免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 2686 | 回复: 0
打印 上一主题 下一主题

Apache [复制链接]

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2008-09-04 10:30 |只看该作者 |倒序浏览
#
# Based upon the NCSA server configuration files originally by Rob McCool.
#
# This is the main Apache server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See  for detailed information about
# the directives.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  
#
# After this file is processed, the server will look for and process
# /etc/httpd/conf/srm.conf and then /etc/httpd/conf/access.conf
# unless you have overridden these with ResourceConfig and/or
# AccessConfig directives here.
#
# The configuration directives are grouped into three basic sections:
#  1. Directives that control the operation of the Apache server process as a
#     whole (the 'global environment').
#  2. Directives that define the parameters of the 'main' or 'default' server,
#     which responds to requests that aren't handled by a virtual host.
#     These directives also provide default values for the settings
#     of all virtual hosts.
#  3. Settings for virtual hosts, which allow Web requests to be sent to
#     different IP addresses or hostnames and have them handled by the
#     same Apache server process.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
# with ServerRoot set to "/usr/local/apache" will be interpreted by the
# server as "/usr/local/apache/logs/foo.log".
#
### Section 1: Global Environment
###
### 一:设置全局环境
###
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# ServerType is either inetd, or standalone.  Inetd mode is only supported on
# Unix platforms.
#
#设置服务器的类型,您可以选择standalone,如果您的服务器经常性的被访问,那么可以选择此项,
#如果不是被经常访问,您应该选择inetd。但是选择inetd会让每次连接的速度变慢。
#
ServerType standalone
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE!  If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation
# (available at );
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
# 指定APACHE的服务配置文件和记录文件
#
ServerRoot "/etc/httpd"
#
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
#
# 由于APACHE可以支持并发连接,为了不会造成冲突,就需要加锁。利用LOCAKFILE来指定httpd
# 守护进程的加锁文件。此参数一般不需要太多的设置
#
LockFile /var/run/httpd.lock
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
# 利用PIDFILE指定httpd.pid来记录httpd的进程号。对于httpd只有一个进程为最初启动的进程,
# 当httpd在启动其他进程时,都是这个最初进程的子进程。如果对最初进程发送信号,将影响所有子
# 进程。
#
PidFile /var/run/httpd.pid
#
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this.  But if yours does (you'll know because
# this file will be  created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
#
# 主要用来维护WEB SERVER服务器内部程序信息的记录文件。一般都不用改变,如果您打算在一台计算机
# 上建立多个WEB SERVER,您必须为每个Apache设置独立的文件。
# ScoreBoardFile /var/run/httpd.scoreboard
#
ScoreBoardFile logs/apache_runtime_status
#
# In the standard configuration, the server will process httpd.conf (this
# file, specified by the -f command line option), srm.conf, and access.conf
# in that order.  The latter two files are now distributed empty, as it is
# recommended that all directives be kept in a single file for simplicity.  
# The commented-out values below are the built-in defaults.  You can have the
# server ignore these files altogether by using "/dev/null" (for Unix) or
# "nul" (for Win32) for the arguments to the directives.
#
# 以下这两个参数ResourceConfig和AccessConfig是为了与过去的Apache使用srm.conf和access.conf
# 兼容而设立的.一般可以注销就OK了。
#
#ResourceConfig conf/srm.conf
#AccessConfig conf/access.conf
#
# Timeout: The number of seconds before receives and sends time out.
#
# 如果客户端在超过多少秒还未有请求给服务器,服务器就自动断开这个连接。
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
# 如果您的HTTP是1.1的话应该启动将OFF改为ON,这样就不用客户端每要求一个传输就启动一个
# 连接,而在过去的1.0中客户端每要求一个传输就要启动一个连接。现在比较新的浏览器都支持。
#
KeepAlive Off
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
# 定义每一次连接可以进行的HTTP请求的最大请求数。零为无限制。
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
# 如果服务器在完成一次连接,但客户端在完成连接后就一直没再次请求连接,则过多少秒后服务器
# 自动断开这个连接。
#
KeepAliveTimeout 15
#
# Server-pool size regulation.  Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
#
# It does this by periodically checking how many servers are waiting
# for a request.  If there are fewer than MinSpareServers, it creates
# a new spare.  If there are more than MaxSpareServers, some of the
# spares die off.  The default values are probably OK for most sites.
#
# Apache一般都用创建子进程来响应一个请求,如果每次连接都创建一个子进程那么WEB
# SERVER的反应会变得很慢。因此可以在MinSpareServers和MaxSpareServers上来
# 定义Apache每次启动的时按照MinSpareServers来启动最小的空的子进程数目。这样就
# 可以摆脱系统反应过慢的问题。但是也不能没有最高子进程的设置。不然将会占用CPU和
# 系统的大量资源最后会将系统拖垮。因此可以用MaxSpareServers来设定最多空闲子进程
# 的数量是多少,这样其他多余的子进程就会退出。
#
MinSpareServers 5
MaxSpareServers 20
#
# Number of servers to start initially --- should be a reasonable ballpark
# figure.
#
# 设定APACHE启动后会执行几个httpd的子进程。这个数应该设定在MinSpareServers和MaxSpareServers
# 所定义数值之间。不然就不会有什么意义了。
#
StartServers 8
#
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the system with it as it spirals down...
#
# 定义最多允许有多少客户端同时(并发)连接到WEB SERVER上来。而对于MinSpareServers
# 和MaxSpareServers的数目不应该超过这个数值。
#
MaxClients 150
#
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.  The child will exit so
