从父进程那里在复制一个干净的子进程,这样可以提高系统的稳定性。
#
# MaxReauestsPerChild这条语句就定义了在子进程处理多少次请求以后就退出。
#
MaxRequestsPerChild 1000
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# 在请求的时候我们经常使用众所周知的端口号80来请求WEB服务。但是有的时候可能也使用
# 不同的端口来请求,因此我们告诉WEB SERVER除了80端口以外还要监听哪个端口。
#
#Listen 3000
#Listen 12.34.56.78:80
#Listen 80
#
# BindAddress: You can support virtual hosts with this option. This directive
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the <VirtualHost> and Listen directives.
#
# 如果您打算只是对某一个网段或者一个IP来提供请求服务,默认情况是对任何IP都提供请求服务。但是
# 如果用Listen来扩展,WEB SERVER还是能对其他IP提供服务请求。其实这中方法是早期HTTP1.O中设置
# VirtualHost——虚拟主机的用法,在实际用途中作用并不大。但是在1.1中增加了单IP对应多个
# DOMAIN_NAME的支持。
#
#BindAddress *
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file http://httpd.apache.org/docs/dso.html for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.
#
# Note: The order in which modules are loaded is important. Don't change
# the order below without expert advice.
#
# 对于新版本的APAPCH来说最重要的就是模块化设置。您可以在编译的时候就加载模块也可以随时的
# 动态的来加载或卸载模块。这样您可以选择您自己需要的模块。而不必全部加载所有的模块。对于
# 您所要加载的模块只要在LoadModule和AddModule设置就可以了。利用LoadModule来读取您要
# 加载的模块。
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#LoadModule mmap_static_module modules/mod_mmap_static.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
<IfDefine HAVE_BANDWIDTH>
LoadModule bandwidth_module modules/mod_bandwidth.so
</IfDefine>
<IfDefine HAVE_THROTTLE>
LoadModule throttle_module modules/mod_throttle.so
</IfDefine>
LoadModule env_module modules/mod_env.so
LoadModule config_log_module modules/mod_log_config.so
LoadModule agent_log_module modules/mod_log_agent.so
LoadModule referer_log_module modules/mod_log_referer.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module modules/mod_status.so
LoadModule info_module modules/mod_info.so
LoadModule includes_module modules/mod_include.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule asis_module modules/mod_asis.so
LoadModule imap_module modules/mod_imap.so
LoadModule action_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule anon_auth_module modules/mod_auth_anon.so
LoadModule db_auth_module modules/mod_auth_db.so
#LoadModule auth_any_module modules/mod_auth_any.so
#LoadModule dbm_auth_module modules/mod_auth_dbm.so
#LoadModule auth_ldap_module modules/mod_auth_ldap.so
#LoadModule mysql_auth_module modules/mod_auth_mysql.so
#LoadModule auth_pgsql_module modules/mod_auth_pgsql.so
#LoadModule digest_module modules/mod_digest.so
#LoadModule proxy_module modules/libproxy.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule example_module modules/mod_example.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
