AskApache » Search Results » 503

Chmod, Umask, Stat, Fileperms, and File Permissions

AskApache — Fri, 17 Feb 2012 11:16:56 +0000

Unix file permissions are one of the more difficult subjects to grasp.. Well, ok maybe "grasp" isn't the word.. Master is the right word.. Unix file permissions is a hard topic to fully master, mainly I think because there aren't many instances when a computer user encounters them. Windows has been trying to figure it out for decades with little progress, so don't feel bad if you don't know much about it. Unless you're with the program and running Mac or any other BSD/Unix based OS you've never had the ability to secure your system in this most basic and fundamental way. Usually the first time someone encounters file permissions it's because their website was cracked..

.htaccess

$ chmod 604 .htaccess

604 -rw----r--  /home/askapache/cgi-bin/.htaccess

php.cgi

$ chmod 711 php.cgi

$ 711 -rwx--x--x  /home/askapache/cgi-bin/php.cgi

.php.ini

$ chmod 600 php.ini

$ 600 -rw-------  /home/askapache/cgi-bin/php.ini

I'm in the process of developing an updated version of the .htaccess security plugin, and one thing I have been working on is file permissions. Some people had problems trying to create files on their server and I realized it was bad programming on my part.. so I began researching permissions in detail. I went deep into the source code of Apache (which is why this site is called AskApache, BTW), PHP, Python, Ocaml, Perl, Ruby, and POSIX operating systems and got a pretty good handle on it now..

Tips before we dig in

Here's a few things I've learned that I didn't know before (using php).

Deleting Files and Directories

Deleting a file may require chmodding the file to 666 or even 777 before you are able to delete it. You also might have to chmod the parent directory of the file as well. Also, you may have to chdir to the directory the file is in. And lastly you may have to change the owner or group of the file. Further than that you can try renaming the file first then deleting it..

Deleting a directory means you need to remove every file in it first. It needs to be empty. And if your file system uses NFS or some other networked FS you might have even more problems deleting files. If the file you are trying to delete is being used by say, Apache or php then you might have to kill that process first.

Creating Files in Restrictive Environments

My research has been geared to try and make my code as robust as possible, I'm throwing everything but the kitchen sink into some of these functions because so many people are on such different types of servers. To create a file in a restrictive environment is a fun excercise to take.. You can write a file using many different functions, but there are some tricks if they all fail. One trick is instead of trying to "write" the data to the file, you can UPLOAD the data to the server and let PHP handle the file as if you used an upload form. I like to use fsockopen to do it, as some installations have been setup to prevent this type of fake upload.

Then there are the various other hacks like using an ftp connection (if you know the user/pass) to send the file from php, using ssh from php, whatever is available on the hosts php installation. In addition to those more involved workarounds you can often get around this problem by doing little hacks discussed at php.net in the comments for various functions. Such as changing the umask, changing directories with chdir first, creating a temporary file using a function like tempfile and then renaming or copying the tempfile to your desired file which sometimes gives you the permissions needed to write to the location.

If the php installation is newer than you can also look into creating your own stream context to pass write the data direct.

Stat Function

I've created a stat function in php that goes farther than the normal stat function... Just give the function a file to stat, and it returns an array of information.

function askapache_stat($filename) {
 clearstatcache();
 $ss=@stat($filename);
 if(!$ss) die("Couldnt stat {$filename}");
 $file_convert=array(0140000=>'ssocket',0120000=>'llink',0100000=>'-file',0060000=>'bblock',0040000=>'ddir',0020000=>'cchar',0010000=>'pfifo');
 $p=$ss['mode'];
 $t=decoct($ss['mode'] & 0170000);
 $str = (array_key_exists(octdec($t),$file_convert)) ? $file_convert[octdec($t)]{0} : 'u';
 $str.=(($p&0x0100)?'r':'-').(($p&0x0080)?'w':'-').(($p&0x0040)?(($p&0x0800)?'s':'x'):(($p&0x0800)?'S':'-'));
 $str.=(($p&0x0020)?'r':'-').(($p&0x0010)?'w':'-').(($p&0x0008)?(($p&0x0400)?'s':'x'):(($p&0x0400)?'S':'-'));
 $str.=(($p&0x0004)?'r':'-').(($p&0x0002)?'w':'-').(($p&0x0001)?(($p&0x0200)?'t':'x'):(($p&0x0200)?'T':'-'));
 
 $s=array(
 'perms'=>array(
  'umask'=>sprintf("%04o",umask()),
  'human'=>$str,
  'octal1'=>sprintf("%o", ($ss['mode'] & 000777)),
  'octal2'=>sprintf("0%o", 0777 & $p),
  'decimal'=>sprintf("%04o", $p),
  'fileperms'=>@fileperms($filename),
  'mode1'=>$p,
  'mode2'=>$ss['mode']),
 
 'filetype'=>array(
  'type'=>substr($file_convert[octdec($t)],1),
  'type_octal'=>sprintf("%07o", octdec($t)),
  'is_file'=>@is_file($filename),
  'is_dir'=>@is_dir($filename),
  'is_link'=>@is_link($filename),
  'is_readable'=> @is_readable($filename),
  'is_writable'=> @is_writable($filename)),
 
 'owner'=>array(
  'fileowner'=>$ss['uid'],
  'filegroup'=>$ss['gid'],
  'owner_name'=>(function_exists('posix_getpwuid')) ? @reset(@posix_getpwuid($ss['uid'])) : '',
  'group_name'=>(function_exists('posix_getgrgid')) ? @reset(@posix_getgrgid($ss['gid'])) : ''),
 
 'file'=>array(
  'filename'=>$filename,
  'realpath'=>(@realpath($filename) != $filename) ? @realpath($filename) : '',
  'dirname'=>@dirname($filename),
  'basename'=>@basename($filename)),
 
 'device'=>array(
  'device'=>$ss['dev'], //Device
  'device_number'=>$ss['rdev'], //Device number, if device.
  'inode'=>$ss['ino'], //File serial number
  'link_count'=>$ss['nlink'], //link count
  'link_to'=>($s['type']=='link') ? @readlink($filename) : ''),
 
 'size'=>array(
  'size'=>$ss['size'], //Size of file, in bytes.
  'blocks'=>$ss['blocks'], //Number 512-byte blocks allocated
  'block_size'=> $ss['blksize']), //Optimal block size for I/O.
 
 'time'=>array(
  'mtime'=>$ss['mtime'], //Time of last modification
  'atime'=>$ss['atime'], //Time of last access.
  'ctime'=>$ss['ctime'], //Time of last status change
  'accessed'=>@date('Y M D H:i:s',$ss['atime']),
  'modified'=>@date('Y M D H:i:s',$ss['mtime']),
  'created'=>@date('Y M D H:i:s',$ss['ctime'])),
 );
 
 clearstatcache();
 return $s;
}

PHP Stat Function Output

Example output, say from print_r(askapache_stat( __FILE__ ) );

Array(
[perms] => Array
  (
  [umask] => 0022
  [human] => -rw-r--r--
  [octal1] => 644
  [octal2] => 0644
  [decimal] => 100644
  [fileperms] => 33188
  [mode1] => 33188
  [mode2] => 33188
  )
 
[filetype] => Array
  (
  [type] => file
  [type_octal] => 0100000
  [is_file] => 1
  [is_dir] =>
  [is_link] =>
  [is_readable] => 1
  [is_writable] => 1
  )
 
[owner] => Array
  (
  [fileowner] => 035483
  [filegroup] => 23472
  [owner_name] => askapache
  [group_name] => grp22558
  )
 
[file] => Array
  (
  [filename] => /home/askapache/askapache-stat/public_html/ok/g.php
  [realpath] =>
  [dirname] => /home/askapache/askapache-stat/public_html/ok
  [basename] => g.php
  )
 
[device] => Array
  (
  [device] => 25
  [device_number] => 0
  [inode] => 92455020
  [link_count] => 1
  [link_to] =>
  )
 
[size] => Array
  (
  [size] => 2652
  [blocks] => 8
  [block_size] => 8192
  )
 
[time] => Array
  (
  [mtime] => 1227685253
  [atime] => 1227685138
  [ctime] => 1227685253
  [accessed] => 2008 Nov Tue 23:38:58
  [modified] => 2008 Nov Tue 23:40:53
  [created] => 2008 Nov Tue 23:40:53
  )
)

Every Permission 0000 to 0777

This shows what each numeric permission does to a REGULAR file. I'll provide the code to do this below so you can do the same thing on your server.