# as to avoid problems after prolonged use when Apache (and maybe the
# libraries it uses) leak memory or other resources.  On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries. For these platforms, set to something like 10000
# or so; a setting of 0 means unlimited.
#
# NOTE: This value does not include keepalive requests after the initial
#       request per connection. For example, if a child process handles
#       an initial request and 10 subsequent "keptalive" requests, it
#       would only count as 1 request towards this limit.
#
# 在以前每一个进程都提供一次连接后就退出了,而后在需要的时候又在建立。这样会给服务器的处理
# 带来很大的负担。因此最好的方式是能够让每一个子进程可以为多次连接请求来进行服务。APACHE就
# 采用这种方式。但是有一个问题:每次子进程在执行和结束连接的时都不断的申请和释放内存,一旦
# 次数过多就会造成一些内存垃圾。解决的办法是:定义子进程在处理过多少次请求以后就退出,
# 而后在从父进程那里在复制一个干净的子进程,这样可以提高系统的稳定性。
#
# MaxReauestsPerChild这条语句就定义了在子进程处理多少次请求以后就退出。
#
MaxRequestsPerChild 1000
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the
# directive.
#
# 在请求的时候我们经常使用众所周知的端口号80来请求WEB服务。但是有的时候可能也使用
# 不同的端口来请求,因此我们告诉WEB SERVER除了80端口以外还要监听哪个端口。
#
#Listen 3000
#Listen 12.34.56.78:80
#Listen 80
#
# BindAddress: You can support virtual hosts with this option. This directive
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the  and Listen directives.
#
# 如果您打算只是对某一个网段或者一个IP来提供请求服务,默认情况是对任何IP都提供请求服务。但是
# 如果用Listen来扩展,WEB SERVER还是能对其他IP提供服务请求。其实这中方法是早期HTTP1.O中设置
# VirtualHost——虚拟主机的用法,在实际用途中作用并不大。但是在1.1中增加了单IP对应多个
# DOMAIN_NAME的支持。
#
#BindAddress *
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file
http://httpd.apache.org/docs/dso.html
for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.
#
# Note: The order in which modules are loaded is important.  Don't change
# the order below without expert advice.
#
# 对于新版本的APAPCH来说最重要的就是模块化设置。您可以在编译的时候就加载模块也可以随时的
# 动态的来加载或卸载模块。这样您可以选择您自己需要的模块。而不必全部加载所有的模块。对于
# 您所要加载的模块只要在LoadModule和AddModule设置就可以了。利用LoadModule来读取您要
# 加载的模块。
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#LoadModule mmap_static_module modules/mod_mmap_static.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule bandwidth_module   modules/mod_bandwidth.so
LoadModule throttle_module    modules/mod_throttle.so
LoadModule env_module         modules/mod_env.so
LoadModule config_log_module  modules/mod_log_config.so
LoadModule agent_log_module   modules/mod_log_agent.so
LoadModule referer_log_module modules/mod_log_referer.so
#LoadModule mime_magic_module  modules/mod_mime_magic.so
LoadModule mime_module        modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule status_module      modules/mod_status.so
LoadModule info_module        modules/mod_info.so
LoadModule includes_module    modules/mod_include.so
LoadModule autoindex_module   modules/mod_autoindex.so
LoadModule dir_module         modules/mod_dir.so
LoadModule cgi_module         modules/mod_cgi.so
LoadModule asis_module        modules/mod_asis.so
LoadModule imap_module        modules/mod_imap.so
LoadModule action_module      modules/mod_actions.so
#LoadModule speling_module     modules/mod_speling.so
LoadModule userdir_module     modules/mod_userdir.so
LoadModule alias_module       modules/mod_alias.so
LoadModule rewrite_module     modules/mod_rewrite.so
LoadModule access_module      modules/mod_access.so
LoadModule auth_module        modules/mod_auth.so
LoadModule anon_auth_module   modules/mod_auth_anon.so
LoadModule db_auth_module     modules/mod_auth_db.so
#LoadModule auth_any_module    modules/mod_auth_any.so
#LoadModule dbm_auth_module    modules/mod_auth_dbm.so
#LoadModule auth_ldap_module   modules/mod_auth_ldap.so
#LoadModule mysql_auth_module  modules/mod_auth_mysql.so
#LoadModule auth_pgsql_module  modules/mod_auth_pgsql.so
#LoadModule digest_module      modules/mod_digest.so
#LoadModule proxy_module       modules/libproxy.so
#LoadModule cern_meta_module   modules/mod_cern_meta.so
LoadModule expires_module     modules/mod_expires.so
LoadModule headers_module     modules/mod_headers.so
#LoadModule usertrack_module   modules/mod_usertrack.so
#LoadModule example_module     modules/mod_example.so
#LoadModule unique_id_module   modules/mod_unique_id.so
LoadModule setenvif_module    modules/mod_setenvif.so
LoadModule perl_module        modules/libperl.so
LoadModule php_module         modules/mod_php.so
LoadModule php3_module        modules/libphp3.so
LoadModule php4_module        modules/libphp4.so
LoadModule dav_module         modules/libdav.so
LoadModule roaming_module     modules/mod_roaming.so
LoadModule ssl_module         modules/libssl.so
LoadModule put_module         modules/mod_put.so
LoadModule python_module      modules/mod_python.so
#  Reconstruction of the complete module list from all available modules
#  (static and shared ones) to achieve correct module execution order.
#  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
#  在用ClearModuleList先清楚内置的模块清单,在加载您所要加载的模块。
#
ClearModuleList
#
#  您所要加载的模块清单.模块清单在/usr/lib/httpd/modules下.
#
#AddModule mod_mmap_static.c
AddModule mod_vhost_alias.c
AddModule mod_bandwidth.c
AddModule mod_throttle.c
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_log_agent.c
AddModule mod_log_referer.c
#AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
AddModule mod_status.c
AddModule mod_info.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
#AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
AddModule mod_auth_anon.c
AddModule mod_auth_db.c
#AddModule mod_auth_any.c
#AddModule mod_auth_dbm.c
#AddModule auth_ldap.c
#AddModule mod_auth_mysql.c
#AddModule mod_auth_pgsql.c
#AddModule mod_digest.c
#AddModule mod_proxy.c
#AddModule mod_cern_meta.c
AddModule mod_expires.c
AddModule mod_headers.c
#AddModule mod_usertrack.c
#AddModule mod_example.c
#AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_perl.c
AddModule mod_php.c
AddModule mod_php3.c
AddModule mod_php4.c
AddModule mod_dav.c
AddModule mod_roaming.c
