asg10.htm

apache技术手册

<UL>

<LI>

<A HREF="#E69E125" >mod_proxy Directives</A>

<UL>

<LI>

<A HREF="#E70E112" >ProxyRequests</A>

<LI>

<A HREF="#E70E113" >ProxyRemote</A>

<LI>

<A HREF="#E70E114" >ProxyPass</A>

<LI>

<A HREF="#E70E115" >CacheRoot</A>

<LI>

<A HREF="#E70E116" >CacheSize</A>

<LI>

<A HREF="#E70E117" >CacheGcInterval</A>

<LI>

<A HREF="#E70E118" >CacheMaxExpire</A>

<LI>

<A HREF="#E70E119" >CacheLastModifiedFactor</A>

<LI>

<A HREF="#E70E120" >CacheDefaultExpire</A>

<LI>

<A HREF="#E70E121" >NoCache</A></UL></UL>

<LI>

<A HREF="#E68E135" >The mod_status Module</A>

<LI>

<A HREF="#E68E136" >The mod_userdir Module</A>

<UL>

<LI>

<A HREF="#E69E126" >mod_userdir Directives</A>

<UL>

<LI>

<A HREF="#E70E122" >UserDir</A></UL></UL>

<LI>

<A HREF="#E68E137" >Summary</A></UL></UL></UL>

<HR ALIGN=CENTER>

<A NAME="E66E10"></A>

<H1 ALIGN=CENTER>

<CENTER>

<FONT SIZE=6 COLOR="#FF0000"><B>10</B></FONT></CENTER></H1>

<BR>

<A NAME="E67E14"></A>

<H2 ALIGN=CENTER>

<CENTER>

<FONT SIZE=6 COLOR="#FF0000"><B>Apache Modules</B></FONT></CENTER></H2>

<BR>

<P>Apache's modular structure has simplified the way that functionality is added to the server. Its generalized Application Programmer's Interface (API) greatly simplifies the process of adding new or enhancing existing functionality. Modules are usually developed in a single source code file named after the module. Many of these modules are so useful that they are included on a default server configuration. Modules that are included in this fashion are part of the <I>Base</I> release. Other modules are not included in the Base release either because they are in the initial stages of development or have not received a methodical testing to insure that they are of production quality. The lack of inclusion should not be a deterrent to their use, however. The DBM Authentication module is not part of the Base release, yet it is heavily used in many sites.

<BR>

<P>The following sections describe all the modules shipped with Apache and the directives they provide. For a list of modules provided by third parties take a look at <A HREF="asg07.htm" tppabs="http://docs.rinet.ru:8080/Apachu/asg07.htm">Chapter 7</A>, &quot;Third-Party Modules.&quot;

<BR>

<BR>

<A NAME="E68E109"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>The </B><B>mod_access</B><B> Module</B></FONT></CENTER></H3>

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Source:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

mod_access.c</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Base:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Yes</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Type:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Security/Access Control</FONT>

</TABLE><P><A NAME="I2"></A><A NAME="I3"></A>The mod_access module is built into Apache by default. It provides host-based (or domain-level) access control security options.

<BR>

<P>Host-based access control grants or denies access on the basis of the <I>Internet Protocol</I> (IP) address of the machine generating a request. Machines matching an allow or deny description are allowed or denied access as appropriate. Flexible descriptions can be formed by the combination of both lists and the use of the order directive.

<BR>

<BR>

<A NAME="E69E88"></A>

<H4 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>mod_access </B><B>Directives</B></FONT></CENTER></H4>

<BR>

<P>The mod_access module provides three directives for building the allow and deny criteria:

<BR>

<UL>

<LI>allow from

<BR>

<BR>

<LI>deny from

<BR>

<BR>

<LI>order

<BR>

<BR>

</UL>

<P>These directives are typically specified in the &lt;Directory&gt;, &lt;Limit&gt;, or &lt;Location&gt; sections or inside an .htaccess file. &lt;Location&gt; sections are available only in Apache 1.1 or better.

