Apache will display Web page files as long as they are world readable. You have to make sure you make all the files and subdirectories in your DocumentRoot have the correct permissions. It is a good idea to have the files owned by a nonprivileged user so that Web developers can update the files using FTP or SCP without requiring the root password.
Create a user with a home directory of /home/www .
Change the permissions on the /home/www directory to 755 , which allows all users, including the Apache's httpd daemon, to read the files inside.
ServerRoot ServerRoot /etc/httpd The ServerRoot is the top-level directory which contains the server's files. Both the secure server and the non-secure server set the ServerRoot directive is set to "/ etc/httpd ".
PidFile PidFile /var/run/httpd.pid PidFile names the file where the server records its process ID (PID). By default the PID is set in / var/run/httpd.pid .
Timeout Timeout 300 Timeout defines, in seconds, the amount of time that the server will wait for receipts and transmissions during communications. Timeout is set to 300 seconds by default.
KeepAlive Keepalive off KeepAlive sets whether the server will allow more than one request per connection. By default Keepalive is set to off . If Keepalive is set to on and the server becomes very busy, the server can quickly spawn the maximum number of child processes. In this situation, the server will slow down significantly.
MaxKeepAliveRequests MaxKeepAliveRequests 100 This directive sets the maximum number of requests allowed per persistent connection. MaxKeepAliveRequests is set to 100 by default, which should be appropriate for most situations.
KeepAliveTimeout KeepAliveTimeout 15 KeepAliveTimeout sets the number of seconds the server will wait after a request has been served before it closes the connection. KeepAliveTimeout is set to 15 seconds by default.
MaxClients MaxClients 150 MaxClients sets a limit on the total number of server processes, or simultaneously connected clients, that can run at one time. The main purpose of this directive is to keep a runaway Apache HTTP Server from crashing the operating system.
Listen Listen 192.168.1.2:80 The Listen command identifies the ports on which the Web server will accept incoming requests. By default, the Apache HTTP Server is set to listen to port 80 for non-secure Web communications and (in the /etc/httpd/conf.d/ssl.conf which defines any secure servers) to port 443 for secure Web communications.
User User apache The User directive sets the user name of the server process and determines what files the server is allowed to access. By default User is set to apache .
Group Group apache Specifies the group name of the Apache HTTP Server processes. By default Group is set to apache .
ServerAdmin ServerAdmin firstname.lastname@example.org Set the ServerAdmin directive to the email address of the Web server administrator. By default, ServerAdmin is set to [email_address] .
ServerName ServerName www.hcmuaf.edu.vn:80 Use ServerName to set a hostname and port number (matching the Listen directive) for the server. The ServerName does not need to match the machine's actual hostname. For example, the Web server may be www.example.com but the server's hostname is actually foo.example.com . The value specified in ServerName must be a valid Domain Name Service ( DNS ) name that can be resolved by the system ServerName www.example.com:80
DocumentRoot DocumentRoot /var/www/html The DocumentRoot is the directory which contains most of the HTML files which is served in response to requests. The default DocumentRoot for both the non-secure and secure Web servers is the / var/www/html directory. For example, the server might receive a request for the following document:
The server looks for the following file in the default directory:
Directory Each <Directory ></Directory> block configures access information for the named directory (or directories) and its subdirectories. The first block sets the default permissions for all directories:
Options The Options directive controls which server features are available in a particular directory. For example, under the restrictive parameters specified for the root directory, Options is set to only FollowSymLinks . No features are enabled, except that the server is allowed to follow symbolic links in the root directory.
Values for the Options directive can be a space-delimited list of one or more of the following:
All — Enables all options except MultiViews. All is the default Option.
ExecCGI — Enables execution of CGI scripts.
FollowSymLinks — Enables the server to follow symbolic links in this directory.
Indexes — Instructs the server to return a formatted listing of a directory for which no directory index, such as index.html, exists.
MultiViews — Enables MultiView searches. If the server receives a request for a resource that does not exist, for example, /docs/resource, then the server scans the directory for all files named resource.*, if any, assigns them the same media types and content encodings they would have had if the client had asked for one of them by name, chooses the best match to the client’s requirements, and returns that document.
None — Disables all special directory features in this directory and its subdirectories.
SymLinksIfOwnerMatch — Instructs the server to follow only those symbolic links for which the target file or directory has the same UID as the link.
AllowOverride AllowOverride None|All The AllowOverride directive sets whether or not any Options can be overridden by the declarations in an .htaccess file. By default, both the root directory and the DocumentRoot are set to allow no .htaccess overrides.
Order Order allow,deny The Order directive controls the order in which allow and deny directives are evaluated. The server is configured to evaluate the Allow directives before the Deny directives for the DocumentRoot directory.
Allow Allow from all Allow specifies which requester can access a given directory. The requester can be all , a domain name , an IP address , a partial IP address, a n etwork/netmask pair, and so on. The DocumentRoot directory is configured to Allow requests from all, meaning everyone has access.
Deny Deny works just like Allow , except it specifies who is denied access. The DocumentRoot is not configured to Deny requests from anyone by default.
Disable autoindex for the root directory, and present as default Welcome page if no other index page is present. <LocationMatch "^/$> Options -Indexes ErrorDocument 403 /error/noindex.html </LocationMatch>
UserDir UserDir public_html UserDir is the name of the subdirectory within each user's home directory where they should place personal HTML files which are served by the Web server. This directive is set to disable by default.
The name for the subdirectory is set to public_html in the default configuration. For example, the server might receive the following request:
http:// example.com /~ username /foo.html The server would look for the file:
Users' home directories must be set to 0711 . The read (r) and execute (x) bits must be set on the users' public_html directories (0755 will also work).
Files that will be served in users' public_html directories must be set to at least 0644 .
DirectoryIndex DirectoryIndex index.shtml index.html index.htm home.html home.htm index.php The DirectoryIndex is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name for example: http:// example / this_directory /.
HostnameLookups HostnameLookups Off HostnameLookups can be set to on , off . If HostnameLookups set to on , the server automatically resolves the IP address for each connection. Resolving the IP address means that the server makes one or more connections to a DNS server, adding processing overhead. To conserve resources on the server, HostnameLookups set to off by default .
ErrorLog ErrorLog /var/logs/error_log ErrorLog specifies the file where server errors are logged. By default, this directive is set to / var/log/httpd/error_log .
LogLevel LogLevel sets how verbose the error messages in the error logs are. LogLevel can be set (from least verbose to most verbose) to emerg , alert , crit , error , warn , notice , info or debug . The default LogLevel is warn .
Redirect When a webpage is moved, Redirect can be used to map the file location to a new URL. The format is as follows:
Redirect / <old-path> / <file-name> http:// <current-domain> / <current-path> / <file-name> In this example, any requests for < file-name > at the old location is automatically redirected to the new location.
Alias Alias /manual "/var/www/manual“ Alias /tuyensinh "/var/www/tuyensinh" The Alias setting allows directories outside the DocumentRoot directory to be accessible. Any URL ending in the alias automatically resolves to the alias' path
ErrorDocument ErrorDocument 402 http://www.example.com/subscription_info.html The ErrorDocument directive associates an HTTP response code with a message or a URL to be sent back to the client. By default, the Web server outputs a simple and usually cryptic error message when an error occurs. The ErrorDocument directive forces the Web server to instead output a customized message or redirects the client to a local or external URL
VirtualHost <VirtualHost> and </VirtualHost> tags create a container outlining the characteristics of a virtual host. The <VirtualHost> container accepts most configuration directives.
you'll need to configure the server to request a password and tell the server which users are allowed access. You can do this either by editing the httpd.conf file or using an .htaccess file. For example, if you wish to protect the directory /var/www/html/secret , you can use the following directives, either placed in the file /usr/local/apache/htdocs/secret/.htaccess, or placed in httpd.conf inside a <Directory /var/www/html/secret > section.
If you want to let more than one person in, you'll need to create a group file that associates group names with a list of users in that group. The format of this file is pretty simple, and you can create it with your favorite editor. The contents of the file will look like this:
GroupName: rbowen dpitts sungo rshersey
That's just a list of the members of the group in a long line separated by spaces.
To add a user to your already existing password file, type:
htpasswd /usr/local/apache/password.conf dpitts
Now, you need to modify your .htaccess file to look like the following:
Để cấm Apache sử dụng Symbolic Links buộc phải khai báo: </Directory /var/www/html > Options None ……. </Directory>
Để Apache chỉ sử dụng Symbolic Links nếu chủ nhân của Liên kết giống như chủ nhân của thư mục/Files gốc: </Directory /var/www/html > Options SymLinksIfOwnerMatch ……. </Directory>
Ví dụ: /var/www/program : chủ nhan là root trong /var/www/html tao liên kết: ln –sd /var/www/program /var/www/html/program nếu chủ nhân của toàn bộ /var/www/html là apache thì không truy xuất vào www.xxx.com/program được. Muốn truy xuất thành công phải đổi chủ nhân cho /var/www/program thành Apache