AddModule mod_ssl.c
AddModule mod_put.c
AddModule mod_python.c
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
# 如果启动此服务则让APACHE产生完整的状态信息。若关闭此项则只产生基本的状态信息。
#
#ExtendedStatus On
### Section 2: 'Main' server configuration
###
### 二:服务器的主要配置
###
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
#  definition.  These values also provide defaults for
# any  containers you may define later in the file.
#
# All of these directives may appear inside  containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# If your ServerType directive (set earlier in the 'Global Environment'
# section) is set to "inetd", the next few directives don't have any
# effect since their settings are defined by the inetd configuration.
# Skip ahead to the ServerAdmin directive.
#
#
# Port: The port to which the standalone server listens. For
# ports
##  
##  SSL Support
##
##  When we also provide SSL we have to listen to the
##  standard HTTP port (see above) and to the HTTPS port
##
##  起用SSL(安全套接字层)支持,这样所传输的文件和信息都以加密的方式来进行传输。
##  同时HTTP的连接就改为HTTPS。并且指定SSL要监听哪个端口,如果是用特权用户来启动APACHE
##  就没什么问题,而且端口方面也不用改动。依旧非常安全。但是。如果普通用户也想架设自己的
##  APACHE SERVER就必须使用大于1024的众所周知的端口号了。
##
Listen 80
Listen 443
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  
#
# User/Group: The name (or #number) of the user/group to run httpd as.
#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
#  . On HPUX you may not be able to use shared memory as nobody, and the
#    suggested workaround is to create a user www and use that user.
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 60000;
#  don't use Group "#-1" on these systems!
#
# 指定APACHE用哪个用户和组来运行。默认是apache
#
User apache
Group apache
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.
#
# 如果APACHE出现了问题,应该将所产生的错误发送到哪一个MAIL上去。一般都是发送给
# webmaster。
#
ServerAdmin
[email=root@localhost]root@localhost[/email]
#
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e., use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address (e.g.,
http://123.45.67.89/
)
# anyway, and this will make redirections work in a sensible way.
#
# 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your
# machine always knows itself by this address. If you use Apache strictly for
# local testing and development, you may use 127.0.0.1 as the server name.
#
# 默认情况下不需要设置,对于WEB——NAME可以让DNS来进行解析。如果没有DNS或者是DNS有问题可以在
# ServerName上来设置WEB SERVER的名称。如果设置完成后APACH不能正常启动就很有可能是这里有问题。
#
#ServerName localhost
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
# 指定对外发布的HTML在WEB页存放在那个目录下。
#
DocumentRoot "/var/www/html"
#
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# permissions.  
#
# APACH可以对每一个存放文档的目录设置访问控制权限。控制权限的设置可以通过两种方式来设定。
# 一个是使用httpd.conf(或者是access.conf)。另一个是在每个目录下设置.htaccess。使用http.conf
# 每一次设定以后都要启动APACHE,比较不方便。而.htaccess则不用。但是每一个目录都要设置,比较麻烦。
# 而且APACHE在利用.htaccess来设置访问权限时,权限是被继承的。也就说子目录自动继承上级目录的权限。
# 如果在根目录上就设置了允许访问.htaccess权限控制文件,那么APACHE就必须每一级都要进行查看权限控制
# 文件,这样会对系统可用性造成很不良的影响。而在APACHE中直接定义则免去了这种搜索,这样就提高了系统的
# 可用性。所以对根目录设定为AllowOverride None是对系统都很大的帮助的。
#
#  ...... 是设置目录的访问权限
#  ...... 是设置URL的访问权限
# 在每个目录中有Options,AllowOverride,Deny,Allow和order这5项。
# options主要是用来设置区块(目录)的功能。Options的功能参数见下:
#
#  OPTONS参数                 功能说明
#  All   用户可以在此目录中做任何事情
#  ExecCGI  只允许用户在此目录中执行CGI程序
#  FollowSymLinks       服务器可以使用符号连接(dymnolic link)连接到不在此目录的文件或者目录。但是在Location中无效
#  Includes  提供SSI功能。
#  IncludesNOEXEC 提供SSI功能,但是不允许执行CGI程序中的#exec与#include命令
#  Indexes  服务器可产生此目录中的文件列表
#  MultiViews  使用内容协商,经过服务器和网页浏览器相互沟通后,决定网页传送的性质。
#                       比如浏览器要求优先发送中文版的网页的内容。此功能在ALL中并为出现。需要另外加入
#  None   不允许访问此目录
#  SymLinksIfOwnerMatch 如果符号连接所指向的文件或目录的所有者与当前用户一致,则服务器会访问通过连接符号访问不在当前目录
#   下的文件或者目录。但是在Location中无效。
#
#  AllowOverride的作用是决定是否之前所设置的权限,而在此处设置ALLOW或者DENY代表从哪个地方连接到此目录。
#  为了避免用户自己创建或者修改.htaccess里面的权限,一般都用AllowOverride NONE来通知APACHE服务器不要读取.htaccess
#  若希望以.htaccess里面的权限为准的话,可以用AllowOverride ALL这个语句.因此必须要在每个目录中都要定义AllowOverride语句.
#
#  ORDER用来设置当DENY和ALLOW如果有冲突,以哪个为优先。
#
    Options FollowSymLinks
    AllowOverride None
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# This should be changed to whatever you set DocumentRoot to.
#
# 这条语句主要是用来定义对外发布HTML存放目录的权限设置,同时也允许使用连接。
#
#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
    Options Indexes FollowSymLinks
#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
    AllowOverride None
#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all
#
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid.  This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
# See also:
http://httpd.apache.org/docs/misc/FAQ.html#forbidden
#
# 这条语句表明在系统中的每个用户都可以创建自己的WEB,但是网址格式为:
#
http://test.thizlinux.com.cn/~username
.注意必须加载mod_userdir.c这个模块
#
    UserDir public_html
#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
# 定义由用户所创建的目录的权限
#
#
#    AllowOverride FileInfo AuthConfig Limit
#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
#
# Limit语句就是针对具体的请求方法来定义访问控制的,一般可以使用GET POST HEAD这三个参数。最好不要使用
# 像PUT,delete等参数。以增加系统的安全性。
#
#   
#        Order allow,deny
#        Allow from all
#   
#   
#        Order deny,allow
#        Deny from all
#   
#
#
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index.  Separate multiple entries with spaces.
#
# 设置每个目录的中的默认的WEB文件名。以排在最前面的为优先.
#
# 如果没有找到下面所定义的文件名称,并且用户将目录的访问控制权限中打开了OPTIONS INDEXES,那么可以使SERVER自动
# 生成目录列表,不然APACHE将会被默认为拒绝访问
#
    DirectoryIndex index.html index.jsp index.jsp index.htm index.shtml index.php index.php4 index.php3 index.phtml index.cgi