<IfDefine HAVE_PERL>
LoadModule perl_module modules/libperl.so
</IfDefine>
<IfDefine HAVE_PHP>
LoadModule php_module modules/mod_php.so
</IfDefine>
<IfDefine HAVE_PHP3>
LoadModule php3_module modules/libphp3.so
</IfDefine>
<IfDefine HAVE_PHP4>
LoadModule php4_module modules/libphp4.so
</IfDefine>
<IfDefine HAVE_DAV>
LoadModule dav_module modules/libdav.so
</IfDefine>
<IfDefine HAVE_ROAMING>
LoadModule roaming_module modules/mod_roaming.so
</IfDefine>
<IfDefine HAVE_SSL>
LoadModule ssl_module modules/libssl.so
</IfDefine>
<IfDefine HAVE_PUT>
LoadModule put_module modules/mod_put.so
</IfDefine>
<IfDefine HAVE_PYTHON>
LoadModule python_module modules/mod_python.so
</IfDefine>
# Reconstruction of the complete module list from all available modules
# (static and shared ones) to achieve correct module execution order.
# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
# 在用ClearModuleList先清楚内置的模块清单,在加载您所要加载的模块。
#
ClearModuleList
#
# 您所要加载的模块清单.模块清单在/usr/lib/httpd/modules下.
#
#AddModule mod_mmap_static.c
AddModule mod_vhost_alias.c
<IfDefine HAVE_BANDWIDTH>
AddModule mod_bandwidth.c
</IfDefine>
<IfDefine HAVE_THROTTLE>
AddModule mod_throttle.c
</IfDefine>
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_log_agent.c
AddModule mod_log_referer.c
#AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
#AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
AddModule mod_auth_db.c
#AddModule mod_auth_any.c
#AddModule mod_auth_dbm.c
#AddModule auth_ldap.c
#AddModule mod_auth_mysql.c
#AddModule mod_auth_pgsql.c
#AddModule mod_digest.c
#AddModule mod_proxy.c
#AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
#AddModule mod_usertrack.c
#AddModule mod_example.c
#AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c
<IfDefine HAVE_PERL>
AddModule mod_perl.c
</IfDefine>
<IfDefine HAVE_PHP>
AddModule mod_php.c
</IfDefine>
<IfDefine HAVE_PHP3>
AddModule mod_php3.c
</IfDefine>
<IfDefine HAVE_PHP4>
AddModule mod_php4.c
</IfDefine>
<IfDefine HAVE_DAV>
AddModule mod_dav.c
</IfDefine>
<IfDefine HAVE_ROAMING>
AddModule mod_roaming.c
</IfDefine>
<IfDefine HAVE_SSL>
AddModule mod_ssl.c
</IfDefine>
<IfDefine HAVE_PUT>
AddModule mod_put.c
</IfDefine>
<IfDefine HAVE_PYTHON>
AddModule mod_python.c
</IfDefine>
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
# 如果启动此服务则让APACHE产生完整的状态信息。若关闭此项则只产生基本的状态信息。
#
#ExtendedStatus On
### Section 2: 'Main' server configuration
###
### 二:服务器的主要配置
###
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# If your ServerType directive (set earlier in the 'Global Environment'
# section) is set to "inetd", the next few directives don't have any
# effect since their settings are defined by the inetd configuration.
# Skip ahead to the ServerAdmin directive.
#
#
# Port: The port to which the standalone server listens. For
# ports < 1023, you will need httpd to be run as root initially.
#
# 指定APACHE监听80端口,建议使用"蜜罐"来修改自己的端口。这样比较安全。
#
Port 80
##
## SSL Support
##
## When we also provide SSL we have to listen to the
## standard HTTP port (see above) and to the HTTPS port
##
## 起用SSL(安全套接字层)支持,这样所传输的文件和信息都以加密的方式来进行传输。
## 同时HTTP的连接就改为HTTPS。并且指定SSL要监听哪个端口,如果是用特权用户来启动APACHE
## 就没什么问题,而且端口方面也不用改动。依旧非常安全。但是。如果普通用户也想架设自己的
## APACHE SERVER就必须使用大于1024的众所周知的端口号了。
##
<IfDefine HAVE_SSL>
Listen 80
Listen 443
</IfDefine>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group "#-1" on these systems!
#
# 指定APACHE用哪个用户和组来运行。默认是apache
#
User apache
Group apache
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents.
#
# 如果APACHE出现了问题,应该将所产生的错误发送到哪一个MAIL上去。一般都是发送给
# webmaster。
#
ServerAdmin root@localhost
#
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e., use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address (e.g., http://123.45.67.89/)