<BR>

<BR>

<A NAME="E70E45"></A>

<H5 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>allow from</B></FONT></CENTER></H5>

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Syntax:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

allow from<I> host host...</I></FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Override:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

AllowOverride Limit</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Context:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

directory, .htaccess</FONT>

</TABLE><P>allow from specifies hosts that are allowed to access the protected resource. You can specify more than one host or network by separating the additional host specifications with a space. <I>host</I> can be specified in any of the following formats:

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

all

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

This option allows all hosts to access the resource.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<I>FQDN</I>

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

You can specify a host using its fully qualified domain name. A fully qualified domain name must include a hostname, subnets (if any), and a domain name, such as www.xyc.com.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<I>PDN</I>

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

You can specify a group of hosts by using a partial domain name, which allows you to group several hosts in a particular domain. An entry such as xyc.com would match any host in the xyc.com domain.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080><BR></FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

A more selective grouping could be specified by using a network subnet. If available, group.xyc.com would match any host in the <I>group</I> subnet in the xyc.com domain.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<I>IP</I>

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

You can also specify machines by their IP address. This option may provide tighter security than name-based specifications; however, names are easier for humans to maintain.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<I>PIP</I>

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

You can also specify partial IP patterns, 1&#150;3 bytes of the IP address, to define groups of hosts. Hosts matching the IP description are included in the group. If 204.95.160.0 is a class C address, specifying 204.95.160 as the <I>PIP</I> would match any host from that network. If the network is subdivided into subnets, you can specify the subnet number to create a more restrictive grouping within a network.</FONT>

</TABLE><P>Here's an example of the allow from directive:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">allow from .cs.uwm.edu bar.com 204</FONT></PRE>

<P>All hosts from the specified domain are allowed access. Note that the comparison is based on the entire name. The entry for bar.com would not match foobar.com.

<BR>

<BR>

<A NAME="E70E46"></A>

<H5 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>deny from</B></FONT></CENTER></H5>

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Syntax:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

deny from<I> host host...</I></FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Override:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

AllowOverride Limit</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Context:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

directory, .htaccess</FONT>

</TABLE><P>deny from specifies hosts that are to be denied access to the resource. You can specify more than one host or network by separating additional host specifications with a space. <I>host</I> can be specified in any of the following formats:

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

all

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

This option allows all hosts to access the resource.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<I>FQDN</I>

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

You can specify a host using its fully qualified domain name. A fully qualified domain name must include a hostname, subnets if any, and a domain name, such as www.xyc.com.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<I>PDN</I>

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

You can specify a group of hosts by using a partial domain name. This allows you to group several hosts in a particular domain. An entry like xyc.com would match any host in the xyc.com domain.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080><BR></FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

A more selective grouping could be specified by using a network subnet, if available. group.xyc.com <A NAME="I4"></A>would match any host in the group subnet in the xyc.com domain.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<I>IP</I>

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

You can also specify machines by their IP address. This option may provide tighter security than name-based specifications; however, names are easier for we humans to maintain.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

<I>PIP</I>

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

You can also specify partial IP patterns, 1&#150;3 bytes of the IP address, to define groups of hosts. Hosts matching the IP description are included in the group. If 204.95.160.0 is a class C address, specifying 204.95.160 as the <I>PIP</I> would match any host from that network. If the network is subdivided into subnets, you can specify the subnet number to create a more restrictive grouping within a network.</FONT>

</TABLE><P>Here's an example of the deny directive:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">deny from .cs.uwm.edu bar.com 204</FONT></PRE>

<P>All hosts from the specified domain are denied access. Note that comparison is based on the entire name. The entry for bar.com would not match foobar.com.

<BR>

<BR>

<A NAME="E70E47"></A>

<H5 ALIGN=CENTER>

<CENTER>

<FONT SIZE=4 COLOR="#FF0000"><B>order</B></FONT></CENTER></H5>

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Syntax:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

order [deny,allow] | [allow,deny] | [mutual-failure]</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Default:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

order deny,allow</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Override:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

AllowOverride Limit</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Context:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

directory, .htaccess</FONT>

</TABLE><P>The order directive specifies the order in which the allow from and deny from directives are evaluated within a &lt;Limit&gt;, &lt;Location&gt;, or &lt;Directory&gt; section. Possible options are

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

deny,allow

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Evaluates the deny from directive first and then grants exceptions based on the allow from directive.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

allow,deny 

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Evaluates the allow from directive first and then grants exceptions based on the deny from directive.</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

mutual-failure

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Evaluates so that only hosts that appear in the allow from directive and do not appear on the deny from directive are granted access.</FONT>

</TABLE><P>Here's an example of the order directive:

<BR>

<BR>

<PRE>

<FONT COLOR="#000080">order deny,allow deny from all allow from aol.com</FONT></PRE>

<P>In this example, requests from America Online users would be allowed. All other hosts are denied access.

<BR>

<BR>

<A NAME="E68E110"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000">[ic:Apache 1.1]<B>The </B><B>mod_actions</B><B> Module</B></FONT></CENTER></H3>

<BR>



<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="80%" CELLPADDING=2 >

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Source:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

mod_actions.c</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Base:

</FONT>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>

Yes</FONT>

<TR>

<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>