#
# AccessFileName: The name of the file to look for in each directory
# for access control information.
#
# 定义每个目录下的安全访问控制文件的文件名称为.htaccess
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess files from being viewed by
# Web clients.  Since .htaccess files often contain authorization
# information, access is disallowed for security reasons.  Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files.  If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
# 设置.ht*文件的访问权限
#
#
# 声明:允许(allow)在前,拒绝在后(deny)
#
    Order allow,deny
#
# 拒绝所有
#
    Deny from all
#
#  Saitisfy All:确保所有都被拒绝
#
    Satisfy All
#
# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#
# 指定PROXY服务器能否缓存WEB SERVER的WEB PAGEs。就算设置为NO,有些服务器也可以照样进行缓存
#
#CacheNegotiatedDocs
#
# UseCanonicalName:  (new for 1.3)  With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a URL that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name.  With this setting off, Apache will
# use the hostname:port that the client supplied, when possible.  This
# also affects SERVER_NAME and SERVER_PORT in CGI scripts.
#
# 打开此项是WEB SERVER的标准做法,大部分客户端都是这样对服务器来进行引用的,这样就会使用正规的ServerNAME
# 在加上端口号如果此项为ON时,应为
http://test.thizlinux.com.cn
Port 80若设置为OFF,则为
http://test.thizlinux.com.cn:80
# 不过80为默认的,所以也可以不显示出来。
#
UseCanonicalName off
#
# TypesConfig describes where the mime.types file (or equivalent) is
# to be found.
#
# 由于有许多MIME类型数据的文件,大部分都以后缀为其类型的代表。这样就可以让浏览器知道
# 用什么程序打开什么样类型的文件。这个文件在/etc目录下。
#
    TypesConfig /etc/mime.types
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
# 当无法判断类型的时候,默认把未知的类型当成一般文字文件来进行处理。如果想让未知类型文件由浏览器来通知
# 用户下载,应将text/plain改为application/octet-stream。就可以了
#
DefaultType text/plain
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
# mod_mime_magic is not part of the default server (you have to add
# it yourself with a LoadModule [see the DSO paragraph in the 'Global
# Environment' section], or recompile the server and include mod_mime_magic
# as part of the configuration), so it's enclosed in an  container.
# This means that the MIMEMagicFile directive will only be processed if the
# module is part of the server.
#
# 除了从文件的后缀来判断文件的类型,还可以在进一步的分析文件的一些特征,这样就能够更加真实的判断文件的MIME类型了。
# 这个功能必须要加载mod_mime_magic.c这个模块。在默认情况下这个模块并没有被加载。
#
#   MIMEMagicFile /usr/share/magic.mime
    MIMEMagicFile conf/magic
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g.,
www.apache.org
(on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
# 如果打算记录连接到此WEB SERVER的主机名称则可以将OFF改为ON,否则服务器只可记住连接到这个WEB SERVER上来的IP ADDRESS
#
HostNameLookups off
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a
# container, that host's errors will be logged there and not here.
#
# 记录浏览者载入WEB PAGE时所发生的错误,以及关闭或启动HTTPD的信息。
#
ErrorLog logs/error_log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
# 设置要存入error_log文件的信息等级
#
LogLevel warn
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
# 记录每个记录的格式,格式有combined(组合模式),common(普通模式),referer(交付模式),agent(代理模式)四种.
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a
# container, they will be logged here.  Contrariwise, if you *do*
# define per- access logfiles, transactions will be
# logged therein and *not* in this file.
#
# 定义每种模式所用的日志文件存放在哪个目录中
#
# CustomLog /var/log/httpd/access_log common
CustomLog logs/access_log combined
#
# If you would like to have agent and referer logfiles, uncomment the
# following directives.
#
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
#
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog logs/access_log combined
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (error documents, FTP directory listings,
# mod_status and mod_info output etc., but not CGI generated documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
# 当客户端请求的WEB PAGE不存在的时候,服务器将产生错误文档。错误文档的最后一行将包含WEB SERVER的名称
# APACHE的版本信息等。建议设置为OFF,若将此处添加为Email则相当于选项ON,并且还会显示出管理员的EMAIL地址
#
ServerSignature On
# EBCDIC configuration:
# (only for mainframes using the EBCDIC codeset, currently one of:
# Fujitsu-Siemens' BS2000/OSD, IBM's OS/390 and IBM's TPF)!!
# The following default configuration assumes that "text files"
# are stored in EBCDIC (so that you can operate on them using the
# normal POSIX tools like grep and sort) while "binary files" are
# stored with identical octets as on an ASCII machine.
#
# The directives are evaluated in configuration file order, with
# the EBCDICConvert directives applied before EBCDICConvertByType.
#
# If you want to have ASCII HTML documents and EBCDIC HTML documents
# at the same time, you can use the file extension to force
# conversion off for the ASCII documents:
# > AddType       text/html .ahtml
# > EBCDICConvert Off=InOut .ahtml
#
# EBCDICConvertByType  On=InOut text/* message/* multipart/*
# EBCDICConvertByType  On=In    application/x-www-form-urlencoded
# EBCDICConvertByType  On=InOut application/postscript model/vrml
# EBCDICConvertByType Off=InOut */*
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# 允许利用一个别名替代完整路径名称
#
    #
    # Note that if you include a trailing / on fakename then the server will
    # require it to be present in the URL.  So "/icons" isn't aliased in this
    # example, only "/icons/".  If the fakename is slash-terminated, then the
    # realname must also be slash terminated, and if the fakename omits the
    # trailing slash, the realname must also omit it.
    #
    # 利用/icons/替代/var/www/icons,这样就不用去到DocumentRoot的目录下进行查找了,一般用
    # Alias都是为了映射一些公用的文件目录。Alias一般是用于在一般目录下的。
    #
    Alias /icons/ "/var/www/icons/"
   