# anyway, and this will make redirections work in a sensible way.
#
# 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your
# machine always knows itself by this address. If you use Apache strictly for
# local testing and development, you may use 127.0.0.1 as the server name.
#
# 默认情况下不需要设置,对于WEB——NAME可以让DNS来进行解析。如果没有DNS或者是DNS有问题可以在
# ServerName上来设置WEB SERVER的名称。如果设置完成后APACH不能正常启动就很有可能是这里有问题。
#
#ServerName localhost
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
# 指定对外发布的HTML在WEB页存放在那个目录下。
#
DocumentRoot "/var/www/html"
#
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
# APACH可以对每一个存放文档的目录设置访问控制权限。控制权限的设置可以通过两种方式来设定。
# 一个是使用httpd.conf(或者是access.conf)。另一个是在每个目录下设置.htaccess。使用http.conf
# 每一次设定以后都要启动APACHE,比较不方便。而.htaccess则不用。但是每一个目录都要设置,比较麻烦。
# 而且APACHE在利用.htaccess来设置访问权限时,权限是被继承的。也就说子目录自动继承上级目录的权限。
# 如果在根目录上就设置了允许访问.htaccess权限控制文件,那么APACHE就必须每一级都要进行查看权限控制
# 文件,这样会对系统可用性造成很不良的影响。而在APACHE中直接定义则免去了这种搜索,这样就提高了系统的
# 可用性。所以对根目录设定为AllowOverride None是对系统都很大的帮助的。
#
# <Directory/> ...... </Directory>是设置目录的访问权限
# </Location> ...... <Location/>是设置URL的访问权限
# 在每个目录中有Options,AllowOverride,Deny,Allow和order这5项。
# options主要是用来设置区块(目录)的功能。Options的功能参数见下:
#
# OPTONS参数 功能说明
# All 用户可以在此目录中做任何事情
# ExecCGI 只允许用户在此目录中执行CGI程序
# FollowSymLinks 服务器可以使用符号连接(dymnolic link)连接到不在此目录的文件或者目录。但是在Location中无效
# Includes 提供SSI功能。
# IncludesNOEXEC 提供SSI功能,但是不允许执行CGI程序中的#exec与#include命令
# Indexes 服务器可产生此目录中的文件列表
# MultiViews 使用内容协商,经过服务器和网页浏览器相互沟通后,决定网页传送的性质。
# 比如浏览器要求优先发送中文版的网页的内容。此功能在ALL中并为出现。需要另外加入
# None 不允许访问此目录
# SymLinksIfOwnerMatch 如果符号连接所指向的文件或目录的所有者与当前用户一致,则服务器会访问通过连接符号访问不在当前目录
# 下的文件或者目录。但是在Location中无效。
#
# AllowOverride的作用是决定是否之前所设置的权限,而在此处设置ALLOW或者DENY代表从哪个地方连接到此目录。
# 为了避免用户自己创建或者修改.htaccess里面的权限,一般都用AllowOverride NONE来通知APACHE服务器不要读取.htaccess
# 若希望以.htaccess里面的权限为准的话,可以用AllowOverride ALL这个语句.因此必须要在每个目录中都要定义AllowOverride语句.
#
# ORDER用来设置当DENY和ALLOW如果有冲突,以哪个为优先。
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
# 这条语句主要是用来定义对外发布HTML存放目录的权限设置,同时也允许使用连接。
#
<Directory "/var/www/html">
#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
Options Indexes FollowSymLinks
#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
#
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
# 这条语句表明在系统中的每个用户都可以创建自己的WEB,但是网址格式为:
# http://test.thizlinux.com.cn/~username.注意必须加载mod_userdir.c这个模块
#
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
# 定义由用户所创建的目录的权限
#
#<Directory /home/*/public_html>
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
#
# Limit语句就是针对具体的请求方法来定义访问控制的,一般可以使用GET POST HEAD这三个参数。最好不要使用
# 像PUT,delete等参数。以增加系统的安全性。
#
# <Limit GET POST OPTIONS PROPFIND>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS PROPFIND>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
#
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
#
# 设置每个目录的中的默认的WEB文件名。以排在最前面的为优先.
#
# 如果没有找到下面所定义的文件名称,并且用户将目录的访问控制权限中打开了OPTIONS INDEXES,那么可以使SERVER自动
# 生成目录列表,不然APACHE将会被默认为拒绝访问
#
<IfModule mod_dir.c>
DirectoryIndex index.html index.jsp index.jsp index.htm index.shtml index.php index.php4 index.php3 index.phtml index.cgi
</IfModule>
#
# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
# 定义每个目录下的安全访问控制文件的文件名称为.htaccess
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess files from being viewed by
# Web clients. Since .htaccess files often contain authorization
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
# 设置.ht*文件的访问权限
#
<Files ~ "^\.ht">
#
# 声明:允许(allow)在前,拒绝在后(deny)
#
Order allow,deny
#
# 拒绝所有
#
Deny from all
#
# Saitisfy All:确保所有都被拒绝
#
Satisfy All
</Files>
#
# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#
# 指定PROXY服务器能否缓存WEB SERVER的WEB PAGEs。就算设置为NO,有些服务器也可以照样进行缓存
#
#CacheNegotiatedDocs
#
# UseCanonicalName: (new for 1.3) With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a URL that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostname:port that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGI scripts.
#
# 打开此项是WEB SERVER的标准做法,大部分客户端都是这样对服务器来进行引用的,这样就会使用正规的ServerNAME
# 在加上端口号如果此项为ON时,应为http://test.thizlinux.com.cn Port 80若设置为OFF,则为http://test.thizlinux.com.cn:80
# 不过80为默认的,所以也可以不显示出来。
#
UseCanonicalName off
