HTTPD.CONF
NAME
httpd.conf
SYNOPSIS
none
DESCRIPTION
The httpd service need basic configuration in some files. They are by default:
(a) rewrite file /sys/lib/httpd.rewrite
(b) namespace file /lib/namespace.httpd
(c) web base /usr/web/
The main role of rewrite file is to specify httpd roots for virtual hosts.
The main role of namespace file is to provide namespace that is merged to users namespace.
The main role of web base is to provide mount point in constructing new namespace.
You can change these default location in httpd configuration file. The default location is
/sys/lib/httpd.confwhich may be altered in httpd option.
Pegasus has miscellaneous parameters for fine tuning. They are also defined in httpd configuration file.
The current content is:
# # Remove "#" to set your value if you want to change default vaue # Note that # 1. second field is default value except rejectdb # 2. all unit of time is second # # # files for Pegasus # # base /usr/web # base directory for Pegasus # namespace /lib/namespace.httpd # name space configuration # rewrite /sys/lib/httpd.rewrite # system rewrite file # # currently we have the following parameters that might be required tuning # charset utf-8 # HTTP header charset. The default is latin(iso-8859-1) ## allowbasic 0 # gone # parsetimeout 15 # timeout to parse header # waittimeout1 15 # wait timeout for an non-authenticated client # waittimeout2 900 # wait timeout for an authenticated client # cgitimeout 5 # timeout for CGI # posttimeout 900 # timeout to get POST data ## connectlimit 300 # gone # maxpost1 10 # maximum post data size (in unit of MB) for non-authenticated client # maxpost2 100 # maximum post data size (in unit of MB) for authenticated client ### note on maxconnect: ### maxconnect check is disabled to authenticated clients or if the value is 0 # maxconnect 50 # max connections by a single remote IP (default 50) # obstime 3 # observation time to detect maxconnect ## maxaccess 20 # gone # lockouttime 180 # lockouttime for maxconnect and maxaccess (in unit of sec) # contmax 100 # max persistent continuation count for safty # rejectdb /sys/log/rejectdb # the default is "not set".Lines that begin with '
#
' are comments; attribute and the default value follows the '#
'. Only the first and the second fields are consulted. Text that follows value shows the meaning.
To change the parameter, remove "#
" at the beginning of line and change the value of second field. Internal value are shown in the second field except "rejectdb
"; the value is /sys/log/rejectdb
.
Most of these parameters are for safety.
Probably you need not change the contents of this file.
In server mode, restart
httpd
to reflect the valueIf you use mon,
Kill httpd |rcis enough to restart.
Meaning of parameters
The meaning of parameters are commented in the filehttpd.conf
.I believe most of them are clear and need no farther explanation.
Therefore only a few parameters are explained.
charset
Note a line:
charset utf-8By this line, the server's character set is set to utf-8.
This means you must write all text documents in utf-8.
A document from W3.org claims that if
charset
is specified in httpt thencharset
in meta
tag of html header is ignored.look http://www.w3.org/TR/html4/charset.html#h-5.2.2 for this topic.
maxconnect
, obstime
and lockouttime
Clients that try brute accesses are rejected in 3 minutes by default.The time can be configured by
lockouttime
.By "brute" I denote: access over 50 times in three seconds.
These two parameters are configurable by
maxconnect
and obstime
.
By setting maxconnect
to 0, you can disable this protection.
Authenticated clients are not be affected by these parameter.
WebDAV clients require huge numbers of accesses in a seconds.
You will protect WebDAV service by authentication. Therefore WebDAV will work even if this protection is enabled.
The set of these parameters prevents from creation of huge numbers of httpd subprocesses and also prevents from brute force attacks of password in authentication.
rejectdb
The /sys/log/rejectdb
is a collection of IP addresses (one IP per line).Requests from IP in the database are silently rejected.
That is, these access logs are not written in Pegasus log file
/sys/log/http
.
To disable this feature, comment out or remove this line.
Why not be written in log file?
I observed strange accesses from a client. The client persistently have accessed to one of pages of my server, which resulted in consumption of 37MB storage in a month.
Of course, you can reject IPs using access control file allow
as has been. Then the access log will be written in /sys/log/http
.