        Options Indexes MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
   
    # This Alias will project the on-line documentation tree under /manual/
    # even if you change the DocumentRoot. Comment it if you don't want to
    # provide access to the on-line documentation.
    #
    # Alias /manual/ "/etc/httpd/htdocs/manual/"
    #
    #
    #     Options Indexes FollowSymlinks MultiViews
    #     AllowOverride None
    #     Order allow,deny
    #     Allow from all
    #
    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the realname directory are treated as applications and
    # run by the server when requested rather than as documents sent to the client.
    # The same rules about trailing "/" apply to ScriptAlias directives as to
    # Alias.
    #
    # ScriptAlias是专门用于映射CGI程序的路径的,这样就可以执行CGI的程序来获得程序所执行出来的结果。这样就不会
    # 返回出CGI程序内容本身了。
    #
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
    #
    # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
    # CGI directory exists, if you have that configured.
    #
    # 设定/var/www/cgi-bin这个目录的权限。
    #
   
        AllowOverride None
    #
    # 将OPTIONS参数NONE改为ExecCGI就可以执行CGI的程序了
    #
        Options None
        Order allow,deny
        Allow from all
   
# End of aliases.
#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
#
# 如果地址已经改变可以将旧地址改为新的地址,这样就不会丢失连接了
# 例如:Redirect
http://test.thizlinux.com.cn/luntan.html