chmod 0: ----------
chmod 1: ---------x
chmod 2: --------w-
chmod 3: --------wx
chmod 4: -------r--
chmod 5: -------r-x
chmod 6: -------rw-
chmod 7: -------rwx
chmod 10: ------x---
chmod 11: ------x--x
chmod 12: ------x-w-
chmod 13: ------x-wx
chmod 14: ------xr--
chmod 15: ------xr-x
chmod 16: ------xrw-
chmod 17: ------xrwx
chmod 20: -----w----
chmod 21: -----w---x
chmod 22: -----w--w-
chmod 23: -----w--wx
chmod 24: -----w-r--
chmod 25: -----w-r-x
chmod 26: -----w-rw-
chmod 27: -----w-rwx
chmod 30: -----wx---
chmod 31: -----wx--x
chmod 32: -----wx-w-
chmod 33: -----wx-wx
chmod 34: -----wxr--
chmod 35: -----wxr-x
chmod 36: -----wxrw-
chmod 37: -----wxrwx
chmod 40: ----r-----
chmod 41: ----r----x
chmod 42: ----r---w-
chmod 43: ----r---wx
chmod 44: ----r--r--
chmod 45: ----r--r-x
chmod 46: ----r--rw-
chmod 47: ----r--rwx
chmod 50: ----r-x---
chmod 51: ----r-x--x
chmod 52: ----r-x-w-
chmod 53: ----r-x-wx
chmod 54: ----r-xr--
chmod 55: ----r-xr-x
chmod 56: ----r-xrw-
chmod 57: ----r-xrwx
chmod 60: ----rw----
chmod 61: ----rw---x
chmod 62: ----rw--w-
chmod 63: ----rw--wx
chmod 64: ----rw-r--
chmod 65: ----rw-r-x
chmod 66: ----rw-rw-
chmod 67: ----rw-rwx
chmod 70: ----rwx---
chmod 71: ----rwx--x
chmod 72: ----rwx-w-
chmod 73: ----rwx-wx
chmod 74: ----rwxr--
chmod 75: ----rwxr-x
chmod 76: ----rwxrw-
chmod 77: ----rwxrwx
chmod 100: ---x------
chmod 101: ---x-----x
chmod 102: ---x----w-
chmod 103: ---x----wx
chmod 104: ---x---r--
chmod 105: ---x---r-x
chmod 106: ---x---rw-
chmod 107: ---x---rwx
chmod 110: ---x--x---
chmod 111: ---x--x--x
chmod 112: ---x--x-w-
chmod 113: ---x--x-wx
chmod 114: ---x--xr--
chmod 115: ---x--xr-x
chmod 116: ---x--xrw-
chmod 117: ---x--xrwx
chmod 120: ---x-w----
chmod 121: ---x-w---x
chmod 122: ---x-w--w-
chmod 123: ---x-w--wx
chmod 124: ---x-w-r--
chmod 125: ---x-w-r-x
chmod 126: ---x-w-rw-
chmod 127: ---x-w-rwx
chmod 130: ---x-wx---
chmod 131: ---x-wx--x
chmod 132: ---x-wx-w-
chmod 133: ---x-wx-wx
chmod 134: ---x-wxr--
chmod 135: ---x-wxr-x
chmod 136: ---x-wxrw-
chmod 137: ---x-wxrwx
chmod 140: ---xr-----
chmod 141: ---xr----x
chmod 142: ---xr---w-
chmod 143: ---xr---wx
chmod 144: ---xr--r--
chmod 145: ---xr--r-x
chmod 146: ---xr--rw-
chmod 147: ---xr--rwx
chmod 150: ---xr-x---
chmod 151: ---xr-x--x
chmod 152: ---xr-x-w-
chmod 153: ---xr-x-wx
chmod 154: ---xr-xr--
chmod 155: ---xr-xr-x
chmod 156: ---xr-xrw-
chmod 157: ---xr-xrwx
chmod 160: ---xrw----
chmod 161: ---xrw---x
chmod 162: ---xrw--w-
chmod 163: ---xrw--wx
chmod 164: ---xrw-r--
chmod 165: ---xrw-r-x
chmod 166: ---xrw-rw-
chmod 167: ---xrw-rwx
chmod 170: ---xrwx---
chmod 171: ---xrwx--x
chmod 172: ---xrwx-w-
chmod 173: ---xrwx-wx
chmod 174: ---xrwxr--
chmod 175: ---xrwxr-x
chmod 176: ---xrwxrw-
chmod 177: ---xrwxrwx
chmod 200: --w-------
chmod 201: --w------x
chmod 202: --w-----w-
chmod 203: --w-----wx
chmod 204: --w----r--
chmod 205: --w----r-x
chmod 206: --w----rw-
chmod 207: --w----rwx
chmod 210: --w---x---
chmod 211: --w---x--x
chmod 212: --w---x-w-
chmod 213: --w---x-wx
chmod 214: --w---xr--
chmod 215: --w---xr-x
chmod 216: --w---xrw-
chmod 217: --w---xrwx
chmod 220: --w--w----
chmod 221: --w--w---x
chmod 222: --w--w--w-
chmod 223: --w--w--wx
chmod 224: --w--w-r--
chmod 225: --w--w-r-x
chmod 226: --w--w-rw-
chmod 227: --w--w-rwx
chmod 230: --w--wx---
chmod 231: --w--wx--x
chmod 232: --w--wx-w-
chmod 233: --w--wx-wx
chmod 234: --w--wxr--
chmod 235: --w--wxr-x
chmod 236: --w--wxrw-
chmod 237: --w--wxrwx
chmod 240: --w-r-----
chmod 241: --w-r----x
chmod 242: --w-r---w-
chmod 243: --w-r---wx
chmod 244: --w-r--r--
chmod 245: --w-r--r-x
chmod 246: --w-r--rw-
chmod 247: --w-r--rwx
chmod 250: --w-r-x---
chmod 251: --w-r-x--x
chmod 252: --w-r-x-w-
chmod 253: --w-r-x-wx
chmod 254: --w-r-xr--
chmod 255: --w-r-xr-x
chmod 256: --w-r-xrw-
chmod 257: --w-r-xrwx
chmod 260: --w-rw----
chmod 261: --w-rw---x
chmod 262: --w-rw--w-
chmod 263: --w-rw--wx
chmod 264: --w-rw-r--
chmod 265: --w-rw-r-x
chmod 266: --w-rw-rw-
chmod 267: --w-rw-rwx
chmod 270: --w-rwx---
chmod 271: --w-rwx--x
chmod 272: --w-rwx-w-
chmod 273: --w-rwx-wx
chmod 274: --w-rwxr--
chmod 275: --w-rwxr-x
chmod 276: --w-rwxrw-
chmod 277: --w-rwxrwx
chmod 300: --wx------
chmod 301: --wx-----x
chmod 302: --wx----w-
chmod 303: --wx----wx
chmod 304: --wx---r--
chmod 305: --wx---r-x
chmod 306: --wx---rw-
chmod 307: --wx---rwx
chmod 310: --wx--x---
chmod 311: --wx--x--x
chmod 312: --wx--x-w-
chmod 313: --wx--x-wx
chmod 314: --wx--xr--
chmod 315: --wx--xr-x
chmod 316: --wx--xrw-
chmod 317: --wx--xrwx
chmod 320: --wx-w----
chmod 321: --wx-w---x
chmod 322: --wx-w--w-
chmod 323: --wx-w--wx
chmod 324: --wx-w-r--
chmod 325: --wx-w-r-x
chmod 326: --wx-w-rw-
chmod 327: --wx-w-rwx
chmod 330: --wx-wx---
chmod 331: --wx-wx--x
chmod 332: --wx-wx-w-
chmod 333: --wx-wx-wx
chmod 334: --wx-wxr--
chmod 335: --wx-wxr-x
chmod 336: --wx-wxrw-
chmod 337: --wx-wxrwx
chmod 340: --wxr-----
chmod 341: --wxr----x
chmod 342: --wxr---w-
chmod 343: --wxr---wx
chmod 344: --wxr--r--
chmod 345: --wxr--r-x
chmod 346: --wxr--rw-
chmod 347: --wxr--rwx
chmod 350: --wxr-x---
chmod 351: --wxr-x--x
chmod 352: --wxr-x-w-
chmod 353: --wxr-x-wx
chmod 354: --wxr-xr--
chmod 355: --wxr-xr-x
chmod 356: --wxr-xrw-
chmod 357: --wxr-xrwx
chmod 360: --wxrw----
chmod 361: --wxrw---x
chmod 362: --wxrw--w-
chmod 363: --wxrw--wx
chmod 364: --wxrw-r--
chmod 365: --wxrw-r-x
chmod 366: --wxrw-rw-
chmod 367: --wxrw-rwx
chmod 370: --wxrwx---
chmod 371: --wxrwx--x
chmod 372: --wxrwx-w-
chmod 373: --wxrwx-wx
chmod 374: --wxrwxr--
chmod 375: --wxrwxr-x
chmod 376: --wxrwxrw-
chmod 377: --wxrwxrwx
chmod 400: -r--------
chmod 401: -r-------x
chmod 402: -r------w-
chmod 403: -r------wx
chmod 404: -r-----r--
chmod 405: -r-----r-x
chmod 406: -r-----rw-
chmod 407: -r-----rwx
chmod 410: -r----x---
chmod 411: -r----x--x
chmod 412: -r----x-w-
chmod 413: -r----x-wx
chmod 414: -r----xr--
chmod 415: -r----xr-x
chmod 416: -r----xrw-
chmod 417: -r----xrwx
chmod 420: -r---w----
chmod 421: -r---w---x
chmod 422: -r---w--w-
chmod 423: -r---w--wx
chmod 424: -r---w-r--
chmod 425: -r---w-r-x
chmod 426: -r---w-rw-
chmod 427: -r---w-rwx
chmod 430: -r---wx---
chmod 431: -r---wx--x
chmod 432: -r---wx-w-
chmod 433: -r---wx-wx
chmod 434: -r---wxr--
chmod 435: -r---wxr-x
chmod 436: -r---wxrw-
chmod 437: -r---wxrwx
chmod 440: -r--r-----
chmod 441: -r--r----x
chmod 442: -r--r---w-
chmod 443: -r--r---wx
chmod 444: -r--r--r--
chmod 445: -r--r--r-x
chmod 446: -r--r--rw-
chmod 447: -r--r--rwx
chmod 450: -r--r-x---
chmod 451: -r--r-x--x
chmod 452: -r--r-x-w-
chmod 453: -r--r-x-wx
chmod 454: -r--r-xr--
chmod 455: -r--r-xr-x
chmod 456: -r--r-xrw-
chmod 457: -r--r-xrwx
chmod 460: -r--rw----
chmod 461: -r--rw---x
chmod 462: -r--rw--w-
chmod 463: -r--rw--wx
chmod 464: -r--rw-r--
chmod 465: -r--rw-r-x
chmod 466: -r--rw-rw-
chmod 467: -r--rw-rwx
chmod 470: -r--rwx---
chmod 471: -r--rwx--x
chmod 472: -r--rwx-w-
chmod 473: -r--rwx-wx
chmod 474: -r--rwxr--
chmod 475: -r--rwxr-x
chmod 476: -r--rwxrw-
chmod 477: -r--rwxrwx
chmod 500: -r-x------
chmod 501: -r-x-----x
chmod 502: -r-x----w-
chmod 503: -r-x----wx
chmod 504: -r-x---r--
chmod 505: -r-x---r-x
chmod 506: -r-x---rw-
chmod 507: -r-x---rwx
chmod 510: -r-x--x---
chmod 511: -r-x--x--x
chmod 512: -r-x--x-w-
chmod 513: -r-x--x-wx
chmod 514: -r-x--xr--
chmod 515: -r-x--xr-x
chmod 516: -r-x--xrw-
chmod 517: -r-x--xrwx
chmod 520: -r-x-w----
chmod 521: -r-x-w---x
chmod 522: -r-x-w--w-
chmod 523: -r-x-w--wx
chmod 524: -r-x-w-r--
chmod 525: -r-x-w-r-x
chmod 526: -r-x-w-rw-
chmod 527: -r-x-w-rwx
chmod 530: -r-x-wx---
chmod 531: -r-x-wx--x
chmod 532: -r-x-wx-w-
chmod 533: -r-x-wx-wx
chmod 534: -r-x-wxr--
chmod 535: -r-x-wxr-x
chmod 536: -r-x-wxrw-
chmod 537: -r-x-wxrwx
chmod 540: -r-xr-----
chmod 541: -r-xr----x
chmod 542: -r-xr---w-
chmod 543: -r-xr---wx
chmod 544: -r-xr--r--
chmod 545: -r-xr--r-x
chmod 546: -r-xr--rw-
chmod 547: -r-xr--rwx
chmod 550: -r-xr-x---
chmod 551: -r-xr-x--x
chmod 552: -r-xr-x-w-
chmod 553: -r-xr-x-wx
chmod 554: -r-xr-xr--
chmod 555: -r-xr-xr-x
chmod 556: -r-xr-xrw-
chmod 557: -r-xr-xrwx
chmod 560: -r-xrw----
chmod 561: -r-xrw---x
chmod 562: -r-xrw--w-
chmod 563: -r-xrw--wx
chmod 564: -r-xrw-r--
chmod 565: -r-xrw-r-x
chmod 566: -r-xrw-rw-
chmod 567: -r-xrw-rwx
chmod 570: -r-xrwx---
chmod 571: -r-xrwx--x
chmod 572: -r-xrwx-w-
chmod 573: -r-xrwx-wx
chmod 574: -r-xrwxr--
chmod 575: -r-xrwxr-x
chmod 576: -r-xrwxrw-
chmod 577: -r-xrwxrwx
chmod 600: -rw-------
chmod 601: -rw------x
chmod 602: -rw-----w-
chmod 603: -rw-----wx
chmod 604: -rw----r--
chmod 605: -rw----r-x
chmod 606: -rw----rw-
chmod 607: -rw----rwx
chmod 610: -rw---x---
chmod 611: -rw---x--x
chmod 612: -rw---x-w-
chmod 613: -rw---x-wx
chmod 614: -rw---xr--
chmod 615: -rw---xr-x
chmod 616: -rw---xrw-
chmod 617: -rw---xrwx
chmod 620: -rw--w----
chmod 621: -rw--w---x
chmod 622: -rw--w--w-
chmod 623: -rw--w--wx
chmod 624: -rw--w-r--
chmod 625: -rw--w-r-x
chmod 626: -rw--w-rw-
chmod 627: -rw--w-rwx
chmod 630: -rw--wx---
chmod 631: -rw--wx--x
chmod 632: -rw--wx-w-
chmod 633: -rw--wx-wx
chmod 634: -rw--wxr--
chmod 635: -rw--wxr-x
chmod 636: -rw--wxrw-
chmod 637: -rw--wxrwx
chmod 640: -rw-r-----
chmod 641: -rw-r----x
chmod 642: -rw-r---w-
chmod 643: -rw-r---wx
chmod 644: -rw-r--r--
chmod 645: -rw-r--r-x
chmod 646: -rw-r--rw-
chmod 647: -rw-r--rwx
chmod 650: -rw-r-x---
chmod 651: -rw-r-x--x
chmod 652: -rw-r-x-w-
chmod 653: -rw-r-x-wx
chmod 654: -rw-r-xr--
chmod 655: -rw-r-xr-x
chmod 656: -rw-r-xrw-
chmod 657: -rw-r-xrwx
chmod 660: -rw-rw----
chmod 661: -rw-rw---x
chmod 662: -rw-rw--w-
chmod 663: -rw-rw--wx
chmod 664: -rw-rw-r--
chmod 665: -rw-rw-r-x
chmod 666: -rw-rw-rw-
chmod 667: -rw-rw-rwx
chmod 670: -rw-rwx---
chmod 671: -rw-rwx--x
chmod 672: -rw-rwx-w-
chmod 673: -rw-rwx-wx
chmod 674: -rw-rwxr--
chmod 675: -rw-rwxr-x
chmod 676: -rw-rwxrw-
chmod 677: -rw-rwxrwx
chmod 700: -rwx------
chmod 701: -rwx-----x
chmod 702: -rwx----w-
chmod 703: -rwx----wx
chmod 704: -rwx---r--
chmod 705: -rwx---r-x
chmod 706: -rwx---rw-
chmod 707: -rwx---rwx
chmod 710: -rwx--x---
chmod 711: -rwx--x--x
chmod 712: -rwx--x-w-
chmod 713: -rwx--x-wx
chmod 714: -rwx--xr--
chmod 715: -rwx--xr-x
chmod 716: -rwx--xrw-
chmod 717: -rwx--xrwx
chmod 720: -rwx-w----
chmod 721: -rwx-w---x
chmod 722: -rwx-w--w-
chmod 723: -rwx-w--wx
chmod 724: -rwx-w-r--
chmod 725: -rwx-w-r-x
chmod 726: -rwx-w-rw-
chmod 727: -rwx-w-rwx
chmod 730: -rwx-wx---
chmod 731: -rwx-wx--x
chmod 732: -rwx-wx-w-
chmod 733: -rwx-wx-wx
chmod 734: -rwx-wxr--
chmod 735: -rwx-wxr-x
chmod 736: -rwx-wxrw-
chmod 737: -rwx-wxrwx
chmod 740: -rwxr-----
chmod 741: -rwxr----x
chmod 742: -rwxr---w-
chmod 743: -rwxr---wx
chmod 744: -rwxr--r--
chmod 745: -rwxr--r-x
chmod 746: -rwxr--rw-
chmod 747: -rwxr--rwx
chmod 750: -rwxr-x---
chmod 751: -rwxr-x--x
chmod 752: -rwxr-x-w-
chmod 753: -rwxr-x-wx
chmod 754: -rwxr-xr--
chmod 755: -rwxr-xr-x
chmod 756: -rwxr-xrw-
chmod 757: -rwxr-xrwx
chmod 760: -rwxrw----
chmod 761: -rwxrw---x
chmod 762: -rwxrw--w-
chmod 763: -rwxrw--wx
chmod 764: -rwxrw-r--
chmod 765: -rwxrw-r-x
chmod 766: -rwxrw-rw-
chmod 767: -rwxrw-rwx
chmod 770: -rwxrwx---
chmod 771: -rwxrwx--x
chmod 772: -rwxrwx-w-
chmod 773: -rwxrwx-wx
chmod 774: -rwxrwxr--
chmod 775: -rwxrwxr-x
chmod 776: -rwxrwxrw-
chmod 777: -rwxrwxrwx

