HTTPD.CONF

NAME

	httpd.conf

SYNOPSIS

	none

DESCRIPTION

The httpd service need basic configuration in some files. They are by default:
(a) rewrite file /sys/lib/httpd.rewrite
(b) namespace file /lib/namespace.httpd
(c) web base /usr/web/

The main role of rewrite file is to specify httpd roots for virtual hosts.
The main role of namespace file is to provide namespace that is merged to users namespace.
The main role of web base is to provide mount point in constructing new namespace.

You can change these default location in httpd configuration file. The default location is

	/sys/lib/httpd.conf
which may be altered in httpd option.

Pegasus has miscellaneous parameters for fine tuning. They are also defined in httpd configuration file.

The current content is:

#
#	Remove "#" to set your value if you want to change default vaue
#	Note that
#	1. second field is default value except rejectdb
#	2. all unit of time is second
#

#
#	files for Pegasus
#
# base		/usr/web		# base directory for Pegasus
# namespace	/lib/namespace.httpd	# name space configuration
# rewrite	/sys/lib/httpd.rewrite	# system rewrite file

#
#	currently we have the following parameters that might be required tuning
#

charset		utf-8  # HTTP header charset. The default is latin(iso-8859-1)

## allowbasic	0	# gone

# parsetimeout	15	# timeout to parse header
# waittimeout1	15	# wait timeout for an non-authenticated client
# waittimeout2	900 	# wait timeout for an authenticated client
# cgitimeout	5	# timeout for CGI
# posttimeout	900	# timeout to get POST data
## connectlimit	300	# gone
# maxpost1	10	# maximum post data size (in unit of MB) for non-authenticated client
# maxpost2	100	# maximum post data size (in unit of MB) for authenticated client
### note on maxconnect:
### maxconnect check is disabled to authenticated clients or if the value is 0
# maxconnect	50	# max connections by a single remote IP (default 50)
# obstime	3	# observation time to detect maxconnect
## maxaccess	20	# gone
# lockouttime   180	# lockouttime for maxconnect and maxaccess  (in unit of sec)
# contmax	100	# max persistent continuation count for safty
# rejectdb	/sys/log/rejectdb	# the default is "not set".
Lines that begin with '#' are comments; attribute and the default value follows the '#'. Only the first and the second fields are consulted. Text that follows value shows the meaning.

To change the parameter, remove "#" at the beginning of line and change the value of second field. Internal value are shown in the second field except "rejectdb"; the value is /sys/log/rejectdb.

Most of these parameters are for safety.
Probably you need not change the contents of this file.

In server mode, restart httpd to reflect the value
If you use mon,
	Kill httpd |rc
is enough to restart.

Meaning of parameters

The meaning of parameters are commented in the file httpd.conf.
I believe most of them are clear and need no farther explanation.
Therefore only a few parameters are explained.

charset

Note a line:

	charset		utf-8
By this line, the server's character set is set to utf-8.
This means you must write all text documents in utf-8.
A document from W3.org claims that if charset is specified in httpt then
charset in meta tag of html header is ignored.
look http://www.w3.org/TR/html4/charset.html#h-5.2.2 for this topic.

maxconnect, obstime and lockouttime

Clients that try brute accesses are rejected in 3 minutes by default.
The time can be configured by lockouttime.
By "brute" I denote: access over 50 times in three seconds.
These two parameters are configurable by maxconnect and obstime.

By setting maxconnect to 0, you can disable this protection.

Authenticated clients are not be affected by these parameter.
WebDAV clients require huge numbers of accesses in a seconds.
You will protect WebDAV service by authentication. Therefore WebDAV will work even if this protection is enabled.

The set of these parameters prevents from creation of huge numbers of httpd subprocesses and also prevents from brute force attacks of password in authentication.

rejectdb

The /sys/log/rejectdb is a collection of IP addresses (one IP per line).
Requests from IP in the database are silently rejected.
That is, these access logs are not written in Pegasus log file /sys/log/http.

To disable this feature, comment out or remove this line.

Why not be written in log file?
I observed strange accesses from a client. The client persistently have accessed to one of pages of my server, which resulted in consumption of 37MB storage in a month.

Of course, you can reject IPs using access control file allow as has been. Then the access log will be written in /sys/log/http.