http://test.thizlinux.com.cn/bbs.html
#
# Format: Redirect old-URI new-URL
#
#
# Directives controlling the display of server-generated directory listings.
#
    #
    # FancyIndexing is whether you want fancy directory indexing or standard
    #
    # 可以从浏览器中显示目录的文件列表,设置这条语句是在列出文件时,用不同小图标来表示不同类型的文件
    # 可以用AddIconByType选项来设置。图标存放在/var/www/icons目录下。
    #
    IndexOptions FancyIndexing NameWidth=*
    #
    # AddIcon* directives tell the server which icon to show for different
    # files or filename extensions.  These are only displayed for
    # FancyIndexed directories.
    #
    AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
    AddIconByType (TXT,/icons/text.gif) text/*
    AddIconByType (IMG,/icons/image2.gif) image/*
    AddIconByType (SND,/icons/sound2.gif) audio/*
    AddIconByType (VID,/icons/movie.gif) video/*
    AddIcon /icons/binary.gif .bin .exe
    AddIcon /icons/binhex.gif .hqx
    AddIcon /icons/tar.gif .tar
    AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
    AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
    AddIcon /icons/a.gif .ps .ai .eps
    AddIcon /icons/layout.gif .html .shtml .htm .pdf
    AddIcon /icons/text.gif .txt
    AddIcon /icons/c.gif .c
    AddIcon /icons/p.gif .pl .py
    AddIcon /icons/f.gif .for
    AddIcon /icons/dvi.gif .dvi
    AddIcon /icons/uuencoded.gif .uu
    AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
    AddIcon /icons/tex.gif .tex
    AddIcon /icons/bomb.gif core
    AddIcon /icons/back.gif ..
    AddIcon /icons/hand.right.gif README
    AddIcon /icons/folder.gif ^^DIRECTORY^^
    AddIcon /icons/blank.gif ^^BLANKICON^^
    #
    # DefaultIcon is which icon to show for files which do not have an icon
    # explicitly set.
    #
    # 对于不未知的类型文件,用未知的图标来表示
    #
    DefaultIcon /icons/unknown.gif
    #
    # AddDescription allows you to place a short description after a file in
    # server-generated indexes.  These are only displayed for FancyIndexed
    # directories.
    # Format: AddDescription "description" filename
    #
    # 利用AddDescription语句还可以对文件加上说明,这样就可以告诉用户什么样的后缀是什么意思
    #
    #AddDescription "GZIP compressed document" .gz
    #AddDescription "tar archive" .tar
    #AddDescription "GZIP compressed tar archive" .tgz
    #
    # ReadmeName is the name of the README file the server will look for by
    # default, and append to directory listings.
    #
    # HeaderName is the name of a file which should be prepended to
    # directory indexes.
    #
    # If MultiViews are amongst the Options in effect, the server will
    # first look for name.html and include it if found.  If name.html
    # doesn't exist, the server will then look for name.txt and include
    # it as plaintext if found.
    #
    # 在列出文件列表后,可以在文件列表的头(HEADER),尾(README)加上说明。两个文件需要自己创建
    #
    ReadmeName README
    HeaderName HEADER
    #
    # IndexIgnore is a set of filenames which directory indexing should ignore
    # and not include in the listing.  Shell-style wildcarding is permitted.
    #
    # 同时可以控制列表那些指定的文件不可以列出,下面的意思是HEADER和README就不可被列出。
    #
    IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
# End of indexing directives.
#
# Document types.
#
    #
    # AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
    # information on the fly. Note: Not all browsers support this.
    # Despite the name similarity, the following Add* directives have nothing
    # to do with the FancyIndexing customization directives above.
    #
    # 利用AddEncoding当遇到.z与.gz,.tar后缀文件时,让SERVER自动解压。
    #
    AddEncoding x-compress Z
    AddEncoding x-gzip gz tgz
    #
    # AddLanguage allows you to specify the language of a document. You can
    # then use content negotiation to give a browser a file in a language
    # it can understand.  
    #
    # Note 1: The suffix does not have to be the same as the language
    # keyword --- those with documents in Polish (whose net-standard
    # language code is pl) may wish to use "AddLanguage pl .po" to
    # avoid the ambiguity with the common suffix for perl scripts.
    #
    # Note 2: The example entries below illustrate that in quite
    # some cases the two character 'Language' abbreviation is not
    # identical to the two character 'Country' code for its country,
    # E.g. 'Danmark/dk' versus 'Danish/da'.
    #
    # Note 3: In the case of 'ltz' we violate the RFC by using a three char
    # specifier. But there is 'work in progress' to fix this and get
    # the reference data for rfc1766 cleaned up.
    #
    # Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
    # French (fr) - German (de) - Greek-Modern (el)
    # Italian (it) - Korean (kr) - Norwegian (no) - Norwegian Nynorsk (nn)
    # Portugese (pt) - Luxembourgeois* (ltz)
    # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
    # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
    # Russian (ru)
    #
    # 这些都属于语言设置,其功能是允许服务器将适用于WEB PAGE浏览器版本的文件传送给WEB PAGE浏览器。因为
    # 一个HTML文档可以有不同的语言版本。对于中文可以不用设置
    #
    AddLanguage da .dk
    AddLanguage nl .nl
    AddLanguage en .en
    AddLanguage et .ee
    AddLanguage fr .fr
    AddLanguage de .de
    AddLanguage el .el
    AddLanguage he .he
    AddCharset ISO-8859-8 .iso8859-8
    AddLanguage it .it
    AddLanguage ja .ja
    AddCharset ISO-2022-JP .jis
    AddLanguage kr .kr
    AddCharset ISO-2022-KR .iso-kr
    AddLanguage nn .nn
    AddLanguage no .no
    AddLanguage pl .po
    AddCharset ISO-8859-2 .iso-pl
    AddLanguage pt .pt
    AddLanguage pt-br .pt-br
    AddLanguage ltz .lu
    AddLanguage ca .ca
    AddLanguage es .es
    AddLanguage sv .se
    AddLanguage cz .cz
    AddLanguage ru .ru
    AddLanguage zh-tw .tw
    AddLanguage tw .tw
    AddCharset Big5         .Big5    .big5
    AddCharset WINDOWS-1251 .cp-1251
    AddCharset CP866        .cp866
    AddCharset ISO-8859-5   .iso-ru
    AddCharset KOI8-R       .koi8-r
    AddCharset UCS-2        .ucs2
    AddCharset UCS-4        .ucs4
    AddCharset UTF-8        .utf8
    # LanguagePriority allows you to give precedence to some languages
    # in case of a tie during content negotiation.
    #
    # Just list the languages in decreasing order of preference. We have
    # more or less alphabetized them here. You probably want to change this.
    #
    # LanguagePriority是用来设定不同语言的优先级的,这样就可以按照顺序来用不同的语言版本回应请求
    #
   
        LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
   
    #
    # AddType allows you to tweak mime.types without actually editing it, or to
    # make certain files to be certain types.
    #
    # For example, the PHP 3.x module (not part of the Apache distribution - see
    #
http://www.php.net
) will typically use:
    #
    # 加载相应的模块可以让服务器允许使用PHP,PHP3,PHP4
    #
   
        AddType application/x-httpd-php3 .php3
        AddType application/x-httpd-php3-source .phps
   
    #
    # And for PHP 4.x, use:
    #
   
        AddType application/x-httpd-php .php .php4 .php3 .phtml
        AddType application/x-httpd-php-source .phps
   