Congratulations!

Here's my custom stat function, which I am definately not finished with, so check back in a couple days and if you find any improvements please hook me up with a comment!

function askapache_stat( $filename ) {
$p=@fileperms($filename);
$s=@stat($filename);
$str='';
$t=decoct($s['mode'] & 0170000);
 
switch (octdec($t)) {
case 0140000: $str = 's'; $stat['type']='socket'; break;
case 0120000: $str = 'l'; $stat['type']='link'; break;
case 0100000: $str = '-'; $stat['type']='file'; break;
case 0060000: $str = 'b'; $stat['type']='block'; break;
case 0040000: $str = 'd'; $stat['type']='dir'; break;
case 0020000: $str = 'c'; $stat['type']='char'; break;
case 0010000: $str = 'p'; $stat['type']='fifo'; break;
default: $str = 'u'; $stat['type']='unknown'; break;
}
 
$stat['type_octal'] = sprintf("%07o", octdec($t));
 
$str .= (($p&0x0100)?'r':'-').(($p&0x0080)?'w':'-').(($p&0x0040)?(($p&0x0800)?'s':'x'):(($p&0x0800)?'S':'-'));
$str .= (($p&0x0020)?'r':'-').(($p&0x0010)?'w':'-').(($p&0x0008)?(($p&0x0400)?'s':'x'):(($p&0x0400)?'S':'-'));
$str .= (($p&0x0004)?'r':'-').(($p&0x0002)?'w':'-').(($p&0x0001)?(($p&0x0200)?'t':'x'):(($p&0x0200)?'T':'-'));
 
$stat['default_umask']=sprintf("%04o",umask());
$stat['perm_human']=$str;
$stat['perm_octal1'] = sprintf( "%o", ( $s['mode'] & 00777 ) );
$stat['perm_octal2'] = sprintf("0%o", 0777 & $p);
$stat['perm_dec'] = sprintf("%04o", $p);
$stat['perm_mode']=$s['mode'];   // File mode.
 
$stat['file'] = @realpath($filename);
$stat['basename'] = basename( $filename );
 
$stat['user_id'] = $s['uid'];
$stat['group_id'] = $s['gid'];
 
$stat['device']=$s['dev'];      // Device
$stat['device_number']=$s['rdev'];    // Device number, if device.
$stat['inode']=$s['ino'];      // File serial number
$stat['link_count']=$s['nlink'];    // link count
if($stat['type']=='link')$stat['link_to']=@readlink( $filename );
 
$stat['size']=$s['size'];    // Size of file, in bytes.
$stat['block_size']=$s['blksize'];  // Optimal block size for I/O.
$stat['blocks']=$s['blocks'];  // Number 512-byte blocks allocated
 
$stat['time_access']=@date( 'Y M D H:i:s',$s['atime']);    // Time of last access.
$stat['time_modified']=@date( 'Y M D H:i:s',$s['mtime']);    // Time of last modification
$stat['time_created']=@date( 'Y M D H:i:s',$s['ctime']);    // Time of last status change
 
clearstatcache();
return $stat;
}
 
header('Content-Type: text/plain');
$stat=askapache_stat(__FILE__);
print_r($stat);

Defining Permission Bits

!defined('S_IFMT') && define('S_IFMT', 0170000); //  mask for all types
!defined('S_IFSOCK') && define('S_IFSOCK', 0140000); // type: socket
!defined('S_IFLNK') && define('S_IFLNK', 0120000); // type:  symbolic link
!defined('S_IFREG') && define('S_IFREG', 0100000); // type:  regular file
!defined('S_IFBLK') && define('S_IFBLK', 0060000); // type:  block device
!defined('S_IFDIR') && define('S_IFDIR', 0040000); // type:  directory
!defined('S_IFCHR') && define('S_IFCHR', 0020000); // type:  character device
!defined('S_IFIFO') && define('S_IFIFO', 0010000); // type:  fifo
 
!defined('S_ISUID') && define('S_ISUID', 0004000); // set-uid bit
!defined('S_ISGID') && define('S_ISGID', 0002000); // set-gid bit
!defined('S_ISVTX') && define('S_ISVTX', 0001000); // sticky bit
!defined('S_IRWXU') && define('S_IRWXU', 00700); //  mask for owner permissions
!defined('S_IRUSR') && define('S_IRUSR', 00400); //  owner: read permission
!defined('S_IWUSR') && define('S_IWUSR', 00200); //  owner: write permission
!defined('S_IXUSR') && define('S_IXUSR', 00100); //  owner: execute permission
!defined('S_IRWXG') && define('S_IRWXG', 00070); //  mask for group permissions
!defined('S_IRGRP') && define('S_IRGRP', 00040); //  group: read permission
!defined('S_IWGRP') && define('S_IWGRP', 00020); //  group: write permission
!defined('S_IXGRP') && define('S_IXGRP', 00010); //  group: execute permission
!defined('S_IRWXO') && define('S_IRWXO', 00007); //  mask for others permissions
!defined('S_IROTH') && define('S_IROTH', 00004); //  others:  read permission
!defined('S_IWOTH') && define('S_IWOTH', 00002); //  others:  write permission
!defined('S_IXOTH') && define('S_IXOTH', 00001); //  others:  execute permission
 
!defined('S_IRWXUGO') && define('S_IRWXUGO', (S_IRWXU | S_IRWXG | S_IRWXO));
!defined('S_IALLUGO') && define('S_IALLUGO', (S_ISUID | S_ISGID | S_ISVTX | S_IRWXUGO));
!defined('S_IRUGO') && define('S_IRUGO', (S_IRUSR | S_IRGRP | S_IROTH));
!defined('S_IWUGO') && define('S_IWUGO', (S_IWUSR | S_IWGRP | S_IWOTH));
!defined('S_IXUGO') && define('S_IXUGO', (S_IXUSR | S_IXGRP | S_IXOTH));
!defined('S_IRWUGO') && define('S_IRWUGO', (S_IRUGO | S_IWUGO));

How File Permissions Work

When PHP is installed on your server by you or whoever runs the server, it uses the file permissions that are used by the Operating System running the server.. If you are smart or just lucky than you are running some type of BSD/Unix/Solaris/Linux/Sun based Operating system and PHP won't have any problems. If you are running on a Locked, proprietary OS like Windows, PHP will still work but it has to use a lot of shortcuts and hacks to basically "Pretend" to act like the OS is BSD/Unix, and some key features just won't be available.

