lsg46.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<LI>The OldScriptAlias variable is the same as Alias. it is included for backward compatibility with HTPP 1.0.



<BR>



<BR>



<LI>The ReadmeName variable is the footer file attached to directory indexes. The default is README.



<BR>



<BR>



<LI>The Redirect variable maps a path to a new URL.



<BR>



<BR>



<LI>The ScriptAlias variable is similar to Alias, but it's for scripts. The default is /usr/local/etc/httpd/cgi-bin.



<BR>



<BR>



<LI>The UserDir variable is the directory users can use for httpd access. The default is public_html. This variable is usually set to a user's home page directory, or you can set it to DISABLED.



<BR>



<BR>



</UL>



<P>The third file to examine and modify is access.conf-dist, which defines the services available to WWW browsers. Usually, everything is accessible to a browser, but you may want to modify the file to tighten security or disable some services not supported on your Web site. The format of the conf-dist file is different from the two configuration files you saw above. It uses a set of sectioning directives delineated by angle brackets. The general format of an entry is:



<BR>



<PRE>



<FONT COLOR="#000080">&lt;Directory&gt;



...



&lt;/Directory&gt;</FONT></PRE>



<P>Any items between the beginning and ending delimiters (&lt;Directory&gt; and &lt;/Directory&gt; respectively) are directives. It's not quite that easy because several variations can exist in the file. The best way to customize the access.conf-dist file is to follow these steps for a typical Web server installation:



<BR>



<OL>



<LI>Locate the Options directive and remove the Indexes option. This step prevents users from browsing the httpd directory. Valid Options entries are discussed shortly.



<BR>



<BR>



<LI>Locate the first Directory directive and check the path to the cgi-bin directory. The default path is /usr/local/etc/httpd/cgi-bin.



<BR>



<BR>



<LI>Locate the second <I>Directory</I> directive for the sym.conf file and verify the path. The default is /usr/local/etc/httpd/htdocs.



<BR>



<BR>



<LI>Find the AllowOverride variable and set it to None (this setting prevents others from changing the settings). The default is All. Valid values for the AllowOverride variable are discussed shortly.



<BR>



<BR>



<LI>Find the Limit directive and set to whichever value you want (see the next list).



<BR>



<BR>



</OL>



<P>The Limit directive controls access to your server. The valid values for the Limit directive are:



<BR>







<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="100%" CELLPADDING=2 >



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



allow



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Permits specific hostnames following the allow keyword to access the service</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



deny



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Denies specific hostnames following the deny keyword from accessing the service</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



order



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Specifies the order in which allow and deny directives are evaluated (usually set to deny,allow but can also be allow,deny)</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



require



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Requires authentication through a user file specified in the AuthUserFile entry</FONT>



</TABLE><P>The Options directive can have several entries, all of which have a different purpose. The default entry for Options is:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">Options Indexes FollowSymLinks</FONT></PRE>



<P>The authors removed the Indexes entry from the Options directive in the first step of the customization procedure. These entries all apply to the directory the Options field appears in. The valid entries for the Options directive are as follows:



<BR>







<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="100%" CELLPADDING=2 >



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



All



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Enables all features</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



ExecCGI



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Specifies that CGI scripts can be executed in this directory</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



FollowSymLinks



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Enables httpd to follow symbolic links</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Includes



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Enables include files for the server</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



IncludesNoExec



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Enables include files for the server but disables the exec option</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Indexes



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Enables users to retrieve indexes (doesn't affect precompiled indexes)</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



None



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



No features are enabled</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



SymLinksIfOwnerMatch



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Follows symbolic links only if the user ID matches</FONT>



</TABLE><P>The AllowOverride variable is set to All by default, and you should change this setting. There are several valid values for AllowOverride, but the recommended setting for most Linux systems is None. The valid values for AllowOverride are as follows:



<BR>



<UL>



<LI>A value of All means unrestricted access.



<BR>



<BR>



<LI>The AuthConfig value enables some authentication routines. Valid values are AuthName (sets authorization name of directory), AuthType (set authorization type of the directory, although there is only one legal value: Basic), AuthUserFile (specifies a file containing user names and passwords), and AuthGroupFile (specifies a file containing group names)



<BR>



<BR>



<LI>The FileInfo value enables AddType and AddEncoding directives.



<BR>



<BR>



<LI>The Limit value enables the Limit directive.



<BR>



<BR>



<LI>A value of None means that no access files are allowed.



<BR>



<BR>



<LI>The Options value enables the Options directive.



<BR>



<BR>



</UL>



<P>After you have done all that, your configuration files should be properly set. Although the syntax is a little confusing, reading the default values will show you the proper format to use when changing entries. Next, you can start the Web server software.



<BR>



<BR>



<A NAME="E69E264"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Starting the Web Software</B></FONT></CENTER></H4>



<BR>



<P>Begin by copying all your *.conf-dist files (modified in the previous section) to *.conf (a change in the extension only). Copy the files instead of renaming them so that you have the original .conf-dist file for future modifications. The server looks for files with the .conf extension and will ignore .conf-dist files.



<BR>



<P>When your configuration is complete, it's time to try out the Web server software. In the configuration files, you made a decision as to whether the Web software will run as a daemon (stand-alone) or be started from inetd. The startup procedure is a little different for each method (as you would expect), but both startup procedures can use one of the following three options on the command line:



<BR>



<UL>



<LI>The -d option specifies the absolute path to the httpd binary (used only if the default location is not valid).



<BR>



<BR>



<LI>The -f option lists the configuration file to read if it is different from the default value of httpd.conf.



<BR>



<BR>



<LI>The -v option displays the version number.



<BR>



<BR>



</UL>



<P>If you are using inetd to start your Web server software, you need to make a change to the /etc/services file to enable the Web software. Add a line like this to the /etc/services file:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">http port/tcp</FONT></PRE>



<P>In this line, port is the port number used by your Web server software (usually 80).



<BR>



<P>Next, modify the /etc/inetd.conf file to include the startup commands for the Web server:



<BR>