    #
    # For PHP/FI (PHP2), use:
    #
   
        AddType application/x-httpd-php .phtml
   
    AddType application/x-tar .tgz
    #
    # AddHandler allows you to map certain file extensions to "handlers",
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action command (see below)
    #
    # If you want to use server side includes, or CGI outside
    # ScriptAliased directories, uncomment the following lines.
    #
    # To use CGI scripts:
    #
    # 如果遇到某些扩展名时应该用什么方式来进行处理。下面的意思是:如果扩展名是.cgi的,应当作CGI-Script来处理
    #
    #AddHandler cgi-script .cgi
    #
    # To use server-parsed HTML files
    #
    # 如果扩展名为.shtml则有服务器来解释WEB PAGE中的SSI命令。但是必须要在目录声明中使用:
    # Options Includes如果使用Options IncludesNOExec则表明可以执行SSI,但是不可以引用
    # 外部的命令或者是程序
    #
    # 还有一种是XBitBack选项设置,如果设置为ON,则SERVER会检查所有的text/html的文档,但是
    # 这样会导致系统可用率的降低,一般都应该设置为OFF
    #
    AddType text/html .shtml
    AddHandler server-parsed .shtml
    #
    # Uncomment the following line to enable Apache's send-asis HTTP file
    # feature
    #
    # 允许SERVER直接发送扩展名为.asis的文件
    #
    #AddHandler send-as-is asis
    #
    # If you wish to use server-parsed imagemap files, use
    #
    # 允许WEB PAGE使用CGI处理的网页地图
    #
    AddHandler imap-file map
    #
    # To enable type maps, you might want to use
    #
    # 启用这个语句,可让SERVER在内容协商的时候可以更精确的获得结果
    #
    #AddHandler type-map var
# End of document types.
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
#
# MetaDir: specifies the name of the directory in which Apache can find
# meta information files. These files contain additional HTTP headers
# to include when sending the document
#
# 设置SERVER可以使用的META信息所在的目录,一般没什么太大的作用
#
#MetaDir .web
#
# MetaSuffix: specifies the file name suffix for the file containing the
# meta information.
#
# 设置META文件的后缀
#
#MetaSuffix .meta
#
# Customizable error response (Apache style)
#  these come in three flavors
#
# 以下三种是代表着当浏览者存取WEB PAGE时发生错误,按照一定的条件显示三种中的其中一种
#
#    1) plain text
#ErrorDocument 500 "The server made a boo boo.
#  n.b.  the single leading (") marks it as text, it does not get output
#
#    2) local redirects
#ErrorDocument 404 /missing.html
#  to redirect to local URL /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
#  N.B.: You can redirect to a script or a document using server-side-includes.
#
#    3) external redirects
#ErrorDocument 402
http://some.other_server.com/subscription_info.html
#  N.B.: Many of the environment variables associated with the original
#  request will *not* be available to such a script.
#
# Customize behaviour based on the browser
#
    #
    # The following directives modify normal HTTP response behavior.
    # The first directive disables keepalive for Netscape 2.x and browsers that
    # spoof it. There are known problems with these browser implementations.
    # The second directive is for Microsoft Internet Explorer 4.0b2
    # which has a broken HTTP/1.1 implementation and does not properly
    # support keepalive when it is used on 301 or 302 (redirect) responses.
    #
    # 如果使用Mozilla MSIE4就不能提供keepalive这种功能,这样可以使老版本的浏览器兼容
    #
    BrowserMatch "Mozilla/2" nokeepalive
    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
    #
    # The following directive disables HTTP/1.1 responses to browsers which
    # are in violation of the HTTP/1.0 spec by not being able to grok a
    # basic 1.1 response.
    #
    # 如果使用以下三种程序,则应该以HTTP1.0的规格来响应这个请求
    #
    BrowserMatch "RealPlayer 4\.0" force-response-1.0
    BrowserMatch "Java/1\.0" force-response-1.0
    BrowserMatch "JDK/1\.0" force-response-1.0
# End of browser customization directives
#
# If the perl module is installed, this will allow execution of mod_perl
# to compile your scripts to subroutines which it will execute directly,
# avoiding the costly compile process for most requests.
#
#
#    Alias /perl /var/www/perl
#   
#        SetHandler perl-script
#        PerlHandler Apache::Registry
#        Options +ExecCGI
#   
#
#
# Allow http put (such as Netscape Gold's publish feature)
# Use htpasswd to generate /etc/httpd/conf/passwd.
#
#
#    Alias /upload /tmp
#   
#        EnablePut On
#        AuthType Basic
#        AuthName Temporary
#        AuthUserFile /etc/httpd/conf/passwd
#        EnableDelete Off
#        umask 007
#        
#            require valid-user
#        
#   
#
#
# Allow server status reports, with the URL of
http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
# 如果起用下面的区块,则客户端可以输入
http://server-name/server-status
来查看系统当前的状态
#
#
#    SetHandler server-status
#    Order deny,allow
#    Deny from all
#
#    只允许从.your_domain.com来查看
#
#    Allow from .your_domain.com
#
#
# Allow remote server configuration reports, with the URL of
#
http://servername/server-info
(requires that mod_info.c be loaded).
# Change the ".your_domain.com" to match your domain to enable.
#
# 如果起用下面的区块,则客户端可以输入
http://server-name/server-info
来查看系统的相关信息
#
#
#    SetHandler server-info
#    Order deny,allow
#    Deny from all
#    Allow from .your_domain.com
#
#
# Allow access to local system documentation from localhost
#
Alias /doc/ /usr/share/doc/
    order deny,allow
    deny from all
#
# 这个目录只允许本地端的用户浏览
#
    allow from localhost .localdomain
    Options Indexes FollowSymLinks
#
# There have been reports of people trying to abuse an old bug from pre-1.1
# days.  This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging
# script on phf.apache.org.  Or, you can record them yourself, using the script
# support/phf_abuse_log.cgi.
#
# 在以前的APACHE版本中有一些BUG,启动这个区块可以将其导向到错误的WEB PAGE上
#
#
#    Deny from all
#    ErrorDocument 403
http://phf.apache.org/phf_abuse_log.cgi
#
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
# 可以利用APACHE做PROXY SERVER,但是要有mod_proxy.c这个模块,而下面的目录区块是用来设置访问权限和缓存的各项参数的
#
#
#    ProxyRequests On
#   
#        Order deny,allow
#        Deny from all
#
# 如果要启用此功能,则要将.your_domain.com改为真实的DOMAIN_NAME(.thizlinux.com.cn)
#
#        Allow from .your_domain.com
#   
    #
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #
    # 此设置用于处理HTTP1.1的Via:文件头的功能
    #
#    ProxyVia On
    #
    # To enable the cache as well, edit and uncomment the following lines:
    # (no caching without CacheRoot)
    #
    # 选择缓存要存放在哪个目录下
    #
#    CacheRoot "/var/cache/httpd"
#
#    定义缓存的大小,这里是为5K
#
#    CacheSize 5
#
#    定义每隔几个小时去检查缓存的大小
#
#    CacheGcInterval 4
#
#    一份文件最久可留在缓存中的时间是多少小时
#
#    CacheMaxExpire 24
#
#    定义自上次更新后多久就需要本删除的系数,即为:一个WEB PAGE在缓存里面保留24小时,在乘以0.1,即为在上次更新后2.4小时后
#    就会被删除。但是若计算出来的结果大于CacheMaxExpire的数值,则以CacheMaxExpire的数值为准
#
#    CacheLastModifiedFactor 0.1
#
#    对于使用非HTTP的传输协议,在经过多少小时后,这个文件将会从缓存中删除
#
#    CacheDefaultExpire 1
#
#    定义那些文件或者是哪些域名里面的内容不要缓存
#
#    NoCache a_domain.com another_domain.edu joes.garage_sale.com
#
# End of proxy directives.
### Section 3: Virtual Hosts
###
### 三:虚拟主机的设置
###
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