The OS Permission Bits

Here's the file permissions my Linux server uses, and which PHP automatically uses. The code basically just defines the default permissions for files, and defines the file atributes for each file that you can access by using the stat function, which I've improved upon to make things easier.

Download: POSIX Standard: 5.6 File Characteristicssys/stat.h

Protection bits for File Owner

#define S_IRWXU 00700
#define S_IRUSR 00400
#define S_IWUSR 00200
#define S_IXUSR 00100

Protection bits for File Group

#define S_IRWXG 00070
#define S_IRGRP 00040
#define S_IWGRP 00020
#define S_IXGRP 00010

Protection bits for All Others

#define S_IRWXO 00007
#define S_IROTH 00004
#define S_IWOTH 00002
#define S_IXOTH 00001

Some Example Permissions

0477 // owner has read only, other and group has rwx 0677 // owner has rw only, other and group has rwx

0444 // all have read only 0666 // all have rw only

0400 // owner has read only, group and others have no permission 0600 // owner has rw only, group and others have no permission

0470 // owner has read only, group has rwx, others have no permission 0407 // owner has read only, other has rwx, group has no permission

0670 // owner has rw only, group has rwx, others have no permission 0607 // owner has rw only, group has no permission and others have rwx

What's a File

A file is not merely its contents, a name, and a file type. A file also has an owner (a user ID), a group (a group ID), permissions (what the owner can do with the file, what people in the group can do, and what everyone else can do), various timestamps, and other information. Collectively, we call these a file's attributes.

Structure of File Mode Bits

The file mode bits have two parts: the file permission bits, which control ordinary access to the file, and special mode bits, which affect only some files.

There are three kinds of permissions that a user can have for a file:

permission to read the file. For directories, this means permission to list the contents of the directory.
permission to write to (change) the file. For directories, this means permission to create and remove files in the directory.
permission to execute the file (run it as a program). For directories, this means permission to access files in the directory.

There are three categories of users who may have different permissions to perform any of the above operations on a file:

the file's owner.
other users who are in the file's group
everyone else.

Files are given an owner and group when they are created. Usually the owner is the current user and the group is the group of the directory the file is in, but this varies with the operating system, the file system the file is created on, and the way the file is created. You can change the owner and group of a file by using the chown and chgrp commands.

In addition to the three sets of three permissions listed above, the file mode bits have three special components, which affect only executable files (programs) and, on most systems, directories:

Set the process's effective user ID to that of the file upon execution (called the set-user-ID bit, or sometimes the setuid bit). For directories on a few systems, give files created in the directory the same owner as the directory, no matter who creates them, and set the set-user-ID bit of newly-created subdirectories.
Set the process's effective group ID to that of the file upon execution (called the set-group-ID bit, or sometimes the setgid bit). For directories on most systems, give files created in the directory the same group as the directory, no matter what group the user who creates them is in, and set the set-group-ID bit of newly-created subdirectories.
Prevent unprivileged users from removing or renaming a file in a directory unless they own the file or the directory; this is called the restricted deletion flag for the directory, and is commonly found on world-writable directories like /tmp.

For regular files on some older systems, save the program's text image on the swap device so it will load more quickly when run; this is called the sticky bit.

Setting Permissions

The basic symbolic operations on a file's permissions are adding, removing, and setting the permission that certain users have to read, write, and execute or search the file. These operations have the following format:

users operation permissions

The spaces between the three parts above are shown for readability only; symbolic modes cannot contain spaces. The users part tells which users' access to the file is changed. It consists of one or more of the following letters (or it can be empty). When more than one of these letters is given, the order that they are in does not matter.

u - the user who owns the file.
g - other users who are in the file's group.
o - all other users.
a - all users; the same as ugo.

The operation part tells how to change the affected users' access to the file, and is one of the following symbols:

+ - to add the permissions to whatever permissions the users already have for the file.
- - to remove the permissions from whatever permissions the users already have for the file.
= - to make the permissions the only permissions that the users have for the file.

The permissions part tells what kind of access to the file should be changed; it is normally zero or more of the following letters. As with the users part, the order does not matter when more than one letter is given. Omitting the permissions part is useful only with the = operation, where it gives the specified users no access at all to the file.

r - the permission the users have to read the file.
w - the permission the users have to write to the file.
x - the permission the users have to execute the file, or search it if it is a directory.

For example, to give everyone permission to read and write a regular file, but not to execute it, use:

a=rw

To remove write permission for all users other than the file's owner, use:

go-w

The above command does not affect the access that the owner of the file has to it, nor does it affect whether other users can read or execute the file.

To give everyone except a file's owner no permission to do anything with that file, use the mode below. Other users could still remove the file, if they have write permission on the directory it is in.

go=

Another way to specify the same thing is:

og-rwx

Copying Existing Permissions

You can base a file's permissions on its existing permissions. To do this, instead of using a series of r, w, or x letters after the operator, you use the letter u, g, or o. For example, the mode

o+g

adds the permissions for users who are in a file's group to the permissions that other users have for the file. Thus, if the file started out as mode 664 (rw-rw-r--), the above mode would change it to mode 666 (rw-rw-rw-). If the file had started out as mode 741 (rwxr----x), the above mode would change it to mode 745 (rwxr--r-x). The - and = operations work analogously.

Umask and Protection

If the users part of a symbolic mode is omitted, it defaults to a (affect all users), except that any permissions that are set in the system variable umask are not affected. The value of umask can be set using the umask command. Its default value varies from system to system.

Omitting the users part of a symbolic mode is generally not useful with operations other than +. It is useful with + because it allows you to use umask as an easily customizable protection against giving away more permission to files than you intended to. As an example, if umask has the value 2, which removes write permission for users who are not in the file's group, then the mode:

+w

adds permission to write to the file to its owner and to other users who are in the file's group, but not to other users. In contrast, the mode:

a+w

ignores umask, and does give write permission for the file to all users.

Directories, Set-User-ID and Set-Group-ID Bits

On most systems, if a directory's set-group-ID bit is set, newly created subfiles inherit the same group as the directory, and newly created subdirectories inherit the set-group-ID bit of the parent directory. On a few systems, a directory's set-user-ID bit has a similar effect on the ownership of new subfiles and the set-user-ID bits of new subdirectories. These mechanisms let users share files more easily, by lessening the need to use chmod or chown to share new files.

These convenience mechanisms rely on the set-user-ID and set-group-ID bits of directories. If commands like chmod and mkdir routinely cleared these bits on directories, the mechanisms would be less convenient and it would be harder to share files. Therefore, a command like chmod does not affect the set-user-ID or set-group-ID bits of a directory unless the user specifically mentions them in a symbolic mode, or sets them in a numeric mode. For example, on systems that support set-group-ID inheritance:

# These commands leave the set-user-ID and
# set-group-ID bits of the subdirectories alone,
# so that they retain their default values.
mkdir A B C
chmod 755 A
chmod 0755 B
chmod u=rwx,go=rx C
mkdir -m 755 D
mkdir -m 0755 E
mkdir -m u=rwx,go=rx F

If you want to try to set these bits, you must mention them explicitly in the symbolic or numeric modes, e.g.:

# These commands try to set the set-user-ID
# and set-group-ID bits of the subdirectories.
mkdir G H
chmod 6755 G
chmod u=rwx,go=rx,a+s H
mkdir -m 6755 I
mkdir -m u=rwx,go=rx,a+s J

If you want to try to clear these bits, you must mention them explicitly in a symbolic mode, e.g.:

# This command tries to clear the set-user-ID
# and set-group-ID bits of the directory D.
chmod a-s D

Numeric Modes

The permissions granted to the user, to other users in the file's group, and to other users not in the file's group each require three bits, which are represented as one octal digit. The three special mode bits also require one bit each, and they are as a group represented as another octal digit. Here is how the bits are arranged, starting with the lowest valued bit:

Other users not in the file's group:

1 Execute/search
2 Write
4 Read

Other users in the file's group:

10 Execute/search
20 Write
40 Read

The file's owner:

100 Execute/search
200 Write
400 Read

Special mode bits:

1000 Restricted deletion flag or sticky bit
2000 Set group ID on execution
4000 Set user ID on execution

For example, numeric mode 4755 corresponds to symbolic mode u=rwxs,go=rx, and numeric mode 664 corresponds to symbolic mode ug=rw,o=r. Numeric mode 0 corresponds to symbolic mode a=.

Apache's Internal Bits (hex)

#define APR_FPROT_USETID   0x8000 /* Set user id */
#define APR_FPROT_UREAD   0x0400 /* Read by user */
#define APR_FPROT_UWRITE   0x0200 /* Write by user */
#define APR_FPROT_UEXECUTE 0x0100 /* Execute by user */
 
#define APR_FPROT_GSETID   0x4000 /* Set group id */
#define APR_FPROT_GREAD   0x0040 /* Read by group */
#define APR_FPROT_GWRITE   0x0020 /* Write by group */
#define APR_FPROT_GEXECUTE 0x0010 /* Execute by group */
 
#define APR_FPROT_WSTICKY 0x2000 /* Sticky bit */
#define APR_FPROT_WREAD   0x0004 /* Read by others */
#define APR_FPROT_WWRITE 0x0002 /* Write by others */
#define APR_FPROT_WEXECUTE 0x0001 /* Execute by others */
 
#define APR_FPROT_OS_DEFAULT  0x0FFF /* use OS's default permissions */
 
/* additional permission flags for apr_file_copy  and apr_file_append */
#define APR_FPROT_FILE_SOURCE_PERMS 0x1000 /* Copy source file's permissions */

Download: httpd-2.2.10/srclib/apr/file_io/unix/fileacc.c Here's some interesting bitmasking done by Apache that uses the defined bits set earlier by stat.h

apr_unix_perms2mode(perms){
 mode=0;
 if (perms & APR_USETID) mode |= S_ISUID;
 if (perms & APR_UREAD)  mode |= S_IRUSR;
 if (perms & APR_UWRITE) mode |= S_IWUSR;
 if (perms & APR_UEXECUTE) mode |= S_IXUSR;
 
 if (perms & APR_GSETID) mode |= S_ISGID;
 if (perms & APR_GREAD)  mode |= S_IRGRP;
 if (perms & APR_GWRITE) mode |= S_IWGRP;
 if (perms & APR_GEXECUTE) mode |= S_IXGRP;
 
 if (perms & APR_WSTICKY) mode |= S_ISVTX;
 if (perms & APR_WREAD)  mode |= S_IROTH;
 if (perms & APR_WWRITE) mode |= S_IWOTH;
 if (perms & APR_WEXECUTE) mode |= S_IXOTH;
 return mode;
}
 
apr_unix_mode2perms(mode){
 perms = 0;
 if (mode & S_ISUID)perms |= APR_USETID;
 if (mode & S_IRUSR)perms |= APR_UREAD;
 if (mode & S_IWUSR)perms |= APR_UWRITE;
 if (mode & S_IXUSR)perms |= APR_UEXECUTE;
 
 if (mode & S_ISGID)perms |= APR_GSETID;
 if (mode & S_IRGRP)perms |= APR_GREAD;
 if (mode & S_IWGRP)perms |= APR_GWRITE;
 if (mode & S_IXGRP)perms |= APR_GEXECUTE;
 
 if (mode & S_ISVTX)perms |= APR_WSTICKY;
 if (mode & S_IROTH)perms |= APR_WREAD;
 if (mode & S_IWOTH)perms |= APR_WWRITE;
 if (mode & S_IXOTH)perms |= APR_WEXECUTE;
 return perms;
}

umask

umask(int mask){
 arg1;
 int oldumask;
 int arg_count = ZEND_NUM_ARGS();
 oldumask = umask(077);
 
 if (BG(umask) == -1) BG(umask) = oldumask;
 if (arg_count == 0) umask(oldumask);
 
 convert_to_long_ex(arg1);
 umask(Z_LVAL_PP(arg1));
 RETURN_LONG(oldumask);
}

File Attributes

Each file will have attributes based on the type of OS.. Using the stat command you can view them.

Viewing stat results

* %a - Access rights in octal
* %A - Access rights in human readable form
* %b - Number of blocks allocated (see %B)
* %B - The size in bytes of each block reported by %b
* %d - Device number in decimal
* %D - Device number in hex
* %f - Raw mode in hex
* %F - File type
* %g - Group ID of owner
* %G - Group name of owner
* %h - Number of hard links
* %i - Inode number
* %n - File name
* %N - Quoted file name with dereference if symbolic link
* %o - I/O block size
* %s - Total size, in bytes
* %t - Major device type in hex
* %T - Minor device type in hex
* %u - User ID of owner
* %U - User name of owner
* %x - Time of last access
* %X - Time of last access as seconds since Epoch
* %y - Time of last modification
* %Y - Time of last modification as seconds since Epoch
* %z - Time of last change
* %Z - Time of last change as seconds since Epoch

The OS Attribute Bits

These defined values are what allows your operating system to determine the type of file being accessed.

#define S_IFMT   00170000  /* These bits determine file type. */
#define S_IFSOCK 0140000  /* Socket file */
#define S_IFLNK   0120000  /* Symbolic Link */
#define S_IFREG   0100000  /* Regular file */
#define S_IFDIR   0040000  /* Directory */
#define S_IFIFO  0010000   /* FIFO first-in-first-out file */
 
/* Such devices can be read either a character at a time or a "block" (many characters) at a time,
hence we say there are block special files and character special files. */
#define S_IFBLK   0060000  /* Block device */
#define S_IFCHR  0020000  /* Character device */

Special Permission Bits

#define S_ISUID  0004000  /* Set user ID on execution.  */
#define S_ISGID  0002000  /* Set group ID on execution.  */
#define S_ISVTX  0001000 /* Save swapped text after use (sticky).  */

Bitmasking to determine Filetype

#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
#define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
#define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR)
#define S_ISBLK(m) (((m) & S_IFMT) == S_IFBLK)
#define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO)
#define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK)

Default Permission Masks

#define S_IRWXUGO (S_IRWXU|S_IRWXG|S_IRWXO)
#define S_IALLUGO (S_ISUID|S_ISGID|S_ISVTX|S_IRWXUGO)
#define S_IRUGO  (S_IRUSR|S_IRGRP|S_IROTH)
#define S_IWUGO  (S_IWUSR|S_IWGRP|S_IWOTH)
#define S_IXUGO  (S_IXUSR|S_IXGRP|S_IXOTH)

Download: httpd-2.2.10/srclib/apr/file_io/unix/filestat.c, this file shows a simple way to determine the type of file.

filetype_from_mode(mode){
 type;
 switch (mode & S_IFMT) {
  case S_IFREG:  type = APR_REG;  break;
  case S_IFDIR:  type = APR_DIR;  break;
  case S_IFLNK:  type = APR_LNK;  break;
 
  case S_IFCHR:  type = APR_CHR;  break;
  case S_IFBLK:  type = APR_BLK;  break;
  case S_IFFIFO: type = APR_PIPE; break;
  case S_IFSOCK: type = APR_SOCK; break;
  default: type = APR_UNKFILE;
 }
 return type;
}

Apache Stat Bits

#define APR_FINFO_LINK  0x00000001 /* Stat the link not the file itself if it is a link */
#define APR_FINFO_MTIME  0x00000010 /* Modification Time */
#define APR_FINFO_CTIME  0x00000020 /* Creation or inode-changed time */
#define APR_FINFO_ATIME  0x00000040 /* Access Time */
#define APR_FINFO_SIZE  0x00000100 /* Size of the file */
#define APR_FINFO_CSIZE  0x00000200 /* Storage size consumed by the file */
#define APR_FINFO_DEV  0x00001000 /* Device */
#define APR_FINFO_INODE  0x00002000 /* Inode */
#define APR_FINFO_NLINK  0x00004000 /* Number of links */
#define APR_FINFO_TYPE  0x00008000 /* Type */
#define APR_FINFO_USER  0x00010000 /* User */
#define APR_FINFO_GROUP  0x00020000 /* Group */
#define APR_FINFO_UPROT  0x00100000 /* User protection bits */
#define APR_FINFO_GPROT  0x00200000 /* Group protection bits */
#define APR_FINFO_WPROT  0x00400000 /* World protection bits */
#define APR_FINFO_ICASE  0x01000000 /* if dev is case insensitive */
#define APR_FINFO_NAME  0x02000000 /* name in proper case */
#define APR_FINFO_MIN  0x00008170 /* type, mtime, ctime, atime, size */
#define APR_FINFO_IDENT  0x00003000 /* dev and inode */
#define APR_FINFO_OWNER  0x00030000 /* user and group */
#define APR_FINFO_PROT  0x00700000 /* all protections */
#define APR_FINFO_NORM  0x0073b170 /* an atomic unix apr_stat() */
#define APR_FINFO_DIRENT 0x02000000 /* an atomic unix apr_dir_read() */

The Apache file information structure.

apr_uid_t user;  /* The user id that owns the file */
apr_gid_t group;  /* The group id that owns the file */
apr_ino_t inode; /* The inode of the file. */
apr_dev_t device; /* The id of the device the file is on. */
apr_int32_t nlink; /* The number of hard links to the file. */
apr_off_t size;  /* The size of the file */
apr_off_t csize; /* The storage size consumed by the file */
apr_time_t atime; /* The time the file was last accessed */
apr_time_t mtime; /* The time the file was last modified */
apr_time_t ctime; /* The time the file was created, or the inode was last changed */
const char *fname; /* The pathname of the file (possibly unrooted) */
const char *name; /* The file's name (no path) in filesystem case */

File Time Attributes

touch
If changing both the access and modification times to the current time, touch can change the timestamps for files that the user running it does not own but has write permission for. Otherwise, the user must own the files.

Although touch provides options for changing two of the times the times of last access and modification of a file, there is actually a third one as well: the inode change time. This is often referred to as a file's ctime. The inode change time represents the time when the file's meta-information last changed. One common example of this is when the permissions of a file change. Changing the permissions doesn't access the file, so the atime doesn't change, nor does it modify the file, so the mtime doesn't change. Yet, something about the file itself has changed, and this must be noted somewhere. This is the job of the ctime field. This is necessary, so that, for example, a backup program can make a fresh copy of the file, including the new permissions value. Another operation that modifies a file's ctime without affecting the others is renaming. In any case, it is not possible, in normal operations, for a user to change the ctime field to a user-specified value.

WebHost allows you to create multiple users per account. Each user can have domain assigned to its home home directory accessible via FTP or SSH/SCP. The problem with multiple users on the same account is that they share the same default unix group, and default permissions allow their files to be easily modified by the members of this group. Usually this doesn't pose a problem as each user is probably trusted by account owner to not to mess with others files, but if one of the users have their web application hacked then all other users on the same account will be in danger.

By default all files in your account are created with 644 privileges and directories are with 775. That means any user can read your files and any user from the same account can move and add files in your freshly made directories. Your home directory is different, though. By default it carries 751 attribute meaning that only members of your group can see your files, but can't add any new. These group access schemes are possible, because every user in your account has its primary/default group set to "pgxxxxxx", which is assigned to every new file you create by default. The normal way to secure users from web-intrusion is to assign a separate group to the web-server user, removing it from default group. This way, exploited scripts will not be able to traverse into home directories of other users on your account. To allow account users to update centralized web-site they could be added to web-site group explicitly. But this "normal way" doesn't work with DreamHost, because you can't delete web-user from the default group and unless you set access for every new file explicitly, it will be possible for an intruder to read it.

To make managing privileges easier in interactive sessions "umask 007" command can be specified in your .bash_profile - this makes all new files carry xx0 mask. You also need to control your scripts (web based or cron/shell) so that they set mask for critical files explicitly. To secure account users from access by means of hacked user script you would also like to define another group for every user in your account and change group ownership of the user's home directory to that group with "set gid" bit set (and optional umask 007 in .bash_profile).

Therefore, to secure your users from web-intrusion you need to:

Add a separate user and group for every domain where apache will be running
Add a separate group for other user accounts
Change the default group for new files created by your users by changing the group of their home directory and setting "set gid" bit for it (it is impossible to do this with FTP accounts, therefore you will need to login in each account via SSH)
Add users who need access to web-site into the web-user group
Optionally set umask 007 in .bash_profile for every user to tweak default WebHost775/664 permissions to something like 770/660 for directories and files that are not meant to be read by Apache (660 could also be used for all web scripts including .php as they are not read by dhapache CGI, but merely executed)

Apache Security

All your web files that need to be read by Apache should be readable by everyone as Apache itself is run under dhapache user. However, executable scripts like .php are executed under your own user and do not have to be world readable as they are not actually read by Apache, but executed via suEXEC. Quite the opposite - to prevent your code or database settings from being messed by any third-parties you SHOULD set permissions to these files explicitly to something like 640 or even 600 depending on who do you trust.

Multiuser security setup example

For our example, we will create a rainforce_www user and a aapp_www group for serving web files with apache and setup a rainforce user with a 'aapp group to manage mail and keep other files on DH privately. Since these records already exist, you will need to subsitute your own names.

Login to create the users rainforce_www and rainforce with shell access.
Create two groups - aapp_www and aapp. Note that users created in previous step are still members of the same default pgxxxxxx group.
Add rainforce_www to 'the 'aapp_www group and rainforce to both the aapp_www and aapp groups
Move your domain to rainforce_www account (mine is rainforce.org)
Now login to SSH with your rainforce_www user and change the default group for your home directory with "sgid" bit set to make all current and new files/directories created in this directory have the same aapp_www group.

 $ chgrp -R aapp_www .
 $ chmod 2751 .
 $ chmod 2771 rainforce.org

By setting 2771 the directory will be writable by the owner, the group and will be only executable by others. The contents of an executable only directory cannot be listed, but the files inside it can be read (if the permissions of the file allow it). It is important that the directory can be executable in order to allow static content (e.g. .html files) inside it to be read. Remember that directories you don't want anyone to have web access to, should be 0770 (writable by the owner and group, or 0750 writable by the owner and readable by group). Such strict permissions should by applied to password files, php include files or databases files (such as SQLite, BDB, etc).

Do the same for rainforce user, but specify aapp group instead.

 $ chgrp -R aapp .
 $ chmod 2751 .

Optionally modify umask in .bash_profile in user's home to 007 to make all files created by this user have 660 permissions set by default. If you want that newly created files by accessible by the web, you need to manually setup it's permissions to 664.

Now I can login as the user "rainforce" and update the web-site in the ../rainforce_www/rainforce.org directory. There is one more setup needed. Because files copied from other accounts can have 644 permissions set instead of 664, you need a script which will update permissions to 664 or 660 to allow other group members modify such files.

SSH key fingerprints

Just gen your own I guess

External Links

Original Article from DreamHost Wiki

Content is available under GNU Free Documentation License 1.2.

Example File Permission Bits

`/usr/lib/w3m/cgi-bin/dirlist.cgi`

sub utype {
  local($_) = @_;
  local(%T) = (
    0010000, 'PIPE',
    0020000, 'CHR',
    0040000, 'DIR',
    0060000, 'BLK',
    0100000, 'FILE',
    0120000, 'LINK',
    0140000, 'SOCK',
  );
  return $T{($_ & 0170000)} || 'FILE';
}
 
sub umode {
  local($_) = @_;
  local(%T) = (
    0010000, 'p',
    0020000, 'c',
    0040000, 'd',
    0060000, 'b',
    0100000, '-',
    0120000, 'l',
    0140000, 's',
  );
 
  return ($T{($_ & 0170000)} || '-')
     . (($_ & 00400) ? 'r' : '-')
     . (($_ & 00200) ? 'w' : '-')
     . (($_ & 04000) ? 's' :
       (($_ & 00100) ? 'x' : '-'))
     . (($_ & 00040) ? 'r' : '-')
     . (($_ & 00020) ? 'w' : '-')
     . (($_ & 02000) ? 's' :
       (($_ & 00010) ? 'x' : '-'))
     . (($_ & 00004) ? 'r' : '-')
     . (($_ & 00002) ? 'w' : '-')
     . (($_ & 01000) ? 't' :
       (($_ & 00001) ? 'x' : '-'));
}

`/usr/lib/perl/5.8.4/linux/stat.ph`

        eval 'sub S_IFMT () {00170000;}' unless defined(&S_IFMT);
        eval 'sub S_IFSOCK () {0140000;}' unless defined(&S_IFSOCK);
        eval 'sub S_IFLNK () {0120000;}' unless defined(&S_IFLNK);
        eval 'sub S_IFREG () {0100000;}' unless defined(&S_IFREG);
        eval 'sub S_IFBLK () {0060000;}' unless defined(&S_IFBLK);
        eval 'sub S_IFDIR () {0040000;}' unless defined(&S_IFDIR);
        eval 'sub S_IFCHR () {0020000;}' unless defined(&S_IFCHR);
        eval 'sub S_IFIFO () {0010000;}' unless defined(&S_IFIFO);
        eval 'sub S_ISUID () {0004000;}' unless defined(&S_ISUID);
        eval 'sub S_ISGID () {0002000;}' unless defined(&S_ISGID);
        eval 'sub S_ISVTX () {0001000;}' unless defined(&S_ISVTX);
        eval 'sub S_ISLNK {
            local($m) = @_;
            eval q(((($m) &  &S_IFMT) ==  &S_IFLNK));
        }' unless defined(&S_ISLNK);
        eval 'sub S_ISREG {
            local($m) = @_;
            eval q(((($m) &  &S_IFMT) ==  &S_IFREG));
        }' unless defined(&S_ISREG);
        eval 'sub S_ISDIR {
            local($m) = @_;
            eval q(((($m) &  &S_IFMT) ==  &S_IFDIR));
        }' unless defined(&S_ISDIR);
        eval 'sub S_ISCHR {
            local($m) = @_;
            eval q(((($m) &  &S_IFMT) ==  &S_IFCHR));
        }' unless defined(&S_ISCHR);
        eval 'sub S_ISBLK {
            local($m) = @_;
            eval q(((($m) &  &S_IFMT) ==  &S_IFBLK));
        }' unless defined(&S_ISBLK);
        eval 'sub S_ISFIFO {
            local($m) = @_;
            eval q(((($m) &  &S_IFMT) ==  &S_IFIFO));
        }' unless defined(&S_ISFIFO);
        eval 'sub S_ISSOCK {
            local($m) = @_;
            eval q(((($m) &  &S_IFMT) ==  &S_IFSOCK));
        }' unless defined(&S_ISSOCK);
        eval 'sub S_IRWXU () {00700;}' unless defined(&S_IRWXU);
        eval 'sub S_IRUSR () {00400;}' unless defined(&S_IRUSR);
        eval 'sub S_IWUSR () {00200;}' unless defined(&S_IWUSR);
        eval 'sub S_IXUSR () {00100;}' unless defined(&S_IXUSR);
        eval 'sub S_IRWXG () {00070;}' unless defined(&S_IRWXG);
        eval 'sub S_IRGRP () {00040;}' unless defined(&S_IRGRP);
        eval 'sub S_IWGRP () {00020;}' unless defined(&S_IWGRP);
        eval 'sub S_IXGRP () {00010;}' unless defined(&S_IXGRP);
        eval 'sub S_IRWXO () {00007;}' unless defined(&S_IRWXO);
        eval 'sub S_IROTH () {00004;}' unless defined(&S_IROTH);
        eval 'sub S_IWOTH () {00002;}' unless defined(&S_IWOTH);
        eval 'sub S_IXOTH () {00001;}' unless defined(&S_IXOTH);
    }
    if(defined(&__KERNEL__)) {
        eval 'sub S_IRWXUGO () {( &S_IRWXU| &S_IRWXG| &S_IRWXO);}' unless defined(&S_IRWXUGO);
        eval 'sub S_IALLUGO () {( &S_ISUID| &S_ISGID| &S_ISVTX| &S_IRWXUGO);}' unless defined(&S_IALLUGO);
        eval 'sub S_IRUGO () {( &S_IRUSR| &S_IRGRP| &S_IROTH);}' unless defined(&S_IRUGO);
        eval 'sub S_IWUGO () {( &S_IWUSR| &S_IWGRP| &S_IWOTH);}' unless defined(&S_IWUGO);
        eval 'sub S_IXUGO () {( &S_IXUSR| &S_IXGRP| &S_IXOTH);}' unless defined(&S_IXUGO);
        require 'linux/types.ph';
        require 'linux/time.ph';
    }

Mozilla-Source 1.8a2

/* notice that these valuse are octal. */
const PERM_IRWXU = 00700;  /* read, write, execute/search by owner */
const PERM_IRUSR = 00400;  /* read permission, owner */
const PERM_IWUSR = 00200;  /* write permission, owner */
const PERM_IXUSR = 00100;  /* execute/search permission, owner */
const PERM_IRWXG = 00070;  /* read, write, execute/search by group */
const PERM_IRGRP = 00040;  /* read permission, group */
const PERM_IWGRP = 00020;  /* write permission, group */
const PERM_IXGRP = 00010;  /* execute/search permission, group */
const PERM_IRWXO = 00007;  /* read, write, execute/search by others */
const PERM_IROTH = 00004;  /* read permission, others */
const PERM_IWOTH = 00002;  /* write permission, others */
const PERM_IXOTH = 00001;  /* execute/search permission, others */
 
const MODE_RDONLY   = 0x01;
const MODE_WRONLY   = 0x02;
const MODE_RDWR     = 0x04;
const MODE_CREATE   = 0x08;
const MODE_APPEND   = 0x10;
const MODE_TRUNCATE = 0x20;
const MODE_SYNC     = 0x40;
const MODE_EXCL     = 0x80;

`/usr/include/libpng12/png.h`

/* Transform masks for the high-level interface */
#define PNG_TRANSFORM_IDENTITY       0x0000    /* read and write */
#define PNG_TRANSFORM_STRIP_16       0x0001    /* read only */
#define PNG_TRANSFORM_STRIP_ALPHA    0x0002    /* read only */
#define PNG_TRANSFORM_PACKING        0x0004    /* read and write */
#define PNG_TRANSFORM_PACKSWAP       0x0008    /* read and write */
#define PNG_TRANSFORM_EXPAND         0x0010    /* read only */
#define PNG_TRANSFORM_INVERT_MONO    0x0020    /* read and write */
#define PNG_TRANSFORM_SHIFT          0x0040    /* read and write */
#define PNG_TRANSFORM_BGR            0x0080    /* read and write */
#define PNG_TRANSFORM_SWAP_ALPHA     0x0100    /* read and write */
#define PNG_TRANSFORM_SWAP_ENDIAN    0x0200    /* read and write */
#define PNG_TRANSFORM_INVERT_ALPHA   0x0400    /* read and write */
#define PNG_TRANSFORM_STRIP_FILLER   0x0800    /* WRITE only */

`/usr/lib/python2.4/stat.py`

# Extract bits from the mode
 
def S_IMODE(mode):
    return mode & 07777
 
def S_IFMT(mode):
    return mode & 0170000
 
# Constants used as S_IFMT() for various file types
# (not all are implemented on all systems)
 
S_IFDIR  = 0040000
S_IFCHR  = 0020000
S_IFBLK  = 0060000
S_IFREG  = 0100000
S_IFIFO  = 0010000
S_IFLNK  = 0120000
S_IFSOCK = 0140000
 
# Functions to test for each file type
 
def S_ISDIR(mode):
    return S_IFMT(mode) == S_IFDIR
 
def S_ISCHR(mode):
    return S_IFMT(mode) == S_IFCHR
 
def S_ISBLK(mode):
    return S_IFMT(mode) == S_IFBLK
 
def S_ISREG(mode):
    return S_IFMT(mode) == S_IFREG
 
def S_ISFIFO(mode):
    return S_IFMT(mode) == S_IFIFO
 
def S_ISLNK(mode):
    return S_IFMT(mode) == S_IFLNK
 
def S_ISSOCK(mode):
    return S_IFMT(mode) == S_IFSOCK
 
# Names for permission bits
 
S_ISUID = 04000
S_ISGID = 02000
S_ENFMT = S_ISGID
S_ISVTX = 01000
S_IREAD = 00400
S_IWRITE = 00200
S_IEXEC = 00100
S_IRWXU = 00700
S_IRUSR = 00400
S_IWUSR = 00200
S_IXUSR = 00100
S_IRWXG = 00070
S_IRGRP = 00040
S_IWGRP = 00020
S_IXGRP = 00010
S_IRWXO = 00007
S_IROTH = 00004
S_IWOTH = 00002
S_IXOTH = 00001

`/usr/include/bits/stat.h`

/* Encoding of the file mode.  */
 
#define __S_IFMT        0170000 /* These bits determine file type.  */
 
/* File types.  */
#define __S_IFDIR       0040000 /* Directory.  */
#define __S_IFCHR       0020000 /* Character device.  */
#define __S_IFBLK       0060000 /* Block device.  */
#define __S_IFREG       0100000 /* Regular file.  */
#define __S_IFIFO       0010000 /* FIFO.  */
#define __S_IFLNK       0120000 /* Symbolic link.  */
#define __S_IFSOCK      0140000 /* Socket.  */
 
/* POSIX.1b objects.  Note that these macros always evaluate to zero.  But
   they do it by enforcing the correct use of the macros.  */
#define __S_TYPEISMQ(buf)  ((buf)->st_mode - (buf)->st_mode)
#define __S_TYPEISSEM(buf) ((buf)->st_mode - (buf)->st_mode)
#define __S_TYPEISSHM(buf) ((buf)->st_mode - (buf)->st_mode)
 
/* Protection bits.  */
 
#define __S_ISUID       04000   /* Set user ID on execution.  */
#define __S_ISGID       02000   /* Set group ID on execution.  */
#define __S_ISVTX       01000   /* Save swapped text after use (sticky).  */
#define __S_IREAD       0400    /* Read by owner.  */
#define __S_IWRITE      0200    /* Write by owner.  */
#define __S_IEXEC       0100    /* Execute by owner.  */

`/usr/include/linux/nfs.h`

#define NFS_FIFO_DEV    (-1)
#define NFSMODE_FMT     0170000
#define NFSMODE_DIR     0040000
#define NFSMODE_CHR     0020000
#define NFSMODE_BLK     0060000
#define NFSMODE_REG     0100000
#define NFSMODE_LNK     0120000
#define NFSMODE_SOCK    0140000
#define NFSMODE_FIFO    0010000

`/usr/include/linux/nfs3.h`

#define NFS3_FIFO_DEV           (-1)
#define NFS3MODE_FMT            0170000
#define NFS3MODE_DIR            0040000
#define NFS3MODE_CHR            0020000
#define NFS3MODE_BLK            0060000
#define NFS3MODE_REG            0100000
#define NFS3MODE_LNK            0120000
#define NFS3MODE_SOCK           0140000
#define NFS3MODE_FIFO           0010000
 
/* Flags for access() call */
#define NFS3_ACCESS_READ        0x0001
#define NFS3_ACCESS_LOOKUP      0x0002
#define NFS3_ACCESS_MODIFY      0x0004
#define NFS3_ACCESS_EXTEND      0x0008
#define NFS3_ACCESS_DELETE      0x0010
#define NFS3_ACCESS_EXECUTE     0x0020
#define NFS3_ACCESS_FULL        0x003f

`/usr/include/linux/stat.h`

#define S_IFMT  00170000
#define S_IFSOCK 0140000
#define S_IFLNK  0120000
#define S_IFREG  0100000
#define S_IFBLK  0060000
#define S_IFDIR  0040000
#define S_IFCHR  0020000
#define S_IFIFO  0010000
#define S_ISUID  0004000
#define S_ISGID  0002000
#define S_ISVTX  0001000
 
#define S_ISLNK(m)      (((m) & S_IFMT) == S_IFLNK)
#define S_ISREG(m)      (((m) & S_IFMT) == S_IFREG)
#define S_ISDIR(m)      (((m) & S_IFMT) == S_IFDIR)
#define S_ISCHR(m)      (((m) & S_IFMT) == S_IFCHR)
#define S_ISBLK(m)      (((m) & S_IFMT) == S_IFBLK)
#define S_ISFIFO(m)     (((m) & S_IFMT) == S_IFIFO)
#define S_ISSOCK(m)     (((m) & S_IFMT) == S_IFSOCK)
 
#define S_IRWXU 00700
#define S_IRUSR 00400
#define S_IWUSR 00200
#define S_IXUSR 00100
 
#define S_IRWXG 00070
#define S_IRGRP 00040
#define S_IWGRP 00020
#define S_IXGRP 00010
 
#define S_IRWXO 00007
#define S_IROTH 00004
#define S_IWOTH 00002
#define S_IXOTH 00001

Further File Permissions Reading

Related PHP Functions

Special file types

link invocation: Make a hard link via the link syscall
ln invocation: Make links between files
mkdir invocation: Make directories
mkfifo invocation: Make FIFOs (named pipes)
mknod invocation: Make block or character special files
readlink invocation: Print the referent of a symbolic link
rmdir invocation: Remove empty directories
unlink invocation: Remove files via unlink syscall

Changing file attributes

chown invocation: Change file owner and group
chgrp invocation: Change group ownership
chmod invocation: Change access permissions
touch invocation: Change file timestamps

Chmod, Umask, Stat, Fileperms, and File Permissions originally appeared on AskApache.com

Raw HTTP Header Debugger

AskApache — Wed, 26 Oct 2011 15:14:08 +0000

AskApache.com

HTTP Headers

HTTP Header Name	Header Description	Example HTTP Header
Accept	Content-Types that are acceptable	`Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5`
Accept-Charset	Character sets that are acceptable	`Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7`
Accept-Encoding	Acceptable encodings	`Accept-Encoding: gzip,deflate`
Accept-Language	Acceptable languages for response	`Accept-Language: en-us,en`
Accept-Ranges	What partial content range types this server supports	`Accept-Ranges: bytes`
Age	The age the object has been in a proxy cache in seconds	`Age: 7200`
Allow	Valid actions for a specified resource. To be used for a 405 Method not allowed	`Allow: GET,HEAD,POST,OPTIONS,TRACE`
Authorization	Authentication credentials for HTTP authentication	`Authorization: Basic UXNrYXBhggRfoopc5NteWFzcw==`
Cache-Control	Controls how proxies may cache this object	`Cache-Control: max-age=7200, public`
Connection	What type of connection the user-agent would prefer	`Connection: Keep-Alive`
Content-Encoding	The type of encoding used on the data	`Content-Encoding: gzip`
Content-Language	The language the content is in	`Content-Language: en-us`
Content-Length	The length of the content in bytes	`Content-Length: 5356`
Content-Location	An alternate location for the returned data	`Content-Location: /index.html`
Content-MD5	An MD5 sum of the content of the response	`Content-MD5: 1167b9c13ad2b6d3694493fc47976c8`
Content-Range	Where in a full body message this partial message belongs	`Content-Range: bytes 110-2034/2035`
Content-Type	The mime type of this content	`Content-Type: text/html; charset=UTF-8`
Date	The date and time that the message was sent	`Date: Sat, 05 Jan 2008 09:27:35 GMT`
Host	The domain name of the server (for virtual hosting)	`Host: www.askapache.com`
If-Modified-Since	Allows a 304 Not Modified to be returned	`If-Modified-Since: Sat, 05 Jan 2007 09:26:12 GMT`
Last-Modified	The last modified date for the requested object	`Last-Modified: Sat, 05 Jan 2008 09:26:12 GMT`
Location	Used in redirection	`Location: http://www.askapache.com/`
Server	A name for the server	`Server: Apache/2.0.61 (Unix) PHP/4.4.7 mod_ssl/2.0.61 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.4.2`
User-Agent	The user agent string of the user agent	`User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7`

part of Hypertext Transfer Protocol -- HTTP/1.1
RFC 2616 Fielding, et al.

9 Method Definitions

The set of common methods for HTTP/1.1 is defined below. Although this set can be expanded, additional methods cannot be assumed to share the same semantics for separately extended clients and servers.

The Host request-header field (section 14.23) MUST accompany all HTTP/1.1 requests.

9.1 Safe and Idempotent Methods

9.1.1 Safe Methods

Implementors should be aware that the software represents the user in their interactions over the Internet, and should be careful to allow the user to be aware of any actions they might take which may have an unexpected significance to themselves or others.

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.

Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.

9.1.2 Idempotent Methods

Methods can also have the property of "idempotence" in that (aside from error or expiration issues) the side-effects of N > 0 identical requests is the same as for a single request. The methods GET, HEAD, PUT and DELETE share this property. Also, the methods OPTIONS and TRACE SHOULD NOT have side effects, and so are inherently idempotent.

However, it is possible that a sequence of several requests is non- idempotent, even if all of the methods executed in that sequence are idempotent. (A sequence is idempotent if a single execution of the entire sequence always yields a result that is not changed by a reexecution of all, or part, of that sequence.) For example, a sequence is non-idempotent if its result depends on a value that is later modified in the same sequence.

A sequence that never has side effects is idempotent, by definition (provided that no concurrent operations are being executed on the same set of resources).

9.2 OPTIONS

The OPTIONS method represents a request for information about the communication options available on the request/response chain identified by the Request-URI. This method allows the client to determine the options and/or requirements associated with a resource, or the capabilities of a server, without implying a resource action or initiating a resource retrieval.

Responses to this method are not cacheable.

If the OPTIONS request includes an entity-body (as indicated by the presence of Content-Length or Transfer-Encoding), then the media type MUST be indicated by a Content-Type field. Although this specification does not define any use for such a body, future extensions to HTTP might use the OPTIONS body to make more detailed queries on the server. A server that does not support such an extension MAY discard the request body.

If the Request-URI is an asterisk ("*"), the OPTIONS request is intended to apply to the server in general rather than to a specific resource. Since a server's communication options typically depend on the resource, the "*" request is only useful as a "ping" or "no-op" type of method; it does nothing beyond allowing the client to test the capabilities of the server. For example, this can be used to test a proxy for HTTP/1.1 compliance (or lack thereof).

If the Request-URI is not an asterisk, the OPTIONS request applies only to the options that are available when communicating with that resource.

A 200 response SHOULD include any header fields that indicate optional features implemented by the server and applicable to that resource (e.g., Allow), possibly including extensions not defined by this specification. The response body, if any, SHOULD also include information about the communication options. The format for such a

body is not defined by this specification, but might be defined by future extensions to HTTP. Content negotiation MAY be used to select the appropriate response format. If no response body is included, the response MUST include a Content-Length field with a field-value of "0".

The Max-Forwards request-header field MAY be used to target a specific proxy in the request chain. When a proxy receives an OPTIONS request on an absoluteURI for which request forwarding is permitted, the proxy MUST check for a Max-Forwards field. If the Max-Forwards field-value is zero ("0"), the proxy MUST NOT forward the message; instead, the proxy SHOULD respond with its own communication options. If the Max-Forwards field-value is an integer greater than zero, the proxy MUST decrement the field-value when it forwards the request. If no Max-Forwards field is present in the request, then the forwarded request MUST NOT include a Max-Forwards field.

9.3 GET

The GET method means retrieve whatever information (in the form of an entity) is identified by the Request-URI. If the Request-URI refers to a data-producing process, it is the produced data which shall be returned as the entity in the response and not the source text of the process, unless that text happens to be the output of the process.

The semantics of the GET method change to a "conditional GET" if the request message includes an If-Modified-Since, If-Unmodified-Since, If-Match, If-None-Match, or If-Range header field. A conditional GET method requests that the entity be transferred only under the circumstances described by the conditional header field(s). The conditional GET method is intended to reduce unnecessary network usage by allowing cached entities to be refreshed without requiring multiple requests or transferring data already held by the client.

The semantics of the GET method change to a "partial GET" if the request message includes a Range header field. A partial GET requests that only part of the entity be transferred, as described in section 14.35. The partial GET method is intended to reduce unnecessary network usage by allowing partially-retrieved entities to be completed without transferring data already held by the client.

The response to a GET request is cacheable if and only if it meets the requirements for HTTP caching described in section 13.

See section 15.1.3 for security considerations when used for forms.

9.4 HEAD

The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request. This method can be used for obtaining metainformation about the entity implied by the request without transferring the entity-body itself. This method is often used for testing hypertext links for validity, accessibility, and recent modification.

The response to a HEAD request MAY be cacheable in the sense that the information contained in the response MAY be used to update a previously cached entity from that resource. If the new field values indicate that the cached entity differs from the current entity (as would be indicated by a change in Content-Length, Content-MD5, ETag or Last-Modified), then the cache MUST treat the cache entry as stale.

