AcceptFilter protocol accept_filter |
|
s |
C |
Configures optimizations for a Protocol's Listener Sockets |
AcceptPathInfo On|Off|Default |
Default |
svdh |
C |
Resources accept trailing pathname information |
AccessFileName filename [filename] ... |
.htaccess |
sv |
C |
Name of the distributed configuration file |
Action action-type cgi-script [virtual] |
|
svdh |
B |
Activates a CGI script for a particular handler or content-type |
AddAlt string file [file] ... |
|
svdh |
B |
Alternate text to display for a file, instead of an icon selected by filename |
AddAltByEncoding string MIME-encoding [MIME-encoding] ... |
|
svdh |
B |
Alternate text to display for a file instead of an icon selected by MIME-encoding |
AddAltByType string MIME-type [MIME-type] ... |
|
svdh |
B |
Alternate text to display for a file, instead of an icon selected by MIME content-type |
AddCharset charset extension [extension] ... |
|
svdh |
B |
Maps the given filename extensions to the specified content charset |
AddDefaultCharset On|Off|charset |
Off |
svdh |
C |
Default charset parameter to be added when a response content-type is text/plain or text/html |
AddDescription string file [file] ... |
|
svdh |
B |
Description to display for a file |
AddEncoding encoding extension [extension] ... |
|
svdh |
B |
Maps the given filename extensions to the specified encoding type |
AddHandler handler-name extension [extension] ... |
|
svdh |
B |
Maps the filename extensions to the specified handler |
AddIcon icon name [name] ... |
|
svdh |
B |
Icon to display for a file selected by name |
AddIconByEncoding icon MIME-encoding [MIME-encoding] ... |
|
svdh |
B |
Icon to display next to files selected by MIME content-encoding |
AddIconByType icon MIME-type [MIME-type] ... |
|
svdh |
B |
Icon to display next to files selected by MIME content-type |
AddInputFilter filter[;filter...] extension [extension] ... |
|
svdh |
B |
Maps filename extensions to the filters that will process client requests |
AddLanguage language-tag extension [extension] ... |
|
svdh |
B |
Maps the given filename extension to the specified content language |
AddModuleInfo module-name string |
|
sv |
E |
Adds additional information to the module information displayed by the server-info handler |
AddOutputFilter filter[;filter...] extension [extension] ... |
|
svdh |
B |
Maps filename extensions to the filters that will process responses from the server |
AddOutputFilterByType filter[;filter...] media-type [media-type] ... |
|
svdh |
B |
assigns an output filter to a particular media-type |
AddType media-type extension [extension] ... |
|
svdh |
B |
Maps the given filename extensions onto the specified content type |
Alias [URL-path] file-path|directory-path |
|
svd |
B |
Maps URLs to filesystem locations |
AliasMatch regex file-path|directory-path |
|
sv |
B |
Maps URLs to filesystem locations using regular expressions |
Allow from all|host|env=[!]env-variable [host|env=[!]env-variable] ... |
|
dh |
E |
Controls which hosts can access an area of the server |
AllowCONNECT port[-port] [port[-port]] ... |
443 563 |
sv |
E |
Ports that are allowed to CONNECT through the proxy |
AllowEncodedSlashes On|Off|NoDecode |
Off |
sv |
C |
Determines whether encoded path separators in URLs are allowed to be passed through |
AllowMethods reset|HTTP-method [HTTP-method]... |
reset |
d |
X |
Restrict access to the listed HTTP methods |
AllowOverride All|None|directive-type [directive-type] ... |
None (2.3.9 and lat + |
d |
C |
Types of directives that are allowed in .htaccess files |
AllowOverrideList None|directive [directive-type] ... |
None |
d |
C |
Individual directives that are allowed in .htaccess files |
Anonymous user [user] ... |
|
dh |
E |
Specifies userIDs that are allowed access without password verification |
Anonymous_LogEmail On|Off |
On |
dh |
E |
Sets whether the password entered will be logged in the error log |
Anonymous_MustGiveEmail On|Off |
On |
dh |
E |
Specifies whether blank passwords are allowed |
Anonymous_NoUserID On|Off |
Off |
dh |
E |
Sets whether the userID field may be empty |
Anonymous_VerifyEmail On|Off |
Off |
dh |
E |
Sets whether to check the password field for a correctly formatted email address |
AsyncRequestWorkerFactor factor |
|
s |
M |
Limit concurrent connections per process |
AuthBasicAuthoritative On|Off |
On |
dh |
B |
Sets whether authorization and authentication are passed to lower level modules |
AuthBasicFake off|username [password] |
|
dh |
B |
Fake basic authentication using the given expressions for username and password |
AuthBasicProvider provider-name [provider-name] ... |
file |
dh |
B |
Sets the authentication provider(s) for this location |
AuthBasicUseDigestAlgorithm MD5|Off |
Off |
dh |
B |
Check passwords against the authentication providers as if Digest Authentication was in force instead of Basic Authentication. |
AuthDBDUserPWQuery query |
|
d |
E |
SQL query to look up a password for a user |
AuthDBDUserRealmQuery query |
|
d |
E |
SQL query to look up a password hash for a user and realm. |
AuthDBMGroupFile file-path |
|
dh |
E |
Sets the name of the database file containing the list of user groups for authorization |
AuthDBMType default|SDBM|GDBM|NDBM|DB |
default |
dh |
E |
Sets the type of database file that is used to store passwords |
AuthDBMUserFile file-path |
|
dh |
E |
Sets the name of a database file containing the list of users and passwords for authentication |
AuthDigestAlgorithm MD5|MD5-sess |
MD5 |
dh |
E |
Selects the algorithm used to calculate the challenge and response hashes in digest authentication |
AuthDigestDomain URI [URI] ... |
|
dh |
E |
URIs that are in the same protection space for digest authentication |
AuthDigestNonceLifetime seconds |
300 |
dh |
E |
How long the server nonce is valid |
AuthDigestProvider provider-name [provider-name] ... |
file |
dh |
E |
Sets the authentication provider(s) for this location |
AuthDigestQop none|auth|auth-int [auth|auth-int] |
auth |
dh |
E |
Determines the quality-of-protection to use in digest authentication |
AuthDigestShmemSize size |
1000 |
s |
E |
The amount of shared memory to allocate for keeping track of clients |
AuthFormAuthoritative On|Off |
On |
dh |
B |
Sets whether authorization and authentication are passed to lower level modules |
AuthFormBody fieldname |
httpd_body |
d |
B |
The name of a form field carrying the body of the request to attempt on successful login |
AuthFormDisableNoStore On|Off |
Off |
d |
B |
Disable the CacheControl no-store header on the login page |
AuthFormFakeBasicAuth On|Off |
Off |
d |
B |
Fake a Basic Authentication header |
AuthFormLocation fieldname |
httpd_location |
d |
B |
The name of a form field carrying a URL to redirect to on successful login |
AuthFormLoginRequiredLocation url |
|
d |
B |
The URL of the page to be redirected to should login be required |
AuthFormLoginSuccessLocation url |
|
d |
B |
The URL of the page to be redirected to should login be successful |
AuthFormLogoutLocation uri |
|
d |
B |
The URL to redirect to after a user has logged out |
AuthFormMethod fieldname |
httpd_method |
d |
B |
The name of a form field carrying the method of the request to attempt on successful login |
AuthFormMimetype fieldname |
httpd_mimetype |
d |
B |
The name of a form field carrying the mimetype of the body of the request to attempt on successful login |
AuthFormPassword fieldname |
httpd_password |
d |
B |
The name of a form field carrying the login password |
AuthFormProvider provider-name [provider-name] ... |
file |
dh |
B |
Sets the authentication provider(s) for this location |
AuthFormSitePassphrase secret |
|
d |
B |
Bypass authentication checks for high traffic sites |
AuthFormSize size |
8192 |
d |
B |
The largest size of the form in bytes that will be parsed for the login details |
AuthFormUsername fieldname |
httpd_username |
d |
B |
The name of a form field carrying the login username |
AuthGroupFile file-path |
|
dh |
B |
Sets the name of a text file containing the list of user groups for authorization |
AuthLDAPAuthorizePrefix prefix |
AUTHORIZE_ |
dh |
E |
Specifies the prefix for environment variables set during authorization |
AuthLDAPBindAuthoritative off|on |
on |
dh |
E |
Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials. |
AuthLDAPBindDN distinguished-name |
|
dh |
E |
Optional DN to use in binding to the LDAP server |
AuthLDAPBindPassword password |
|
dh |
E |
Password used in conjunction with the bind DN |
AuthLDAPCharsetConfig file-path |
|
s |
E |
Language to charset conversion configuration file |
AuthLDAPCompareAsUser on|off |
off |
dh |
E |
Use the authenticated user's credentials to perform authorization comparisons |
AuthLDAPCompareDNOnServer on|off |
on |
dh |
E |
Use the LDAP server to compare the DNs |
AuthLDAPDereferenceAliases never|searching|finding|always |
always |
dh |
E |
When will the module de-reference aliases |
AuthLDAPGroupAttribute attribute |
member uniqueMember + |
dh |
E |
LDAP attributes used to identify the user members of groups. |
AuthLDAPGroupAttributeIsDN on|off |
on |
dh |
E |
Use the DN of the client username when checking for group membership |
AuthLDAPInitialBindAsUser off|on |
off |
dh |
E |
Determines if the server does the initial DN lookup using the basic authentication users' own username, instead of anonymously or with hard-coded credentials for the server |
AuthLDAPInitialBindPattern regex substitution |
(.*) $1 (remote use + |
dh |
E |
Specifies the transformation of the basic authentication username to be used when binding to the LDAP server to perform a DN lookup |
AuthLDAPMaxSubGroupDepth Number |
10 |
dh |
E |
Specifies the maximum sub-group nesting depth that will be evaluated before the user search is discontinued. |
AuthLDAPRemoteUserAttribute uid |
|
dh |
E |
Use the value of the attribute returned during the user query to set the REMOTE_USER environment variable |
AuthLDAPRemoteUserIsDN on|off |
off |
dh |
E |
Use the DN of the client username to set the REMOTE_USER environment variable |
AuthLDAPSearchAsUser on|off |
off |
dh |
E |
Use the authenticated user's credentials to perform authorization searches |
AuthLDAPSubGroupAttribute attribute |
member uniqueMember + |
dh |
E |
Specifies the attribute labels, one value per directive line, used to distinguish the members of the current group that are groups. |
AuthLDAPSubGroupClass LdapObjectClass |
groupOfNames groupO + |
dh |
E |
Specifies which LDAP objectClass values identify directory objects that are groups during sub-group processing. |
AuthLDAPURL url [NONE|SSL|TLS|STARTTLS] |
|
dh |
E |
URL specifying the LDAP search parameters |
AuthMerging Off | And | Or |
Off |
dh |
B |
Controls the manner in which each configuration section's authorization logic is combined with that of preceding configuration sections. |
AuthName auth-domain |
|
dh |
B |
Authorization realm for use in HTTP authentication |
AuthnCacheContext directory|server|custom-string |
directory |
d |
B |
Specify a context string for use in the cache key |
AuthnCacheEnable |
|
s |
B |
Enable Authn caching configured anywhere |
AuthnCacheProvideFor authn-provider [...] |
|
dh |
B |
Specify which authn provider(s) to cache for |
AuthnCacheSOCache provider-name[:provider-args] |
|
s |
B |
Select socache backend provider to use |
AuthnCacheTimeout timeout (seconds) |
300 (5 minutes) |
dh |
B |
Set a timeout for cache entries |
<AuthnProviderAlias baseProvider Alias> ... </AuthnProviderAlias> |
|
s |
B |
Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias |
AuthnzFcgiCheckAuthnProvider provider-name|None option ... |
|
d |
E |
Enables a FastCGI application to handle the check_authn authentication hook. |
AuthnzFcgiDefineProvider type provider-name backend-address |
|
s |
E |
Defines a FastCGI application as a provider for authentication and/or authorization |
AuthType None|Basic|Digest|Form |
|
dh |
B |
Type of user authentication |
AuthUserFile file-path |
|
dh |
B |
Sets the name of a text file containing the list of users and passwords for authentication |
AuthzDBDLoginToReferer On|Off |
Off |
d |
E |
Determines whether to redirect the Client to the Referring page on successful login or logout if a Referer request header is present |
AuthzDBDQuery query |
|
d |
E |
Specify the SQL Query for the required operation |
AuthzDBDRedirectQuery query |
|
d |
E |
Specify a query to look up a login page for the user |
AuthzDBMType default|SDBM|GDBM|NDBM|DB |
default |
dh |
E |
Sets the type of database file that is used to store list of user groups |
<AuthzProviderAlias baseProvider Alias Require-Parameters> ... </AuthzProviderAlias> |
|
s |
B |
Enclose a group of directives that represent an extension of a base authorization provider and referenced by the specified alias |
AuthzSendForbiddenOnFailure On|Off |
Off |
dh |
B |
Send '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authentication succeeds but authorization fails |
BalancerGrowth # |
5 |
sv |
E |
Number of additional Balancers that can be added Post-configuration |
BalancerInherit On|Off |
On |
sv |
E |
Inherit ProxyPassed Balancers/Workers from the main server |
BalancerMember [balancerurl] url [key=value [key=value ...]] |
|
d |
E |
Add a member to a load balancing group |
BalancerPersist On|Off |
Off |
sv |
E |
Attempt to persist changes made by the Balancer Manager across restarts. |
BrotliAlterETag AddSuffix|NoChange|Remove |
AddSuffix |
sv |
E |
How the outgoing ETag header should be modified during compression |
BrotliCompressionMaxInputBlock value |
|
sv |
E |
Maximum input block size |
BrotliCompressionQuality value |
5 |
sv |
E |
Compression quality |
BrotliCompressionWindow value |
18 |
sv |
E |
Brotli sliding compression window size |
BrotliFilterNote [type] notename |
|
sv |
E |
Places the compression ratio in a note for logging |
BrowserMatch regex [!]env-variable[=value] [[!]env-variable[=value]] ... |
|
svdh |
B |
Sets environment variables conditional on HTTP User-Agent |
BrowserMatchNoCase regex [!]env-variable[=value] [[!]env-variable[=value]] ... |
|
svdh |
B |
Sets environment variables conditional on User-Agent without respect to case |
BufferedLogs On|Off |
Off |
s |
B |
Buffer log entries in memory before writing to disk |
BufferSize integer |
131072 |
svdh |
E |
Maximum size in bytes to buffer by the buffer filter |
CacheDefaultExpire seconds |
3600 (one hour) |
svdh |
E |
The default duration to cache a document when no expiry date is specified. |
CacheDetailHeader on|off |
off |
svdh |
E |
Add an X-Cache-Detail header to the response. |
CacheDirLength length |
2 |
sv |
E |
The number of characters in subdirectory names |
CacheDirLevels levels |
2 |
sv |
E |
The number of levels of subdirectories in the cache. |
CacheDisable url-string | on |
|
svdh |
E |
Disable caching of specified URLs |
CacheEnable cache_type [url-string] |
|
svd |
E |
Enable caching of specified URLs using a specified storage manager |
CacheFile file-path [file-path] ... |
|
s |
X |
Cache a list of file handles at startup time |
CacheHeader on|off |
off |
svdh |
E |
Add an X-Cache header to the response. |
CacheIgnoreCacheControl On|Off |
Off |
sv |
E |
Ignore request to not serve cached content to client |
CacheIgnoreHeaders header-string [header-string] ... |
None |
sv |
E |
Do not store the given HTTP header(s) in the cache. |
CacheIgnoreNoLastMod On|Off |
Off |
svdh |
E |
Ignore the fact that a response has no Last Modified header. |
CacheIgnoreQueryString On|Off |
Off |
sv |
E |
Ignore query string when caching |
CacheIgnoreURLSessionIdentifiers identifier [identifier] ... |
None |
sv |
E |
Ignore defined session identifiers encoded in the URL when caching |
CacheKeyBaseURL URL |
|
sv |
E |
Override the base URL of reverse proxied cache keys. |
CacheLastModifiedFactor float |
0.1 |
svdh |
E |
The factor used to compute an expiry date based on the LastModified date. |
CacheLock on|off |
off |
sv |
E |
Enable the thundering herd lock. |
CacheLockMaxAge integer |
5 |
sv |
E |
Set the maximum possible age of a cache lock. |
CacheLockPath directory |
/tmp/mod_cache-lock + |
sv |
E |
Set the lock path directory. |
CacheMaxExpire seconds |
86400 (one day) |
svdh |
E |
The maximum time in seconds to cache a document |
CacheMaxFileSize bytes |
1000000 |
svdh |
E |
The maximum size (in bytes) of a document to be placed in the cache |
CacheMinExpire seconds |
0 |
svdh |
E |
The minimum time in seconds to cache a document |
CacheMinFileSize bytes |
1 |
svdh |
E |
The minimum size (in bytes) of a document to be placed in the cache |
CacheNegotiatedDocs On|Off |
Off |
sv |
B |
Allows content-negotiated documents to be cached by proxy servers |
CacheQuickHandler on|off |
on |
sv |
E |
Run the cache from the quick handler. |
CacheReadSize bytes |
0 |
svdh |
E |
The minimum size (in bytes) of the document to read and be cached before sending the data downstream |
CacheReadTime milliseconds |
0 |
svdh |
E |
The minimum time (in milliseconds) that should elapse while reading before data is sent downstream |
CacheRoot directory |
|
sv |
E |
The directory root under which cache files are stored |
CacheSocache type[:args] |
|
sv |
E |
The shared object cache implementation to use |
CacheSocacheMaxSize bytes |
102400 |
svdh |
E |
The maximum size (in bytes) of an entry to be placed in the cache |
CacheSocacheMaxTime seconds |
86400 |
svdh |
E |
The maximum time (in seconds) for a document to be placed in the cache |
CacheSocacheMinTime seconds |
600 |
svdh |
E |
The minimum time (in seconds) for a document to be placed in the cache |
CacheSocacheReadSize bytes |
0 |
svdh |
E |
The minimum size (in bytes) of the document to read and be cached before sending the data downstream |
CacheSocacheReadTime milliseconds |
0 |
svdh |
E |
The minimum time (in milliseconds) that should elapse while reading before data is sent downstream |
CacheStaleOnError on|off |
on |
svdh |
E |
Serve stale content in place of 5xx responses. |
CacheStoreExpired On|Off |
Off |
svdh |
E |
Attempt to cache responses that the server reports as expired |
CacheStoreNoStore On|Off |
Off |
svdh |
E |
Attempt to cache requests or responses that have been marked as no-store. |
CacheStorePrivate On|Off |
Off |
svdh |
E |
Attempt to cache responses that the server has marked as private |
CGIDScriptTimeout time[s|ms] |
|
svdh |
B |
The length of time to wait for more output from the CGI program |
CGIMapExtension cgi-path .extension |
|
dh |
C |
Technique for locating the interpreter for CGI scripts |
CGIPassAuth On|Off |
Off |
dh |
C |
Enables passing HTTP authorization headers to scripts as CGI variables |
CGIVar variable rule |
|
dh |
C |
Controls how some CGI variables are set |
CharsetDefault charset |
|
svdh |
E |
Charset to translate into |
CharsetOptions option [option] ... |
ImplicitAdd |
svdh |
E |
Configures charset translation behavior |
CharsetSourceEnc charset |
|
svdh |
E |
Source charset of files |
CheckCaseOnly on|off |
Off |
svdh |
E |
Limits the action of the speling module to case corrections |
CheckSpelling on|off |
Off |
svdh |
E |
Enables the spelling module |
ChrootDir /path/to/directory |
|
s |
B |
Directory for apache to run chroot(8) after startup. |
ContentDigest On|Off |
Off |
svdh |
C |
Enables the generation of Content-MD5 HTTP Response headers |
CookieDomain domain |
|
svdh |
E |
The domain to which the tracking cookie applies |
CookieExpires expiry-period |
|
svdh |
E |
Expiry time for the tracking cookie |
CookieHTTPOnly on|off |
off |
svdh |
E |
Adds the 'HTTPOnly' attribute to the cookie |
CookieName token |
Apache |
svdh |
E |
Name of the tracking cookie |
CookieSameSite None|Lax|Strict |
|
svdh |
E |
Adds the 'SameSite' attribute to the cookie |
CookieSecure on|off |
off |
svdh |
E |
Adds the 'Secure' attribute to the cookie |
CookieStyle Netscape|Cookie|Cookie2|RFC2109|RFC2965 |
Netscape |
svdh |
E |
Format of the cookie header field |
CookieTracking on|off |
off |
svdh |
E |
Enables tracking cookie |
CoreDumpDirectory directory |
|
s |
M |
Directory where Apache HTTP Server attempts to switch before dumping core |
CustomLog file|pipe format|nickname [env=[!]environment-variable| expr=expression] |
|
sv |
B |
Sets filename and format of log file |
Dav On|Off|provider-name |
Off |
d |
E |
Enable WebDAV HTTP methods |
DavDepthInfinity on|off |
off |
svd |
E |
Allow PROPFIND, Depth: Infinity requests |
DavGenericLockDB file-path |
|
svd |
E |
Location of the DAV lock database |
DavLockDB file-path |
|
sv |
E |
Location of the DAV lock database |
DavMinTimeout seconds |
0 |
svd |
E |
Minimum amount of time the server holds a lock on a DAV resource |
DBDExptime time-in-seconds |
300 |
sv |
E |
Keepalive time for idle connections |
DBDInitSQL "SQL statement" |
|
sv |
E |
Execute an SQL statement after connecting to a database |
DBDKeep number |
2 |
sv |
E |
Maximum sustained number of connections |
DBDMax number |
10 |
sv |
E |
Maximum number of connections |
DBDMin number |
1 |
sv |
E |
Minimum number of connections |
DBDParams param1=value1[,param2=value2] |
|
sv |
E |
Parameters for database connection |
DBDPersist On|Off |
|
sv |
E |
Whether to use persistent connections |
DBDPrepareSQL "SQL statement" label |
|
sv |
E |
Define an SQL prepared statement |
DBDriver name |
|
sv |
E |
Specify an SQL driver |
DefaultIcon url-path |
|
svdh |
B |
Icon to display for files when no specific icon is configured |
DefaultLanguage language-tag |
|
svdh |
B |
Defines a default language-tag to be sent in the Content-Language header field for all resources in the current context that have not been assigned a language-tag by some other means. |
DefaultRuntimeDir directory-path |
DEFAULT_REL_RUNTIME + |
s |
C |
Base directory for the server run-time files |
DefaultType media-type|none |
none |
svdh |
C |
This directive has no effect other than to emit warnings if the value is not none . In prior versions, DefaultType would specify a default media type to assign to response content for which no other media type configuration could be found. |
Define parameter-name [parameter-value] |
|
svd |
C |
Define a variable |
DeflateBufferSize value |
8096 |
sv |
E |
Fragment size to be compressed at one time by zlib |
DeflateCompressionLevel value |
|
sv |
E |
How much compression do we apply to the output |
DeflateFilterNote [type] notename |
|
sv |
E |
Places the compression ratio in a note for logging |
DeflateInflateLimitRequestBody value |
|
svdh |
E |
Maximum size of inflated request bodies |
DeflateInflateRatioBurst value |
3 |
svdh |
E |
Maximum number of times the inflation ratio for request bodies can be crossed |
DeflateInflateRatioLimit value |
200 |
svdh |
E |
Maximum inflation ratio for request bodies |
DeflateMemLevel value |
9 |
sv |
E |
How much memory should be used by zlib for compression |
DeflateWindowSize value |
15 |
sv |
E |
Zlib compression window size |
Deny from all|host|env=[!]env-variable [host|env=[!]env-variable] ... |
|
dh |
E |
Controls which hosts are denied access to the server |
<Directory directory-path> ... </Directory> |
|
sv |
C |
Enclose a group of directives that apply only to the named file-system directory, sub-directories, and their contents. |
DirectoryCheckHandler On|Off |
Off |
svdh |
B |
Toggle how this module responds when another handler is configured |
DirectoryIndex disabled | local-url [local-url] ... |
index.html |
svdh |
B |
List of resources to look for when the client requests a directory |
DirectoryIndexRedirect on | off | permanent | temp | seeother | 3xx-code |
off |
svdh |
B |
Configures an external redirect for directory indexes. |
<DirectoryMatch regex> ... </DirectoryMatch> |
|
sv |
C |
Enclose directives that apply to the contents of file-system directories matching a regular expression. |
DirectorySlash On|Off |
On |
svdh |
B |
Toggle trailing slash redirects on or off |
DocumentRoot directory-path |
"/usr/local/apache/ + |
sv |
C |
Directory that forms the main document tree visible from the web |
DTracePrivileges On|Off |
Off |
s |
X |
Determines whether the privileges required by dtrace are enabled. |
DumpIOInput On|Off |
Off |
s |
E |
Dump all input data to the error log |
DumpIOOutput On|Off |
Off |
s |
E |
Dump all output data to the error log |
<Else> ... </Else> |
|
svdh |
C |
Contains directives that apply only if the condition of a previous <If> or <ElseIf> section is not satisfied by a request at runtime |
<ElseIf expression> ... </ElseIf> |
|
svdh |
C |
Contains directives that apply only if a condition is satisfied by a request at runtime while the condition of a previous <If> or <ElseIf> section is not satisfied |
EnableExceptionHook On|Off |
Off |
s |
M |
Enables a hook that runs exception handlers after a crash |
EnableMMAP On|Off |
On |
svdh |
C |
Use memory-mapping to read files during delivery |
EnableSendfile On|Off |
Off |
svdh |
C |
Use the kernel sendfile support to deliver files to the client |
Error message |
|
svdh |
C |
Abort configuration parsing with a custom error message |
ErrorDocument error-code document |
|
svdh |
C |
What the server will return to the client in case of an error |
ErrorLog file-path|syslog[:[facility][:tag]] |
logs/error_log (Uni + |
sv |
C |
Location where the server will log errors |
ErrorLogFormat [connection|request] format |
|
sv |
C |
Format specification for error log entries |
Example |
|
svdh |
X |
Demonstration directive to illustrate the Apache module API |
ExpiresActive On|Off |
Off |
svdh |
E |
Enables generation of Expires headers |
ExpiresByType MIME-type <code>seconds |
|
svdh |
E |
Value of the Expires header configured by MIME type |
ExpiresDefault <code>seconds |
|
svdh |
E |
Default algorithm for calculating expiration time |
ExtendedStatus On|Off |
Off[*] |
s |
C |
Keep track of extended status information for each request |
ExtFilterDefine filtername parameters |
|
s |
E |
Define an external filter |
ExtFilterOptions option [option] ... |
NoLogStderr |
d |
E |
Configure mod_ext_filter options |
FallbackResource disabled | local-url |
|
svdh |
B |
Define a default URL for requests that don't map to a file |
FileETag component ... |
MTime Size |
svdh |
C |
File attributes used to create the ETag HTTP response header for static files |
<Files filename> ... </Files> |
|
svdh |
C |
Contains directives that apply to matched filenames |
<FilesMatch regex> ... </FilesMatch> |
|
svdh |
C |
Contains directives that apply to regular-expression matched filenames |
FilterChain [+=-@!]filter-name ... |
|
svdh |
B |
Configure the filter chain |
FilterDeclare filter-name [type] |
|
svdh |
B |
Declare a smart filter |
FilterProtocol filter-name [provider-name] proto-flags |
|
svdh |
B |
Deal with correct HTTP protocol handling |
FilterProvider filter-name provider-name expression |
|
svdh |
B |
Register a content filter |
FilterTrace filter-name level |
|
svd |
B |
Get debug/diagnostic information from mod_filter |
ForceLanguagePriority None|Prefer|Fallback [Prefer|Fallback] |
Prefer |
svdh |
B |
Action to take if a single acceptable document is not found |
ForceType media-type|None |
|
dh |
C |
Forces all matching files to be served with the specified media type in the HTTP Content-Type header field |
ForensicLog filename|pipe |
|
sv |
E |
Sets filename of the forensic log |
GlobalLogfile|pipe format|nickname [env=[!]environment-variable| expr=expression] |
|
s |
B |
Sets filename and format of log file |
GprofDir /tmp/gprof/|/tmp/gprof/% |
|
sv |
C |
Directory to write gmon.out profiling data to. |
GracefulShutdownTimeout seconds |
0 |
s |
M |
Specify a timeout after which a gracefully shutdown server will exit. |
Group unix-group |
#-1 |
s |
B |
Group under which the server will answer requests |
H2CopyFiles on|off |
off |
svdh |
E |
Determine file handling in responses |
H2Direct on|off |
on for h2c, off for + |
sv |
E |
H2 Direct Protocol Switch |
H2EarlyHints on|off |
off |
sv |
E |
Determine sending of 103 status codes |
H2MaxSessionStreams n |
100 |
sv |
E |
Maximum number of active streams per HTTP/2 session. |
H2MaxWorkerIdleSeconds n |
600 |
s |
E |
Maximum number of seconds h2 workers remain idle until shut down. |
H2MaxWorkers n |
|
s |
E |
Maximum number of worker threads to use per child process. |
H2MinWorkers n |
|
s |
E |
Minimal number of worker threads to use per child process. |
H2ModernTLSOnly on|off |
on |
sv |
E |
Require HTTP/2 connections to be "modern TLS" only |
H2Padding numbits |
0 |
sv |
E |
Determine the range of padding bytes added to payload frames |
H2Push on|off |
on |
svdh |
E |
H2 Server Push Switch |
H2PushDiarySize n |
256 |
sv |
E |
H2 Server Push Diary Size |
H2PushPriority mime-type [after|before|interleaved] [weight] |
* After 16 |
sv |
E |
H2 Server Push Priority |
H2PushResource [add] path [critical] |
|
svdh |
E |
Declares resources for early pushing to the client |
H2SerializeHeaders on|off |
off |
sv |
E |
Serialize Request/Response Processing Switch |
H2StreamMaxMemSize bytes |
65536 |
sv |
E |
Maximum amount of output data buffered per stream. |
H2TLSCoolDownSecs seconds |
1 |
sv |
E |
Configure the number of seconds of idle time on TLS before shrinking writes |
H2TLSWarmUpSize amount |
1048576 |
sv |
E |
Configure the number of bytes on TLS connection before doing max writes |
H2Upgrade on|off |
on for h2c, off for + |
svdh |
E |
H2 Upgrade Protocol Switch |
H2WindowSize bytes |
65535 |
sv |
E |
Size of Stream Window for upstream data. |
Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] |
|
svdh |
E |
Configure HTTP response headers |
HeaderName filename |
|
svdh |
B |
Name of the file that will be inserted at the top of the index listing |
HeartbeatAddress addr:port |
|
s |
X |
Multicast address for heartbeat packets |
HeartbeatListen addr:port |
|
s |
X |
multicast address to listen for incoming heartbeat requests |
HeartbeatMaxServers number-of-servers |
10 |
s |
X |
Specifies the maximum number of servers that will be sending heartbeat requests to this server |
HeartbeatStorage file-path |
logs/hb.dat |
s |
X |
Path to store heartbeat data |
HeartbeatStorage file-path |
logs/hb.dat |
s |
X |
Path to read heartbeat data |
HostnameLookups On|Off|Double |
Off |
svd |
C |
Enables DNS lookups on client IP addresses |
HttpProtocolOptions [Strict|Unsafe] [RegisteredMethods|LenientMethods] [Allow0.9|Require1.0] |
Strict LenientMetho + |
sv |
C |
Modify restrictions on HTTP Request Messages |
IdentityCheck On|Off |
Off |
svd |
E |
Enables logging of the RFC 1413 identity of the remote user |
IdentityCheckTimeout seconds |
30 |
svd |
E |
Determines the timeout duration for ident requests |
<If expression> ... </If> |
|
svdh |
C |
Contains directives that apply only if a condition is satisfied by a request at runtime |
<IfDefine [!]parameter-name> ... </IfDefine> |
|
svdh |
C |
Encloses directives that will be processed only if a test is true at startup |
<IfDirective [!]directive-name> ... </IfDirective> |
|
svdh |
C |
Encloses directives that are processed conditional on the presence or absence of a specific directive |
<IfFile [!]filename> ... </IfFile> |
|
svdh |
C |
Encloses directives that will be processed only if file exists at startup |
<IfModule [!]module-file|module-identifier> ... </IfModule> |
|
svdh |
C |
Encloses directives that are processed conditional on the presence or absence of a specific module |
<IfSection [!]section-name> ... </IfSection> |
|
svdh |
C |
Encloses directives that are processed conditional on the presence or absence of a specific section directive |
<IfVersion [[!]operator] version> ... </IfVersion> |
|
svdh |
E |
contains version dependent configuration |
ImapBase map|referer|URL |
http://servername/ |
svdh |
B |
Default base for imagemap files |
ImapDefault error|nocontent|map|referer|URL |
nocontent |
svdh |
B |
Default action when an imagemap is called with coordinates that are not explicitly mapped |
ImapMenu none|formatted|semiformatted|unformatted |
formatted |
svdh |
B |
Action if no coordinates are given when calling an imagemap |
Include file-path|directory-path|wildcard |
|
svd |
C |
Includes other configuration files from within the server configuration files |
IncludeOptional file-path|directory-path|wildcard |
|
svd |
C |
Includes other configuration files from within the server configuration files |
IndexHeadInsert "markup ..." |
|
svdh |
B |
Inserts text in the HEAD section of an index page. |
IndexIgnore file [file] ... |
"." |
svdh |
B |
Adds to the list of files to hide when listing a directory |
IndexIgnoreReset ON|OFF |
|
svdh |
B |
Empties the list of files to hide when listing a directory |
IndexOptions [+|-]option [[+|-]option] ... |
|
svdh |
B |
Various configuration settings for directory indexing |
IndexOrderDefault Ascending|Descending Name|Date|Size|Description |
Ascending Name |
svdh |
B |
Sets the default ordering of the directory index |
IndexStyleSheet url-path |
|
svdh |
B |
Adds a CSS stylesheet to the directory index |
InputSed sed-command |
|
dh |
X |
Sed command to filter request data (typically POST data) |
ISAPIAppendLogToErrors on|off |
off |
svdh |
B |
Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the error log |
ISAPIAppendLogToQuery on|off |
on |
svdh |
B |
Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the query field |
ISAPICacheFile file-path [file-path] ... |
|
sv |
B |
ISAPI .dll files to be loaded at startup |
ISAPIFakeAsync on|off |
off |
svdh |
B |
Fake asynchronous support for ISAPI callbacks |
ISAPILogNotSupported on|off |
off |
svdh |
B |
Log unsupported feature requests from ISAPI extensions |
ISAPIReadAheadBuffer size |
49152 |
svdh |
B |
Size of the Read Ahead Buffer sent to ISAPI extensions |
KeepAlive On|Off |
On |
sv |
C |
Enables HTTP persistent connections |
KeepAliveTimeout num[ms] |
5 |
sv |
C |
Amount of time the server will wait for subsequent requests on a persistent connection |
KeptBodySize maximum size in bytes |
0 |
d |
B |
Keep the request body instead of discarding it up to the specified maximum size, for potential use by filters such as mod_include. |
LanguagePriority MIME-lang [MIME-lang] ... |
|
svdh |
B |
The precedence of language variants for cases where the client does not express a preference |
LDAPCacheEntries number |
1024 |
s |
E |
Maximum number of entries in the primary LDAP cache |
LDAPCacheTTL seconds |
600 |
s |
E |
Time that cached items remain valid |
LDAPConnectionPoolTTL n |
-1 |
sv |
E |
Discard backend connections that have been sitting in the connection pool too long |
LDAPConnectionTimeout seconds |
|
s |
E |
Specifies the socket connection timeout in seconds |
LDAPLibraryDebug 7 |
|
s |
E |
Enable debugging in the LDAP SDK |
LDAPOpCacheEntries number |
1024 |
s |
E |
Number of entries used to cache LDAP compare operations |
LDAPOpCacheTTL seconds |
600 |
s |
E |
Time that entries in the operation cache remain valid |
LDAPReferralHopLimit number |
|
dh |
E |
The maximum number of referral hops to chase before terminating an LDAP query. |
LDAPReferrals On|Off|default |
On |
dh |
E |
Enable referral chasing during queries to the LDAP server. |
LDAPRetries number-of-retries |
3 |
s |
E |
Configures the number of LDAP server retries. |
LDAPRetryDelay seconds |
0 |
s |
E |
Configures the delay between LDAP server retries. |
LDAPSharedCacheFile directory-path/filename |
|
s |
E |
Sets the shared memory cache file |
LDAPSharedCacheSize bytes |
500000 |
s |
E |
Size in bytes of the shared-memory cache |
LDAPTimeout seconds |
60 |
s |
E |
Specifies the timeout for LDAP search and bind operations, in seconds |
LDAPTrustedClientCert type directory-path/filename/nickname [password] |
|
dh |
E |
Sets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates. |
LDAPTrustedGlobalCert type directory-path/filename [password] |
|
s |
E |
Sets the file or database containing global trusted Certificate Authority or global client certificates |
LDAPTrustedMode type |
|
sv |
E |
Specifies the SSL/TLS mode to be used when connecting to an LDAP server. |
LDAPVerifyServerCert On|Off |
On |
s |
E |
Force server certificate verification |
<Limit method [method] ... > ... </Limit> |
|
dh |
C |
Restrict enclosed access controls to only certain HTTP methods |
<LimitExcept method [method] ... > ... </LimitExcept> |
|
dh |
C |
Restrict access controls to all HTTP methods except the named ones |
LimitInternalRecursion number [number] |
10 |
sv |
C |
Determine maximum number of internal redirects and nested subrequests |
LimitRequestBody bytes |
0 |
svdh |
C |
Restricts the total size of the HTTP request body sent from the client |
LimitRequestFields number |
100 |
sv |
C |
Limits the number of HTTP request header fields that will be accepted from the client |
LimitRequestFieldSize bytes |
8190 |
sv |
C |
Limits the size of the HTTP request header allowed from the client |
LimitRequestLine bytes |
8190 |
sv |
C |
Limit the size of the HTTP request line that will be accepted from the client |
LimitXMLRequestBody bytes |
1000000 |
svdh |
C |
Limits the size of an XML-based request body |
Listen [IP-address:]portnumber [protocol] |
|
s |
M |
IP addresses and ports that the server listens to |
ListenBackLog backlog |
511 |
s |
M |
Maximum length of the queue of pending connections |
ListenCoresBucketsRatio ratio |
0 (disabled) |
s |
M |
Ratio between the number of CPU cores (online) and the number of listeners' buckets |
LoadFile filename [filename] ... |
|
sv |
E |
Link in the named object file or library |
LoadModule module filename |
|
sv |
E |
Links in the object file or library, and adds to the list of active modules |
<Location URL-path|URL> ... </Location> |
|
sv |
C |
Applies the enclosed directives only to matching URLs |
<LocationMatch regex> ... </LocationMatch> |
|
sv |
C |
Applies the enclosed directives only to regular-expression matching URLs |
LogFormat format|nickname [nickname] |
"%h %l %u %t \"%r\" + |
sv |
B |
Describes a format for use in a log file |
LogIOTrackTTFB ON|OFF |
OFF |
svdh |
E |
Enable tracking of time to first byte (TTFB) |
LogLevel [module:]level [module:level] ... |
warn |
svd |
C |
Controls the verbosity of the ErrorLog |
LogMessage message [hook=hook] [expr=expression] |
|
d |
X |
Log user-defined message to error log |
LuaAuthzProvider provider_name /path/to/lua/script.lua function_name |
|
s |
E |
Plug an authorization provider function into mod_authz_core |
LuaCodeCache stat|forever|never |
stat |
svdh |
E |
Configure the compiled code cache. |
LuaHookAccessChecker /path/to/lua/script.lua hook_function_name [early|late] |
|
svdh |
E |
Provide a hook for the access_checker phase of request processing |
LuaHookAuthChecker /path/to/lua/script.lua hook_function_name [early|late] |
|
svdh |
E |
Provide a hook for the auth_checker phase of request processing |
LuaHookCheckUserID /path/to/lua/script.lua hook_function_name [early|late] |
|
svdh |
E |
Provide a hook for the check_user_id phase of request processing |
LuaHookFixups /path/to/lua/script.lua hook_function_name |
|
svdh |
E |
Provide a hook for the fixups phase of a request processing |
LuaHookInsertFilter /path/to/lua/script.lua hook_function_name |
|
svdh |
E |
Provide a hook for the insert_filter phase of request processing |
LuaHookLog /path/to/lua/script.lua log_function_name |
|
svdh |
E |
Provide a hook for the access log phase of a request processing |
LuaHookMapToStorage /path/to/lua/script.lua hook_function_name |
|
svdh |
E |
Provide a hook for the map_to_storage phase of request processing |
LuaHookTranslateName /path/to/lua/script.lua hook_function_name [early|late] |
|
sv |
E |
Provide a hook for the translate name phase of request processing |
LuaHookTypeChecker /path/to/lua/script.lua hook_function_name |
|
svdh |
E |
Provide a hook for the type_checker phase of request processing |
LuaInherit none|parent-first|parent-last |
parent-first |
svdh |
E |
Controls how parent configuration sections are merged into children |
LuaInputFilter filter_name /path/to/lua/script.lua function_name |
|
s |
E |
Provide a Lua function for content input filtering |
LuaMapHandler uri-pattern /path/to/lua/script.lua [function-name] |
|
svdh |
E |
Map a path to a lua handler |
LuaOutputFilter filter_name /path/to/lua/script.lua function_name |
|
s |
E |
Provide a Lua function for content output filtering |
LuaPackageCPath /path/to/include/?.soa |
|
svdh |
E |
Add a directory to lua's package.cpath |
LuaPackagePath /path/to/include/?.lua |
|
svdh |
E |
Add a directory to lua's package.path |
LuaQuickHandler /path/to/script.lua hook_function_name |
|
sv |
E |
Provide a hook for the quick handler of request processing |
LuaRoot /path/to/a/directory |
|
svdh |
E |
Specify the base path for resolving relative paths for mod_lua directives |
LuaScope once|request|conn|thread|server [min] [max] |
once |
svdh |
E |
One of once, request, conn, thread -- default is once |
<Macro name [par1 .. parN]> ... </Macro> |
|
svd |
B |
Define a configuration file macro |
MaxConnectionsPerChild number |
0 |
s |
M |
Limit on the number of connections that an individual child server will handle during its life |
MaxKeepAliveRequests number |
100 |
sv |
C |
Number of requests allowed on a persistent connection |
MaxMemFree KBytes |
2048 |
s |
M |
Maximum amount of memory that the main allocator is allowed to hold without calling free() |
MaxRangeOverlaps default | unlimited | none | number-of-ranges |
20 |
svd |
C |
Number of overlapping ranges (eg: 100-200,150-300 ) allowed before returning the complete resource |
MaxRangeReversals default | unlimited | none | number-of-ranges |
20 |
svd |
C |
Number of range reversals (eg: 100-200,50-70 ) allowed before returning the complete resource |
MaxRanges default | unlimited | none | number-of-ranges |
200 |
svd |
C |
Number of ranges allowed before returning the complete resource |
MaxRequestWorkers number |
|
s |
M |
Maximum number of connections that will be processed simultaneously |
MaxSpareServers number |
10 |
s |
M |
Maximum number of idle child server processes |
MaxSpareThreads number |
|
s |
M |
Maximum number of idle threads |
MaxThreads number |
2048 |
s |
M |
Set the maximum number of worker threads |
MDActivationDelay duration |
|
s |
X |
- |
MDBaseServer on|off |
off |
s |
X |
Control if base server may be managed or only virtual hosts. |
MDCAChallenges name [ name ... ] |
tls-alpn-01 http-01 + |
s |
X |
Type of ACME challenge used to prove domain ownership. |
MDCertificateAgreement accepted |
|
s |
X |
You confirm that you accepted the Terms of Service of the Certificate Authority. |
MDCertificateAuthority url |
https://acme-v02.ap + |
s |
X |
The URL of the ACME Certificate Authority service. |
MDCertificateCheck name url |
|
s |
X |
- |
MDCertificateFile path-to-pem-file |
|
s |
X |
Specify a static certificate file for the MD. |
MDCertificateKeyFile path-to-file |
|
s |
X |
Specify a static private key for for the static cerrtificate. |
MDCertificateMonitor name url |
crt.sh https://crt. + |
s |
X |
The URL of a certificate log monitor. |
MDCertificateProtocol protocol |
ACME |
s |
X |
The protocol to use with the Certificate Authority. |
MDCertificateStatus on|off |
on |
s |
X |
Exposes public certificate information in JSON. |
MDChallengeDns01 path-to-command |
|
s |
X |
- |
MDContactEmail address |
|
s |
X |
- |
MDDriveMode always|auto|manual |
auto |
s |
X |
former name of MDRenewMode. |
MDHttpProxy url |
|
s |
X |
Define a proxy for outgoing connections. |
MDMember hostname |
|
s |
X |
Additional hostname for the managed domain. |
MDMembers auto|manual |
auto |
s |
X |
Control if the alias domain names are automatically added. |
MDMessageCmd path-to-cmd optional-args |
|
s |
X |
Handle events for Manage Domains |
MDMustStaple on|off |
off |
s |
X |
Control if new certificates carry the OCSP Must Staple flag. |
MDNotifyCmd path [ args ] |
|
s |
X |
Run a program when a Managed Domain is ready. |
MDomain dns-name [ other-dns-name... ] [auto|manual] |
|
s |
X |
Define list of domain names that belong to one group. |
<MDomainSet dns-name [ other-dns-name... ]>...</MDomainSet> |
|
s |
X |
Container for directives applied to the same managed domains. |
MDPortMap map1 [ map2 ] |
http:80 https:443 |
s |
X |
Map external to internal ports for domain ownership verification. |
MDPrivateKeys type [ params... ] |
RSA 2048 |
s |
X |
Set type and size of the private keys generated. |
MDRenewMode always|auto|manual |
auto |
s |
X |
Controls if certificates shall be renewed. |
MDRenewWindow duration |
33% |
s |
X |
Control when a certificate will be renewed. |
MDRequireHttps off|temporary|permanent |
off |
s |
X |
Redirects http: traffic to https: for Managed Domains. |
MDServerStatus on|off |
on |
s |
X |
Control if Managed Domain information is added to server-status. |
MDStapleOthers on|off |
on |
s |
X |
Enable stapling for certificates not managed by mod_md. |
MDStapling on|off |
off |
s |
X |
Enable stapling for all or a particular MDomain. |
MDStaplingKeepResponse duration |
7d |
s |
X |
Controls when old responses should be removed. |
MDStaplingRenewWindow duration |
33% |
s |
X |
Control when the stapling responses will be renewed. |
MDStoreDir path |
md |
s |
X |
Path on the local file system to store the Managed Domains data. |
MDWarnWindow duration |
10% |
s |
X |
Define the time window when you want to be warned about an expiring certificate. |
MemcacheConnTTL num[units] |
15s |
sv |
E |
Keepalive time for idle connections |
MergeSlashes ON|OFF |
ON |
sv |
C |
Controls whether the server merges consecutive slashes in URLs. |
MergeTrailers [on|off] |
off |
sv |
C |
Determines whether trailers are merged into headers |
MetaDir directory |
.web |
svdh |
E |
Name of the directory to find CERN-style meta information files |
MetaFiles on|off |
off |
svdh |
E |
Activates CERN meta-file processing |
MetaSuffix suffix |
.meta |
svdh |
E |
File name suffix for the file containing CERN-style meta information |
MimeMagicFile file-path |
|
sv |
E |
Enable MIME-type determination based on file contents using the specified magic file |
MinSpareServers number |
5 |
s |
M |
Minimum number of idle child server processes |
MinSpareThreads number |
|
s |
M |
Minimum number of idle threads available to handle request spikes |
MMapFile file-path [file-path] ... |
|
s |
X |
Map a list of files into memory at startup time |
ModemStandard V.21|V.26bis|V.32|V.34|V.92 |
|
d |
X |
Modem standard to simulate |
ModMimeUsePathInfo On|Off |
Off |
d |
B |
Tells mod_mime to treat path_info components as part of the filename |
MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers [Handlers|Filters] |
NegotiatedOnly |
svdh |
B |
The types of files that will be included when searching for a matching file with MultiViews |
Mutex mechanism [default|mutex-name] ... [OmitPID] |
default |
s |
C |
Configures mutex mechanism and lock file directory for all or specified mutexes |
NameVirtualHost addr[:port] |
|
s |
C |
DEPRECATED: Designates an IP address for name-virtual hosting |
NoProxy host [host] ... |
|
sv |
E |
Hosts, domains, or networks that will be connected to directly |
NWSSLTrustedCerts filename [filename] ... |
|
s |
B |
List of additional client certificates |
NWSSLUpgradeable [IP-address:]portnumber |
|
s |
B |
Allows a connection to be upgraded to an SSL connection upon request |
Options [+|-]option [[+|-]option] ... |
FollowSymlinks |
svdh |
C |
Configures what features are available in a particular directory |
Order ordering |
Deny,Allow |
dh |
E |
Controls the default access state and the order in which Allow and Deny are evaluated. |
OutputSed sed-command |
|
dh |
X |
Sed command for filtering response content |
PassEnv env-variable [env-variable] ... |
|
svdh |
B |
Passes environment variables from the shell |
PidFile filename |
logs/httpd.pid |
s |
M |
File where the server records the process ID of the daemon |
PrivilegesMode FAST|SECURE|SELECTIVE |
FAST |
svd |
X |
Trade off processing speed and efficiency vs security against malicious privileges-aware code. |
Protocol protocol |
|
sv |
C |
Protocol for a listening socket |
ProtocolEcho On|Off |
Off |
sv |
X |
Turn the echo server on or off |
Protocols protocol ... |
http/1.1 |
sv |
C |
Protocols available for a server/virtual host |
ProtocolsHonorOrder On|Off |
On |
sv |
C |
Determines if order of Protocols determines precedence during negotiation |
<Proxy wildcard-url> ...</Proxy> |
|
sv |
E |
Container for directives applied to proxied resources |
Proxy100Continue Off|On |
On |
svd |
E |
Forward 100-continue expectation to the origin server |
ProxyAddHeaders Off|On |
On |
svd |
E |
Add proxy information in X-Forwarded-* headers |
ProxyBadHeader IsError|Ignore|StartBody |
IsError |
sv |
E |
Determines how to handle bad header lines in a response |
ProxyBlock *|word|host|domain [word|host|domain] ... |
|
sv |
E |
Words, hosts, or domains that are banned from being proxied |
ProxyDomain Domain |
|
sv |
E |
Default domain name for proxied requests |
ProxyErrorOverride On|Off |
Off |
svd |
E |
Override error pages for proxied content |
ProxyExpressDBMFile pathname |
|
sv |
E |
Pathname to DBM file. |
ProxyExpressDBMType type |
default |
sv |
E |
DBM type of file. |
ProxyExpressEnable on|off |
off |
sv |
E |
Enable the module functionality. |
ProxyFCGIBackendType FPM|GENERIC |
FPM |
svdh |
E |
Specify the type of backend FastCGI application |
ProxyFCGISetEnvIf conditional-expression [!]environment-variable-name [value-expression] |
|
svdh |
E |
Allow variables sent to FastCGI servers to be fixed up |
ProxyFtpDirCharset character_set |
ISO-8859-1 |
svd |
E |
Define the character set for proxied FTP listings |
ProxyFtpEscapeWildcards on|off |
on |
svd |
E |
Whether wildcards in requested filenames are escaped when sent to the FTP server |
ProxyFtpListOnWildcard on|off |
on |
svd |
E |
Whether wildcards in requested filenames trigger a file listing |
ProxyHCExpr name {ap_expr expression} |
|
sv |
E |
Creates a named condition expression to use to determine health of the backend based on its response |
ProxyHCTemplate name parameter=setting [...] |
|
sv |
E |
Creates a named template for setting various health check parameters |
ProxyHCTPsize size |
16 |
s |
E |
Sets the total server-wide size of the threadpool used for the health check workers |
ProxyHTMLBufSize bytes |
8192 |
svd |
B |
Sets the buffer size increment for buffering inline scripts and stylesheets. |
ProxyHTMLCharsetOut Charset | * |
|
svd |
B |
Specify a charset for mod_proxy_html output. |
ProxyHTMLDocType HTML|XHTML [Legacy] OR ProxyHTMLDocType fpi [SGML|XML] |
|
svd |
B |
Sets an HTML or XHTML document type declaration. |
ProxyHTMLEnable On|Off |
Off |
svd |
B |
Turns the proxy_html filter on or off. |
ProxyHTMLEvents attribute [attribute ...] |
|
svd |
B |
Specify attributes to treat as scripting events. |
ProxyHTMLExtended On|Off |
Off |
svd |
B |
Determines whether to fix links in inline scripts, stylesheets, and scripting events. |
ProxyHTMLFixups [lowercase] [dospath] [reset] |
|
svd |
B |
Fixes for simple HTML errors. |
ProxyHTMLInterp On|Off |
Off |
svd |
B |
Enables per-request interpolation of ProxyHTMLURLMap rules. |
ProxyHTMLLinks element attribute [attribute2 ...] |
|
svd |
B |
Specify HTML elements that have URL attributes to be rewritten. |
ProxyHTMLMeta On|Off |
Off |
svd |
B |
Turns on or off extra pre-parsing of metadata in HTML <head> sections. |
ProxyHTMLStripComments On|Off |
Off |
svd |
B |
Determines whether to strip HTML comments. |
ProxyHTMLURLMap from-pattern to-pattern [flags] [cond] |
|
svd |
B |
Defines a rule to rewrite HTML links |
ProxyIOBufferSize bytes |
8192 |
sv |
E |
Determine size of internal data throughput buffer |
<ProxyMatch regex> ...</ProxyMatch> |
|
sv |
E |
Container for directives applied to regular-expression-matched proxied resources |
ProxyMaxForwards number |
-1 |
sv |
E |
Maximium number of proxies that a request can be forwarded through |
ProxyPass [path] !|url [key=value [key=value ...]] [nocanon] [interpolate] [noquery] |
|
svd |
E |
Maps remote servers into the local server URL-space |
ProxyPassInherit On|Off |
On |
sv |
E |
Inherit ProxyPass directives defined from the main server |
ProxyPassInterpolateEnv On|Off |
Off |
svd |
E |
Enable Environment Variable interpolation in Reverse Proxy configurations |
ProxyPassMatch [regex] !|url [key=value [key=value ...]] |
|
svd |
E |
Maps remote servers into the local server URL-space using regular expressions |
ProxyPassReverse [path] url [interpolate] |
|
svd |
E |
Adjusts the URL in HTTP response headers sent from a reverse proxied server |
ProxyPassReverseCookieDomain internal-domain public-domain [interpolate] |
|
svd |
E |
Adjusts the Domain string in Set-Cookie headers from a reverse- proxied server |
ProxyPassReverseCookiePath internal-path public-path [interpolate] |
|
svd |
E |
Adjusts the Path string in Set-Cookie headers from a reverse- proxied server |
ProxyPreserveHost On|Off |
Off |
svd |
E |
Use incoming Host HTTP request header for proxy request |
ProxyReceiveBufferSize bytes |
0 |
sv |
E |
Network buffer size for proxied HTTP and FTP connections |
ProxyRemote match remote-server |
|
sv |
E |
Remote proxy used to handle certain requests |
ProxyRemoteMatch regex remote-server |
|
sv |
E |
Remote proxy used to handle requests matched by regular expressions |
ProxyRequests On|Off |
Off |
sv |
E |
Enables forward (standard) proxy requests |
ProxySCGIInternalRedirect On|Off|Headername |
On |
svd |
E |
Enable or disable internal redirect responses from the backend |
ProxySCGISendfile On|Off|Headername |
Off |
svd |
E |
Enable evaluation of X-Sendfile pseudo response header |
ProxySet url key=value [key=value ...] |
|
svd |
E |
Set various Proxy balancer or member parameters |
ProxySourceAddress address |
|
sv |
E |
Set local IP address for outgoing proxy connections |
ProxyStatus Off|On|Full |
Off |
sv |
E |
Show Proxy LoadBalancer status in mod_status |
ProxyTimeout seconds |
|
sv |
E |
Network timeout for proxied requests |
ProxyVia On|Off|Full|Block |
Off |
sv |
E |
Information provided in the Via HTTP response header for proxied requests |
QualifyRedirectURL On|Off |
Off |
svd |
C |
Controls whether the REDIRECT_URL environment variable is fully qualified |
ReadmeName filename |
|
svdh |
B |
Name of the file that will be inserted at the end of the index listing |
ReceiveBufferSize bytes |
0 |
s |
M |
TCP receive buffer size |
Redirect [status] [URL-path] URL |
|
svdh |
B |
Sends an external redirect asking the client to fetch a different URL |
RedirectMatch [status] regex URL |
|
svdh |
B |
Sends an external redirect based on a regular expression match of the current URL |
RedirectPermanent URL-path URL |
|
svdh |
B |
Sends an external permanent redirect asking the client to fetch a different URL |
RedirectTemp URL-path URL |
|
svdh |
B |
Sends an external temporary redirect asking the client to fetch a different URL |
RedisConnPoolTTL num[units] |
15s |
sv |
E |
TTL used for the connection pool with the Redis server(s) |
RedisTimeout num[units] |
5s |
sv |
E |
R/W timeout used for the connection with the Redis server(s) |
ReflectorHeader inputheader [outputheader] |
|
svdh |
B |
Reflect an input header to the output headers |
RegexDefaultOptions [none] [+|-]option [[+|-]option] ... |
DOTALL DOLLAR_ENDON + |
s |
C |
Allow to configure global/default options for regexes |
RegisterHttpMethod method [method [...]] |
|
s |
C |
Register non-standard HTTP methods |
RemoteIPHeader header-field |
|
sv |
B |
Declare the header field which should be parsed for useragent IP addresses |
RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ... |
|
sv |
B |
Declare client intranet IP addresses trusted to present the RemoteIPHeader value |
RemoteIPInternalProxyList filename |
|
sv |
B |
Declare client intranet IP addresses trusted to present the RemoteIPHeader value |
RemoteIPProxiesHeader HeaderFieldName |
|
sv |
B |
Declare the header field which will record all intermediate IP addresses |
RemoteIPProxyProtocol On|Off |
|
sv |
B |
Enable or disable PROXY protocol handling |
RemoteIPProxyProtocolExceptions host|range [host|range] [host|range] |
|
sv |
B |
Disable processing of PROXY header for certain hosts or networks |
RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ... |
|
sv |
B |
Declare client intranet IP addresses trusted to present the RemoteIPHeader value |
RemoteIPTrustedProxyList filename |
|
sv |
B |
Declare client intranet IP addresses trusted to present the RemoteIPHeader value |
RemoveCharset extension [extension] ... |
|
vdh |
B |
Removes any character set associations for a set of file extensions |
RemoveEncoding extension [extension] ... |
|
vdh |
B |
Removes any content encoding associations for a set of file extensions |
RemoveHandler extension [extension] ... |
|
vdh |
B |
Removes any handler associations for a set of file extensions |
RemoveInputFilter extension [extension] ... |
|
vdh |
B |
Removes any input filter associations for a set of file extensions |
RemoveLanguage extension [extension] ... |
|
vdh |
B |
Removes any language associations for a set of file extensions |
RemoveOutputFilter extension [extension] ... |
|
vdh |
B |
Removes any output filter associations for a set of file extensions |
RemoveType extension [extension] ... |
|
vdh |
B |
Removes any content type associations for a set of file extensions |
RequestHeader add|append|edit|edit*|merge|set|setifempty|unset header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] |
|
svdh |
E |
Configure HTTP request headers |
RequestReadTimeout [handshake=timeout[-maxtimeout][,MinRate=rate] [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate] |
handshake=0 header= + |
sv |
E |
Set timeout values for completing the TLS handshake, receiving the request headers and/or body from client. |
Require [not] entity-name [entity-name] ... |
|
dh |
B |
Tests whether an authenticated user is authorized by an authorization provider. |
<RequireAll> ... </RequireAll> |
|
dh |
B |
Enclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed. |
<RequireAny> ... </RequireAny> |
|
dh |
B |
Enclose a group of authorization directives of which one must succeed for the enclosing directive to succeed. |
<RequireNone> ... </RequireNone> |
|
dh |
B |
Enclose a group of authorization directives of which none must succeed for the enclosing directive to not fail. |
RewriteBase URL-path |
|
dh |
E |
Sets the base URL for per-directory rewrites |
RewriteCond TestString CondPattern [flags] |
|
svdh |
E |
Defines a condition under which rewriting will take place |
RewriteEngine on|off |
off |
svdh |
E |
Enables or disables runtime rewriting engine |
RewriteMap MapName MapType:MapSource [MapTypeOptions] |
|
sv |
E |
Defines a mapping function for key-lookup |
RewriteOptions Options |
|
svdh |
E |
Sets some special options for the rewrite engine |
RewriteRule Pattern Substitution [flags] |
|
svdh |
E |
Defines rules for the rewriting engine |
RLimitCPU seconds|max [seconds|max] |
|
svdh |
C |
Limits the CPU consumption of processes launched by Apache httpd children |
RLimitMEM bytes|max [bytes|max] |
|
svdh |
C |
Limits the memory consumption of processes launched by Apache httpd children |
RLimitNPROC number|max [number|max] |
|
svdh |
C |
Limits the number of processes that can be launched by processes launched by Apache httpd children |
Satisfy Any|All |
All |
dh |
E |
Interaction between host-level access control and user authentication |
ScoreBoardFile file-path |
logs/apache_runtime + |
s |
M |
Location of the file used to store coordination data for the child processes |
Script method cgi-script |
|
svd |
B |
Activates a CGI script for a particular request method. |
ScriptAlias [URL-path] file-path|directory-path |
|
svd |
B |
Maps a URL to a filesystem location and designates the target as a CGI script |
ScriptAliasMatch regex file-path|directory-path |
|
sv |
B |
Maps a URL to a filesystem location using a regular expression and designates the target as a CGI script |
ScriptInterpreterSource Registry|Registry-Strict|Script |
Script |
svdh |
C |
Technique for locating the interpreter for CGI scripts |
ScriptLog file-path |
|
sv |
B |
Location of the CGI script error logfile |
ScriptLogBuffer bytes |
1024 |
sv |
B |
Maximum amount of PUT or POST requests that will be recorded in the scriptlog |
ScriptLogLength bytes |
10385760 |
sv |
B |
Size limit of the CGI script logfile |
ScriptSock file-path |
cgisock |
s |
B |
The filename prefix of the socket to use for communication with the cgi daemon |
SecureListen [IP-address:]portnumber Certificate-Name [MUTUAL] |
|
s |
B |
Enables SSL encryption for the specified port |
SeeRequestTail On|Off |
Off |
s |
C |
Determine if mod_status displays the first 63 characters of a request or the last 63, assuming the request itself is greater than 63 chars. |
SendBufferSize bytes |
0 |
s |
M |
TCP buffer size |
ServerAdmin email-address|URL |
|
sv |
C |
Email address that the server includes in error messages sent to the client |
ServerAlias hostname [hostname] ... |
|
v |
C |
Alternate names for a host used when matching requests to name-virtual hosts |
ServerLimit number |
|
s |
M |
Upper limit on configurable number of processes |
ServerName [scheme://]domain-name|ip-address[:port] |
|
sv |
C |
Hostname and port that the server uses to identify itself |
ServerPath URL-path |
|
v |
C |
Legacy URL pathname for a name-based virtual host that is accessed by an incompatible browser |
ServerRoot directory-path |
/usr/local/apache |
s |
C |
Base directory for the server installation |
ServerSignature On|Off|EMail |
Off |
svdh |
C |
Configures the footer on server-generated documents |
ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full |
Full |
s |
C |
Configures the Server HTTP response header |
Session On|Off |
Off |
svdh |
E |
Enables a session for the current directory or location |
SessionCookieName name attributes |
|
svdh |
E |
Name and attributes for the RFC2109 cookie storing the session |
SessionCookieName2 name attributes |
|
svdh |
E |
Name and attributes for the RFC2965 cookie storing the session |
SessionCookieRemove On|Off |
Off |
svdh |
E |
Control for whether session cookies should be removed from incoming HTTP headers |
SessionCryptoCipher name |
aes256 |
svdh |
X |
The crypto cipher to be used to encrypt the session |
SessionCryptoDriver name [param[=value]] |
|
s |
X |
The crypto driver to be used to encrypt the session |
SessionCryptoPassphrase secret [ secret ... ] |
|
svdh |
X |
The key used to encrypt the session |
SessionCryptoPassphraseFile filename |
|
svd |
X |
File containing keys used to encrypt the session |
SessionDBDCookieName name attributes |
|
svdh |
E |
Name and attributes for the RFC2109 cookie storing the session ID |
SessionDBDCookieName2 name attributes |
|
svdh |
E |
Name and attributes for the RFC2965 cookie storing the session ID |
SessionDBDCookieRemove On|Off |
On |
svdh |
E |
Control for whether session ID cookies should be removed from incoming HTTP headers |
SessionDBDDeleteLabel label |
deletesession |
svdh |
E |
The SQL query to use to remove sessions from the database |
SessionDBDInsertLabel label |
insertsession |
svdh |
E |
The SQL query to use to insert sessions into the database |
SessionDBDPerUser On|Off |
Off |
svdh |
E |
Enable a per user session |
SessionDBDSelectLabel label |
selectsession |
svdh |
E |
The SQL query to use to select sessions from the database |
SessionDBDUpdateLabel label |
updatesession |
svdh |
E |
The SQL query to use to update existing sessions in the database |
SessionEnv On|Off |
Off |
svdh |
E |
Control whether the contents of the session are written to the HTTP_SESSION environment variable |
SessionExclude path |
|
svdh |
E |
Define URL prefixes for which a session is ignored |
SessionExpiryUpdateInterval interval |
0 (always update) |
svdh |
E |
Define the number of seconds a session's expiry may change without the session being updated |
SessionHeader header |
|
svdh |
E |
Import session updates from a given HTTP response header |
SessionInclude path |
|
svdh |
E |
Define URL prefixes for which a session is valid |
SessionMaxAge maxage |
0 |
svdh |
E |
Define a maximum age in seconds for a session |
SetEnv env-variable [value] |
|
svdh |
B |
Sets environment variables |
SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ... |
|
svdh |
B |
Sets environment variables based on attributes of the request |
SetEnvIfExpr expr [!]env-variable[=value] [[!]env-variable[=value]] ... |
|
svdh |
B |
Sets environment variables based on an ap_expr expression |
SetEnvIfNoCase attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ... |
|
svdh |
B |
Sets environment variables based on attributes of the request without respect to case |
SetHandler handler-name|none|expression |
|
svdh |
C |
Forces all matching files to be processed by a handler |
SetInputFilter filter[;filter...] |
|
svdh |
C |
Sets the filters that will process client requests and POST input |
SetOutputFilter filter[;filter...] |
|
svdh |
C |
Sets the filters that will process responses from the server |
SSIEndTag tag |
"-->" |
sv |
B |
String that ends an include element |
SSIErrorMsg message |
"[an error occurred + |
svdh |
B |
Error message displayed when there is an SSI error |
SSIETag on|off |
off |
dh |
B |
Controls whether ETags are generated by the server. |
SSILastModified on|off |
off |
dh |
B |
Controls whether Last-Modified headers are generated by the server. |
SSILegacyExprParser on|off |
off |
dh |
B |
Enable compatibility mode for conditional expressions. |
SSIStartTag tag |
"<!--#" |
sv |
B |
String that starts an include element |
SSITimeFormat formatstring |
"%A, %d-%b-%Y %H:%M + |
svdh |
B |
Configures the format in which date strings are displayed |
SSIUndefinedEcho string |
"(none)" |
svdh |
B |
String displayed when an unset variable is echoed |
SSLCACertificateFile file-path |
|
sv |
E |
File of concatenated PEM-encoded CA Certificates for Client Auth |
SSLCACertificatePath directory-path |
|
sv |
E |
Directory of PEM-encoded CA Certificates for Client Auth |
SSLCADNRequestFile file-path |
|
sv |
E |
File of concatenated PEM-encoded CA Certificates for defining acceptable CA names |
SSLCADNRequestPath directory-path |
|
sv |
E |
Directory of PEM-encoded CA Certificates for defining acceptable CA names |
SSLCARevocationCheck chain|leaf|none [flags ...] |
none |
sv |
E |
Enable CRL-based revocation checking |
SSLCARevocationFile file-path |
|
sv |
E |
File of concatenated PEM-encoded CA CRLs for Client Auth |
SSLCARevocationPath directory-path |
|
sv |
E |
Directory of PEM-encoded CA CRLs for Client Auth |
SSLCertificateChainFile file-path |
|
sv |
E |
File of PEM-encoded Server CA Certificates |
SSLCertificateFile file-path|certid |
|
sv |
E |
Server PEM-encoded X.509 certificate data file or token identifier |
SSLCertificateKeyFile file-path|keyid |
|
sv |
E |
Server PEM-encoded private key file |
SSLCipherSuite [protocol] cipher-spec |
DEFAULT (depends on + |
svdh |
E |
Cipher Suite available for negotiation in SSL handshake |
SSLCompression on|off |
off |
sv |
E |
Enable compression on the SSL level |
SSLCryptoDevice engine |
builtin |
s |
E |
Enable use of a cryptographic hardware accelerator |
SSLEngine on|off|optional |
off |
sv |
E |
SSL Engine Operation Switch |
SSLFIPS on|off |
off |
s |
E |
SSL FIPS mode Switch |
SSLHonorCipherOrder on|off |
off |
sv |
E |
Option to prefer the server's cipher preference order |
SSLInsecureRenegotiation on|off |
off |
sv |
E |
Option to enable support for insecure renegotiation |
SSLOCSPDefaultResponder uri |
|
sv |
E |
Set the default responder URI for OCSP validation |
SSLOCSPEnable on|leaf|off |
off |
sv |
E |
Enable OCSP validation of the client certificate chain |
SSLOCSPNoverify On/Off |
Off |
sv |
E |
skip the OCSP responder certificates verification |
SSLOCSPOverrideResponder on|off |
off |
sv |
E |
Force use of the default responder URI for OCSP validation |
SSLOCSPProxyURL url |
|
sv |
E |
Proxy URL to use for OCSP requests |
SSLOCSPResponderCertificateFile file |
|
sv |
E |
Set of trusted PEM encoded OCSP responder certificates |
SSLOCSPResponderTimeout seconds |
10 |
sv |
E |
Timeout for OCSP queries |
SSLOCSPResponseMaxAge seconds |
-1 |
sv |
E |
Maximum allowable age for OCSP responses |
SSLOCSPResponseTimeSkew seconds |
300 |
sv |
E |
Maximum allowable time skew for OCSP response validation |
SSLOCSPUseRequestNonce on|off |
on |
sv |
E |
Use a nonce within OCSP queries |
SSLOpenSSLConfCmd command-name command-value |
|
sv |
E |
Configure OpenSSL parameters through its SSL_CONF API |
SSLOptions [+|-]option ... |
|
svdh |
E |
Configure various SSL engine run-time options |
SSLPassPhraseDialog type |
builtin |
s |
E |
Type of pass phrase dialog for encrypted private keys |
SSLProtocol [+|-]protocol ... |
all -SSLv3 (up to 2 + |
sv |
E |
Configure usable SSL/TLS protocol versions |
SSLProxyCACertificateFile file-path |
|
svp |
E |
File of concatenated PEM-encoded CA Certificates for Remote Server Auth |
SSLProxyCACertificatePath directory-path |
|
svp |
E |
Directory of PEM-encoded CA Certificates for Remote Server Auth |
SSLProxyCARevocationCheck chain|leaf|none |
none |
svp |
E |
Enable CRL-based revocation checking for Remote Server Auth |
SSLProxyCARevocationFile file-path |
|
svp |
E |
File of concatenated PEM-encoded CA CRLs for Remote Server Auth |
|