# Use name-based virtual hosting.
#
# 设置虚拟主机的IP或者是域名,并且可以添加端口
# NameVirtualHost 192.168.0.168
# NameVirtualHost 192.168.0.168:80
#
#NameVirtualHost *
NameVirtualHost 192.168.0.168
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
# VirtualHost的后面可以写上IP,或者是域名,地址一定要和NanmeVirtualHost一致。
#
#
#
# 指定WEB SERVER的EMAIL地址
#
#    ServerAdmin
webmaster@dummy-host.example.com
#
# 存放网页的跟目录
#
#    DocumentRoot /www/docs/dummy-host.example.com
#
# 指定ServerName的虚拟主机名称。即为域名
#
#    ServerName dummy-host.example.com
#
# 指定错误信息记录文件
#
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#
#
# 可以在一个IP上创建多个虚拟主机,但是存放的目录不能一致
# 例:
#
#    ServerAdmin
root@thizlinux.com
.
#    DocumentRoot /html/www
#     ServerName
www.thizlinux.com
#
#
#   ServerAdmin
root@thizlinux.com
.
#    DocumentRoot /news
#    ServerName new.thizlinux.com
#
#
#
##
##  SSL Global Context
##
## 如果定义了HAVE——SSL,则可以配置SSL的认证服务
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##
#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin
#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:logs/ssl_scache(512000)
#SSLSessionCache        shmcb:logs/ssl_scache(512000)
SSLSessionCache         shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout  300
#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization.
SSLMutex  file:logs/ssl_mutex
#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512
#   Logging:
#   The home of the dedicated SSL protocol logfile. Errors are
#   additionally duplicated in the general error log file.  Put
#   this somewhere where it cannot be used for symlink attacks on
#   a real server (i.e. somewhere where only root can write).
#   Log levels are (ascending order: higher ones include lower ones):
#   none, error, warn, info, trace, debug.
SSLLog      logs/ssl_engine_log
SSLLogLevel error
##
## SSL Virtual Host Context
##
#  General setup for the virtual host
#DocumentRoot "/etc/httpd/htdocs"
#ServerName new.host.name
#ServerAdmin
you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log
#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again. A test
#   certificate can be generated with `make certificate' under
#   built time. Keep in mind that if you've both a RSA and a DSA
#   certificate you can configure both in parallel (to also allow
#   the use of DSA ciphers, etc.)
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt
#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
#SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key
#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/httpd/conf/ssl.crt
#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
#   Certificate Revocation Lists (CRL):
#   Set the CA revocation path where to find CA CRLs for client
#   authentication or alternatively one huge file containing all
#   of them (file must be PEM encoded)
#   Note: Inside SSLCARevocationPath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/httpd/conf/ssl.crl
#SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl
#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth  10
#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#
#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} = 8 and %{TIME_HOUR}
#   SSL Engine Options:
#   Set various options for the SSL engine.
#   o FakeBasicAuth:
#     Translate the client X.509 into a Basic Authorisation.  This means that
#     the standard Auth/DBMAuth methods can be used for access control.  The
#     user name is the `one line' version of the client's X.509 certificate.
#     Note that no password is obtained from the user. Every entry in the user
#     file needs this password: `xxj31ZMTZzkVA'.
#   o ExportCertData:
#     This exports two additional environment variables: SSL_CLIENT_CERT and
#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
#     server (always existing) and the client (only existing when client
#     authentication is used). This can be used to import the certificates
#     into CGI scripts.
#   o StdEnvVars:
#     This exports the standard SSL/TLS related `SSL_*' environment variables.
#     Per default this exportation is switched off for performance reasons,
#     because the extraction step is an expensive operation and is usually
#     useless for serving static content. So one usually enables the
#     exportation for CGI and SSI requests only.
#   o CompatEnvVars:
#     This exports obsolete environment variables for backward compatibility
#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
#     to provide compatibility to existing CGI scripts.
#   o StrictRequire:
#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
#     under a "Satisfy any" situation, i.e. when it applies access is denied
#     and no other module can change it.
#   o OptRenegotiate:
#     This enables optimized SSL connection renegotiation handling when SSL
#     directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
    SSLOptions +StdEnvVars
    SSLOptions +StdEnvVars
#   SSL Protocol Adjustments:
#   The safe and default but still SSL/TLS standard compliant shutdown
#   approach is that mod_ssl sends the close notify alert but doesn't wait for
#   the close notify alert from client. When you need a different shutdown
#   approach you can use one of the following variables:
#   o ssl-unclean-shutdown:
#     This forces an unclean shutdown when the connection is closed, i.e. no
#     SSL close notify alert is send or allowed to received.  This violates
#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
#     this when you receive I/O errors because of the standard approach where
#     mod_ssl sends the close notify alert.
#   o ssl-accurate-shutdown:
#     This forces an accurate shutdown when the connection is closed, i.e. a
#     SSL close notify alert is send and mod_ssl waits for the close notify
#     alert of the client. This is 100% SSL/TLS standard compliant, but in
#     practice often causes hanging connections with brain-dead browsers. Use
#     this only for browsers where you know that their SSL implementation
#     works correctly.
#   Notice: Most problems of broken clients are also related to the HTTP
#   keep-alive facility, so you usually additionally want to disable
#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
#   "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
include /usr/tomcat/conf/mod_jk.conf-auto


本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/5252/showart_1164030.html
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP