Htaccess

Htaccess

.htaccess (Hypertext Access) is the default name of Apache's directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in .htaccess context and the user needs appropriate permissions. ".htaccess iis" for windows, ".htaccess windows" and also look at sample .htaccess files to really get good at creating htaccess files.

The directive quick reference (below) shows the usage, default, status, and context of each Apache configuration directive. For more information about each of these, see the Directive Dictionary.

More .htaccess: Htpasswd, Htaccess Redirection, Htaccess Generators, Htaccess Redirect, Htaccess File FTP No Password, 302 Htaccess, Htaccess Instructions

---

Crazy POWERFUL Bash Prompt

This amazing bash linux prompt does more than meets the eye. If you want to know how to become really good with technology, linux is the secret sauce behind the AskApache articles. Open Source is elixir of the web. Thanks to everyone who helped me for the past 20 years. I use linux/bsd because homey don’t play, so this is geared to be as productive a prompt as I can make it.

Don’t have much time.. or just don’t care? Not a problem, here are the 3 lines to copy and paste – you can just paste them right in your shell to test it, or add to a startup script.

export AA_P="export PVE=\"\\033[m\\033[38;5;2m\"\$(( \`sed -n \"s/MemFree:[\\t ]\\+\\([0-9]\\+\\) kB/\\1/p\" /proc/meminfo\` / 1024 ))\"\\033[38;5;22m/\"\$((\`sed -n \"s/MemTotal:[\\t ]\\+\\([0-9]\\+\\) kB/\\1/p\" /proc/meminfo\`/ 1024 ))MB\"\\t\\033[m\\033[38;5;55m\$(< /proc/loadavg)\\033[m\";echo -en \"\""
export PROMPT_COMMAND="history -a;((\$SECONDS % 10==0 ))&&eval \"\$AA_P\";echo -en \"\$PVE\";"
export PS1="\\[\\e[m\\n\\e[1;30m\\][\$\$:\$PPID \\j:\\!\\[\\e[1;30m\\]]\\[\\e[0;36m\\] \\T \\d \\[\\e[1;30m\\][\\[\\e[1;34m\\]\\u@\\H\\[\\e[1;30m\\]:\\[\\e[0;37m\\]\${SSH_TTY} \\[\\e[0;32m\\]+\${SHLVL}\\[\\e[1;30m\\]] \\[\\e[1;37m\\]\\w\\[\\e[0;37m\\] \\n(\$SHLVL:\\!)\\\$ " && eval $AA_P

· Tips  ·  RSS | 3:02 PM

---

Real-Life Htaccess Files from My Server

#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
 
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR]
 
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
 
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
 
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

· Mod_Rewrite tricks  ·  RSS | 11:06 AM

---

30x Faster WP-Super Cache Site Speed

NOT a typo.. 30x is measurable, well-documented, and easily tested. This is what open-source is about. I haven’t had time to post much the past year, I’m always working! So I wanted to make up for that by publishing an article on a topic that would blow your mind and be something that you could actually start using and really get some benefit out of it. This is one of those articles that the majority of web hosting companies would love to see in paperback, so they could burn it.

· 30x  ·  RSS | 11:43 AM

---

Advanced WordPress wp-config.php Tweaks

The bottom line for this article is that I want to make WordPress as fast, secure, and easy to install, run, and manage because I am using it more and more for client production sites, I will work for days in order to solve an issue so that I never have to spend time on that issue again. Time is money in this industry and that is ultimately (time) what there is to gain by tweaking WordPress.

Note: I spent no time on readability, this is primarily a read the code and figure it out article.. This is for advanced users looking for a reference or discussion and for those of you looking to advance. Feedback would be great if you make it that far..

· wp-config.php  ·  RSS | 3:23 AM

---

PortaPutty Auto-Reconnecting SSH Tunnels on an Encrypted TrueCrypt Portable USB Key w GPG

Ok I just came back up to write the intro.. I’m trying to keep it short to avoid getting bogged down by the coolness of each step. Here is what goes on. When I logon to my XP machine at work, I bring my usb key and plug it in first. On logging a window pops up first and it’s a password prompt to mount my encrypted drive leonardo. It also checks a keyfile that is located on my usb key, but all I do now is type in my password. That causes my encrypted folder to be accessible to me like a normal drive, and it autoruns a startup batch file.

The batch file causes Portable versions of Firefox (all my bookmarks, my settings) to load, and launches Portable Mozilla Thunderbird (IMAP makes this work well), which is my favorite program (great GPG features and open-source!). Also Some Adobe CS4 software is loaded from the hard drive, like DreamWeaver. In the background, a service we created executes a PortaPuttY plink command to create forwarded tunnels from various remote servers and accounts, all using key-based encryption. These tunnels are automatically reconnected if they are disconnected, meaning you can use a socks 5 if you want or even better!

Part 1 of 5

· HTTP  ·  RSS | 5:11 AM

---

Optimize a Website for Speed, Security, and Easy Management

Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I’m piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.

· compression  ·  RSS | 8:45 PM

---

HTTP Status Codes and .htaccess ErrorDocuments

There are a total of 57 HTTP Status Codes recognized by the Apache Web Server. Wouldn’t you like to see what all those headers and their output, ErrorDocuments look like?

· ErrorDocuments  ·  RSS | 3:56 PM

---

Protecting Files with Advanced Mod_Rewrite Anti-Hotlinking

If you have files on your site that you don’t want indexed by malicious search engines, grabbed and leeched by malicious spammers, or stolen and made available elsewhere, you can use mod_rewrite to drastically reduce or totally reduce that activity.

· Advanced  ·  RSS | 1:09 AM

---

Crazy Advanced Mod_Rewrite Tutorial

Note: Extremely ILL Content
Find the key to unlocking mod_rewrite and you WILL be sick.. sick with a diamond disease on your wrist!

· mod_rewrite  ·  RSS | 12:55 PM

---

mod_rewrite Fix for Caching Updated Files

Web Developers sometimes use file.ext?v=004 as a version control system to force visitors to use updated files. This is terrible. Instead link to apache-003.css and set it to be cached forever. When you change the file you just change the links to apache-004.css. That eliminates millions of bandwidth and resource robbing If-Modified-Since requests. You only need Apache with mod_rewrite, and 1-10 minutes!

· rewritecond  ·  RSS | 9:20 AM

---

An AskApache Plugin Upgrade to Rule them All

So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last… So for all of you who’ve helped me out by sending me suggestions and notifying me of errors and sticking with it… Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I’ve been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.

· Google 404 Plugin  ·  RSS | 1:59 PM

---

PHP and AJAX shell console

Ever wanted to execute commands on your server through php? Now you can. I’m calling this file (see below) shell.php and it allows you to run commands on your web server with the same permissions that your php executable has.

· shell  ·  RSS | 9:01 PM

---

Advanced Htaccess Demo/Example using Cookies, Headers, Rewrites

Whoa pretty sweet huh? Bet you’ve never seen that before! As I explain the htaccess code that achieves this, keep in mind this is merely one simple application for this code. It’s much more advanced than your basic htaccess trick, notice how this htaccess acts like a php script, very unusual.. I really wanted to share this trick after I created it for one of my clients because this is the tip of the iceberg. Another use would be to display an alternate style sheet depending on a users theme preference. The coolest thing about this example IMHO is that it uses multiple advanced .htaccess ideas in order for it to work, most htaccess code on the net is very singular. This code uses mod_headers to set the Content-Disposition header for forcing a download and uses mod_rewrite to do the rest.

· Htaccess  ·  RSS | 11:07 PM

---

Htaccess SEO Trends by Google

htaccess vs. httpd.conf

RSS | 2:10 AM

---

Advanced Htaccess – SSI, ErrorDocuments, DirectoryIndexing SEO

3-Part article covering practical implementation of 3 advanced .htaccess features. Discover an easy way to boost your SEO the AskApache way (focus on visitors), a tip you might keep and use for life. Get some cool security tricks to use against spammers, crackers, and other nefarious sorts. Take your site’s error handling to the next level, enhanced ErrorDocuments that go beyond 404′s.

· SEO  ·  RSS | 4:02 AM

---

Password Protection Plugin Status

Enumerating Permissions can be Annoying

Don’t ask me how because I won’t tell you, but on one of the hosts I was testing on that did not allow direct access I was able to get the Apache server running as dhapache to erroneously write a file into my users blog directory. This is a big security no-no and I now have my .htaccess file written into the blog directory where it should go, but instead of my php script’s user having write access to the file so I can modify it, its owned by dhapache! Because the file is owned by dhapache I shouldn’t even be allowed to know it exists, but there it is. So the next step was to try and take ownership of the .htaccess file so that I could modify it. I tried and tried but was unsuccessful, I couldn’t modify it so that was another dead end. Actually it took me awhile to figure out how to remove the file from my directory. Being that it was owned by dhapache I couldn’t delete or modify it using my php process or even through ftp/ssh! Sysadmins regularly run find commands that search the servers for any files owned by dhapache that should not be there as this is a big red flag that someone has found a way to manipulate dhapache which could potentially lead to modifying dhapache-owned server config files, which sometimes is all it takes to hack your website and server.. Luckily I was able to delete it by basically running the hack again to overwrite the file.

· Plugin  ·  RSS | 1:39 PM

---

The Ultimate Htaccess

Skip this – still under edit

I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!

Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.

Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)

· htaccess  ·  RSS | 9:05 AM

---

Advanced .htaccess Tricks for Securing Sites

This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual “locked gates” that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn’t allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.

· security  ·  RSS | 10:28 PM

---

Htaccess SetEnvIf and SetEnvIfNoCase Examples

SetEnv, SetEnvIf, and SetEnvIfNoCase directives conditionally set environment variables accessible by scripts and apache based on HTTP Headers, Variables, and Request information.

• Unique mod_setenvif Variables
• Populates HTTP_MY_ Variables with mod_setenvif variable values
• Set REMOTE_HOST to HTTP_HOST
• Allows only if HOST Header is present in request
• Add values from HTTP Headers
• Set the REDIRECT_STATUS for Interpreter Security

· setenvif  ·  RSS | 1:36 PM

---

Apache HTTPD and Module API Versions

A list of API Versions and the corresponding HTTPD Version, for use in determining the version of Apache currently running without having to rely on the often inaccurate SERVER_SOFTWARE Header.

· Apache API Module  ·  RSS | 4:35 PM

---

---

AcceptPathInfo On|Off|Default

Resources accept trailing pathname information

Action action-type cgi-script [virtual]

Activates a CGI script for a particular handler or content-type

addalt

Alternate text to display for a file, instead of an icon selected by filename

AddAltByEncoding string MIME-encoding [ MIME-encoding ]

Alternate text to display for a file instead of an icon selected by MIME-encoding

addaltbytype

Alternate text to display for a file, instead of an icon selected by MIME content-type

AddCharset charset extension [ extension ]

Maps the given filename extensions to the specified content charset

adddefaultcharset

Default charset parameter to be added when a response content-type is text/plain or text/html

AddDescription string file [ file ]

Description to display for a file

addencoding

Maps the given filename extensions to the specified encoding type

AddHandler handler-name extension [ extension ]

Maps the filename extensions to the specified handler

addicon

Icon to display for a file selected by name

AddIconByEncoding icon MIME-encoding [ MIME-encoding ]

Icon to display next to files selected by MIME content-encoding

addiconbytype

Icon to display next to files selected by MIME content-type

AddInputFilter filter [; filter ...] extension [ extension ]

Maps filename extensions to the filters that will process client requests

addlanguage

Maps the given filename extension to the specified content language

addoutputfilter

Maps filename extensions to the filters that will process responses from the server

AddOutputFilterByType filter [; filter ...] MIME-type [ MIME-type ]

assigns an output filter to a particular MIME-type

addtype

Maps the given filename extensions onto the specified content type

Allow from all| host |env= env-variable [ host |env= env-variable ]

Controls which hosts can access an area of the server

Anonymous user [ user ]

Specifies userIDs that are allowed access without password verification

Anonymous_LogEmail On|Off

Sets whether the password entered will be logged in the error log

Anonymous_MustGiveEmail On|Off

Specifies whether blank passwords are allowed

Anonymous_NoUserID On|Off

Anonymous_VerifyEmail On|Off

Sets whether to check the password field for a correctly formatted email address

AuthBasicAuthoritative On|Off

Sets whether authorization and authentication are passed to lower level modules

AuthBasicProvider provider-name [ provider-name ]

AuthDBMGroupFile file-path

Sets the name of the database file containing the list of user groups for authorization

AuthDBMType default|SDBM|GDBM|NDBM|DB

Sets the type of database file that is used to store passwords

AuthDBMUserFile file-path

Sets the name of a database file containing the list of users and passwords for authentication

AuthDefaultAuthoritative On|Off

Sets whether authentication is passed to lower level modules

AuthDigestAlgorithm MD5|MD5-sess

Selects the algorithm used to calculate the challenge and response hashes in digest authentication

authdigestdomain

URIs that are in the same protection space for digest authentication

AuthDigestNonceFormat format

AuthDigestNonceLifetime seconds

How long the server nonce is valid

AuthDigestProvider provider-name [ provider-name ]

AuthDigestQop none|auth|auth-int [auth|auth-int]

Determines the quality-of-protection to use in digest authentication

AuthGroupFile file-path

Sets the name of a text file containing the list of user groups for authorization

AuthLDAPBindDN distinguished-name

AuthLDAPBindPassword password

Password used in conjuction with the bind DN

AuthLDAPCompareDNOnServer on|off

Use the LDAP server to compare the DNs

AuthLDAPDereferenceAliases never|searching|finding|always

AuthLDAPGroupAttribute attribute

LDAP attributes used to check for group membership

AuthLDAPGroupAttributeIsDN on|off

Use the DN of the client username when checking for group membership

AuthLDAPRemoteUserAttribute uid

Use the value of the attribute returned during the user query to set the REMOTE_USER environment variable

AuthLDAPRemoteUserIsDN on|off

Use the DN of the client username to set the REMOTE_USER environment variable

AuthLDAPUrl url [NONE|SSL|TLS|STARTTLS]

URL specifying the LDAP search parameters

authname

Authorization realm for use in HTTP authentication

AuthType Basic|Digest

AuthUserFile file-path

Sets the name of a text file containing the list of users and passwords for authentication

AuthzDBMType default|SDBM|GDBM|NDBM|DB

Sets the type of database file that is used to store list of user groups

AuthzDefaultAuthoritative On|Off

Sets whether authorization is passed to lower level modules

AuthMergeRules on | off

Set to 'on' to allow the parent's <Directory> or <Location> authz rules to be merged into the current <Directory> or <Location>. Set to 'off' to disable merging. If set to 'off', only the authz rules defined in the current <Directory> or <Location> block will apply.

browsermatch

Sets environment variables conditional on HTTP User-Agent

browsermatchnocase

Sets environment variables conditional on User-Agent without respect to case

CGIMapExtension cgi-path .extension

Technique for locating the interpreter for CGI scripts

CharsetDefault charset

CharsetOptions option [ option ]

Configures charset translation behavior

CharsetSourceEnc charset

CheckCaseOnly on|off

Limits the action of the speling module to case corrections

CheckSpelling on|off

Enables the spelling module

ContentDigest On|Off

Enables the generation of Content-MD5 HTTP Response headers

CookieDomain domain

The domain to which the tracking cookie applies

CookieExpires expiry-period

CookieName token

CookieStyle Netscape|Cookie|Cookie2|RFC2109|RFC2965

Format of the cookie header field

CookieTracking on|off

defaulticon

Icon to display for files when no specific icon is configured

DefaultLanguage MIME-lang

Sets all files in the given scope to the specified language

defaulttype

MIME content-type that will be sent if the server cannot determine a type in any other way

Deny from all| host |env= env-variable [ host |env= env-variable ]

Controls which hosts are denied access to the server

DirectoryIndex local-url [ local-url ]

List of resources to look for when the client requests a directory

DirectorySlash On|Off

Toggle trailing slash redirects on or off

EnableMMAP On|Off

Use memory-mapping to read files during delivery

EnableSendfile On|Off

ErrorDocument error-code document

What the server will return to the client in case of an error

Example

Demonstration directive to illustrate the Apache module API

ExpiresActive On|Off

ExpiresByType

Value of the Expires header configured by MIME type

ExpiresDefault

fileetag

File attributes used to create the ETag HTTP response header

<Files filename > ... </Files>

Contains directives that apply to matched filenames

> ... </FilesMatch>

Contains directives that apply to regular-expression matched filenames

FilterChain [+=-@!] filter-name ...

Configure the filter chain

FilterDeclare filter-name [type]

FilterProtocol filter-name [ provider-name ] proto-flags

Deal with correct HTTP protocol handling

FilterProvider filter-name provider-name [req|resp|env]= dispatch match

ForceLanguagePriority None|Prefer|Fallback [Prefer|Fallback]

Action to take if a single acceptable document is not found

ForceType MIME-type |None

Forces all matching files to be served with the specified MIME content-type

header

Configure HTTP response headers

headername

Name of the file that will be inserted at the top of the index listing

> ... </IfDefine>

Encloses directives that will be processed only if a test is true at startup

> ... </IfModule>

Encloses directives that are processed conditional on the presence or absence of a specific module

> ... </IfVersion>

contains version dependent configuration

ImapBase map|referer| URL

[ http://servername/ | hsvd | B ]

imapdefault

Default action when an imagemap is called with coordinates that are not explicitly mapped

ImapMenu none|formatted|semiformatted|unformatted

Action if no coordinates are given when calling an imagemap

IndexIgnore file [ file ]

Adds to the list of files to hide when listing a directory

indexoptions

Various configuration settings for directory indexing

IndexOrderDefault Ascending|Descending Name|Date|Size|Description

Sets the default ordering of the directory index

IndexStyleSheet url-path

ISAPIAppendLogToErrors on|off

Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the error log

ISAPIAppendLogToQuery on|off

Record HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the query field

ISAPIFakeAsync on|off

ISAPILogNotSupported on|off

Log unsupported feature requests from ISAPI extensions

isapireadaheadbuffer

Size of the Read Ahead Buffer sent to ISAPI extensions

languagepriority

The precendence of language variants for cases where the client does not express a preference

LDAPTrustedClientCert type directory-path/filename/nickname [password]

Sets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates.

] ... > ... </Limit>

Restrict enclosed access controls to only certain HTTP methods

] ... > ... </LimitExcept>

Restrict access controls to all HTTP methods except the named ones

limitrequestbody

Restricts the total size of the HTTP request body sent from the client

LimitXMLRequestBody bytes

MetaDir directory

Name of the directory to find CERN-style meta information files

MetaFiles on|off

MetaSuffix suffix

File name suffix for the file containg CERN-style meta information

MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers [Handlers|Filters]

The types of files that will be included when searching for a matching file with MultiViews

options

Configures what features are available in a particular directory

order

Controls the default access state and the order in which Allow and Deny are evaluated.

passenv

Passes environment variables from the shell

readmename

Name of the file that will be inserted at the end of the index listing

Redirect [ status ] URL-path URL

Sends an external redirect asking the client to fetch a different URL

redirectmatch

Sends an external redirect based on a regular expression match of the current URL

RedirectPermanent URL-path URL

Sends an external permanent redirect asking the client to fetch a different URL

redirecttemp

Sends an external temporary redirect asking the client to fetch a different URL

Reject entity-name [ entity-name ]

Rejects authenticated users or host based requests from accessing a resource

removecharset

Removes any character set associations for a set of file extensions

removeencoding

Removes any content encoding associations for a set of file extensions

removehandler

Removes any handler associations for a set of file extensions

removeinputfilter

Removes any input filter associations for a set of file extensions

removelanguage

Removes any language associations for a set of file extensions

removeoutputfilter

Removes any output filter associations for a set of file extensions

removetype

Removes any content type associations for a set of file extensions

RequestHeader set|append|merge|add|unset|edit header [ value ] [ replacement ] [early|env=[!] variable ]

Configure HTTP request headers

require

Selects which authenticated users can access a resource

RewriteBase URL-path

Sets the base URL for per-directory rewrites

RewriteCond TestString CondPattern

RewriteEngine on|off

Enables or disables runtime rewriting engine

RewriteOptions Options

RewriteRule Pattern Substitution [flags]

Defines rules for the rewriting engine

|max]

Limits the CPU consumption of processes launched by Apache children

RLimitMEM bytes |max [ bytes |max]

Limits the memory consumption of processes launched by Apache children

|max]

Limits the number of processes that can be launched by processes launched by Apache children

Satisfy Any|All

Interaction between host-level access control and user authentication

<SatisfyAll> ... </SatisfyAll>

Enclose a group of authorization directives that must all be satisfied in order to grant access to a resource. This block allows for 'AND' logic to be applied to various authorization providers.

<SatisfyOne> ... </SatisfyOne>

Enclose a group of authorization directives that must satisfy at least one in order to grant access to a resource. This block allows for 'OR' logic to be applied to various authorization providers.

ScriptInterpreterSource Registry|Registry-Strict|Script

Technique for locating the interpreter for CGI scripts

ServerSignature On|Off|EMail

Configures the footer on server-generated documents

SetEnv env-variable value

Sets environment variables

setenvif

Sets environment variables based on attributes of the request

setenvifnocase

Sets environment variables based on attributes of the request without respect to case

None

Forces all matching files to be processed by a handler

SetInputFilter filter [; filter ...]

Sets the filters that will process client requests and POST input

setoutputfilter

Sets the filters that will process responses from the server

SSIEnableAccess on|off

Enable the -A flag during conditional flow control processing.

ssierrormsg

Error message displayed when there is an SSI error

ssitimeformat

Configures the format in which date strings are displayed

SSIUndefinedEcho string

sslciphersuite

Cipher Suite available for negotiation in SSL handshake

SSLOptions [+|-]option

Configure various SSL engine run-time options

sslproxyciphersuite

Cipher Suite available for negotiation in SSL proxy handshake

SSLProxyVerify level

Type of remote server Certificate verification

sslproxyverifydepth

Maximum depth of CA Certificates in Remote Server Certificate verification

sslrequire

Allow access only when an arbitrarily complex boolean expression is true

SSLRequireSSL

Deny access when SSL is not used for the HTTP request

SSLUserName varname

SSLVerifyClient level

Type of Client Certificate verification

sslverifydepth

Maximum depth of CA Certificates in Client Certificate verification

unsetenv

Removes variables from the environment

XBitHack on|off|full

Parse SSI directives in files with the execute bit set