9.5 POST

The POST method is used to request that the origin server accept the entity enclosed in the request as a new subordinate of the resource identified by the Request-URI in the Request-Line. POST is designed to allow a uniform method to cover the following functions:

      - Annotation of existing resources;

      - Posting a message to a bulletin board, newsgroup, mailing list, or similar group of articles;

      - Providing a block of data, such as the result of submitting a form, to a data-handling process;

      - Extending a database through an append operation.

The actual function performed by the POST method is determined by the server and is usually dependent on the Request-URI. The posted entity is subordinate to that URI in the same way that a file is subordinate to a directory containing it, a news article is subordinate to a newsgroup to which it is posted, or a record is subordinate to a database.

The action performed by the POST method might not result in a resource that can be identified by a URI. In this case, either 200 (OK) or 204 (No Content) is the appropriate response status, depending on whether or not the response includes an entity that describes the result.

If a resource has been created on the origin server, the response SHOULD be 201 (Created) and contain an entity which describes the status of the request and refers to the new resource, and a Location header (see section 14.30).

Responses to this method are not cacheable, unless the response includes appropriate Cache-Control or Expires header fields. However, the 303 (See Other) response can be used to direct the user agent to retrieve a cacheable resource.

POST requests MUST obey the message transmission requirements set out in section 8.2.

See section 15.1.3 for security considerations.

9.6 PUT

The PUT method requests that the enclosed entity be stored under the supplied Request-URI. If the Request-URI refers to an already existing resource, the enclosed entity SHOULD be considered as a modified version of the one residing on the origin server. If the Request-URI does not point to an existing resource, and that URI is capable of being defined as a new resource by the requesting user agent, the origin server can create the resource with that URI. If a new resource is created, the origin server MUST inform the user agent via the 201 (Created) response. If an existing resource is modified, either the 200 (OK) or 204 (No Content) response codes SHOULD be sent to indicate successful completion of the request. If the resource could not be created or modified with the Request-URI, an appropriate error response SHOULD be given that reflects the nature of the problem. The recipient of the entity MUST NOT ignore any Content-* (e.g. Content-Range) headers that it does not understand or implement and MUST return a 501 (Not Implemented) response in such cases.

If the request passes through a cache and the Request-URI identifies one or more currently cached entities, those entries SHOULD be treated as stale. Responses to this method are not cacheable.

The fundamental difference between the POST and PUT requests is reflected in the different meaning of the Request-URI. The URI in a POST request identifies the resource that will handle the enclosed entity. That resource might be a data-accepting process, a gateway to some other protocol, or a separate entity that accepts annotations. In contrast, the URI in a PUT request identifies the entity enclosed with the request -- the user agent knows what URI is intended and the server MUST NOT attempt to apply the request to some other resource. If the server desires that the request be applied to a different URI,

it MUST send a 301 (Moved Permanently) response; the user agent MAY then make its own decision regarding whether or not to redirect the request.

A single resource MAY be identified by many different URIs. For example, an article might have a URI for identifying "the current version" which is separate from the URI identifying each particular version. In this case, a PUT request on a general URI might result in several other URIs being defined by the origin server.

HTTP/1.1 does not define how a PUT method affects the state of an origin server.

PUT requests MUST obey the message transmission requirements set out in section 8.2.

Unless otherwise specified for a particular entity-header, the entity-headers in the PUT request SHOULD be applied to the resource created or modified by the PUT.

9.7 DELETE

The DELETE method requests that the origin server delete the resource identified by the Request-URI. This method MAY be overridden by human intervention (or other means) on the origin server. The client cannot be guaranteed that the operation has been carried out, even if the status code returned from the origin server indicates that the action has been completed successfully. However, the server SHOULD NOT indicate success unless, at the time the response is given, it intends to delete the resource or move it to an inaccessible location.

A successful response SHOULD be 200 (OK) if the response includes an entity describing the status, 202 (Accepted) if the action has not yet been enacted, or 204 (No Content) if the action has been enacted but the response does not include an entity.

If the request passes through a cache and the Request-URI identifies one or more currently cached entities, those entries SHOULD be treated as stale. Responses to this method are not cacheable.

9.8 TRACE

The TRACE method is used to invoke a remote, application-layer loop- back of the request message. The final recipient of the request SHOULD reflect the message received back to the client as the entity-body of a 200 (OK) response. The final recipient is either the

origin server or the first proxy or gateway to receive a Max-Forwards value of zero (0) in the request (see section 14.31). A TRACE request MUST NOT include an entity.

TRACE allows the client to see what is being received at the other end of the request chain and use that data for testing or diagnostic information. The value of the Via header field (section 14.45) is of particular interest, since it acts as a trace of the request chain. Use of the Max-Forwards header field allows the client to limit the length of the request chain, which is useful for testing a chain of proxies forwarding messages in an infinite loop.

If the request is valid, the response SHOULD contain the entire request message in the entity-body, with a Content-Type of "message/http". Responses to this method MUST NOT be cached.

9.9 CONNECT

This specification reserves the method name CONNECT for use with a proxy that can dynamically switch to being a tunnel (e.g. SSL tunneling [44]).

List of HTTP Response Status Codes

1xx Info / Informational

`HTTP_INFO` - Request received, continuing process.

Indicates a provisional response, consisting only of the Status-Line and optional headers, and is terminated by an empty line.

100 Continue - HTTP_CONTINUE
101 Switching Protocols - HTTP_SWITCHING_PROTOCOLS
102 Processing - HTTP_PROCESSING

2xx Success / OK

`HTTP_SUCCESS` - The action was successfully received, understood, and accepted.

Indicates that the client's request was successfully received, understood, and accepted.

200 OK - HTTP_OK
201 Created - HTTP_CREATED
202 Accepted - HTTP_ACCEPTED
203 Non-Authoritative Information - HTTP_NON_AUTHORITATIVE
204 No Content - HTTP_NO_CONTENT
205 Reset Content - HTTP_RESET_CONTENT
206 Partial Content - HTTP_PARTIAL_CONTENT
207 Multi-Status - HTTP_MULTI_STATUS

3xx Redirect

`HTTP_REDIRECT` - The client must take additional action to complete the request.

Indicates that further action needs to be taken by the user-agent in order to fulfill the request. The action required may be carried out by the user agent without interaction with the user if and only if the method used in the second request is GET or HEAD. A user agent should not automatically redirect a request more than 5 times, since such redirections usually indicate an infinite loop.

300 Multiple Choices - HTTP_MULTIPLE_CHOICES
301 Moved Permanently - HTTP_MOVED_PERMANENTLY
302 Found - HTTP_MOVED_TEMPORARILY
303 See Other - HTTP_SEE_OTHER
304 Not Modified - HTTP_NOT_MODIFIED
305 Use Proxy - HTTP_USE_PROXY
306 unused - UNUSED
307 Temporary Redirect - HTTP_TEMPORARY_REDIRECT

4xx Client Error

`HTTP_CLIENT_ERROR` - The request contains bad syntax or cannot be fulfilled.

Indicates case where client seems to have erred. Except when responding to a HEAD request, the server should include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition.

400 Bad Request - HTTP_BAD_REQUEST
401 Authorization Required - HTTP_UNAUTHORIZED
402 Payment Required - HTTP_PAYMENT_REQUIRED
403 Forbidden - HTTP_FORBIDDEN
404 Not Found - HTTP_NOT_FOUND
405 Method Not Allowed - HTTP_METHOD_NOT_ALLOWED
406 Not Acceptable - HTTP_NOT_ACCEPTABLE
407 Proxy Authentication Required - HTTP_PROXY_AUTHENTICATION_REQUIRED
408 Request Time-out - HTTP_REQUEST_TIME_OUT
409 Conflict - HTTP_CONFLICT
410 Gone - HTTP_GONE
411 Length Required - HTTP_LENGTH_REQUIRED
412 Precondition Failed - HTTP_PRECONDITION_FAILED
413 Request Entity Too Large - HTTP_REQUEST_ENTITY_TOO_LARGE
414 Request-URI Too Large - HTTP_REQUEST_URI_TOO_LARGE
415 Unsupported Media Type - HTTP_UNSUPPORTED_MEDIA_TYPE
416 Requested Range Not Satisfiable - HTTP_RANGE_NOT_SATISFIABLE
417 Expectation Failed - HTTP_EXPECTATION_FAILED
418 unused - UNUSED
419 unused - UNUSED
420 unused - UNUSED
421 unused - UNUSED
422 Unprocessable Entity - HTTP_UNPROCESSABLE_ENTITY
423 Locked - HTTP_LOCKED
424 Failed Dependency - HTTP_FAILED_DEPENDENCY
425 No code - HTTP_NO_CODE
426 Upgrade Required - HTTP_UPGRADE_REQUIRED

5xx Server Error

`HTTP_SERVER_ERROR` - The server failed to fulfill an apparently valid request.

Indicate cases in which the server is aware that it has erred or is incapable of performing the request. Except when responding to a HEAD request, the server should include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. User agents should display any included entity to the user. These response codes are applicable to any request method.

500 Internal Server Error - HTTP_INTERNAL_SERVER_ERROR
501 Method Not Implemented - HTTP_NOT_IMPLEMENTED
502 Bad Gateway - HTTP_BAD_GATEWAY
503 Service Temporarily Unavailable - HTTP_SERVICE_UNAVAILABLE
504 Gateway Time-out - HTTP_GATEWAY_TIME_OUT
505 HTTP Version Not Supported - HTTP_VERSION_NOT_SUPPORTED
506 Variant Also Negotiates - HTTP_VARIANT_ALSO_VARIES
507 Insufficient Storage - HTTP_INSUFFICIENT_STORAGE
508 unused - UNUSED
509 unused - UNUSED
510 Not Extended - HTTP_NOT_EXTENDED

Helpful HTTP Links

DRP: "The HTTP Distribution and Replication Protocol"
DupSup: "Duplicate Suppression in HTTP"
EARL Schema: "Evaluation and Report Language (EARL) 1.0 Schema"
EDD: "An exploration of dynamic documents"
EdgeArch: "Edge Architecture Specification"
HttpClient: Jakarta Commons HttpClient
HTML4: "HTML 4.01 Specification"
JEPI: "White Paper: Joint Electronic Payment Initiative"
ObjectHeaders: "Object Header lines in HTTP"
OPS-OverHTTP: "Implementation of OPS Over HTTP"
OPTIONS messages: "Specification of HTTP/1.1 OPTIONS messages"
P3P: "The Platform for Privacy Preferences 1.0 (P3P1.0) Specification"
PEP: "PEP - an Extension Mechanism for HTTP"
PICSLabels: "PICS Label Distribution Label Syntax and Communication Protocols, Version 1.1"
Proxy Notification: "Notification for Proxy Caches"
RDF: "Resource Description Framework (RDF): Concepts and Abstract Syntax"
RDF-PRIMER: RDF Primer
RFC2068: "Hypertext Transfer Protocol -- HTTP/1.1"
RFC2109: "HTTP State Management Mechanism"
RFC2183: "Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field"
RFC2227: "Simple Hit-Metering and Usage-Limiting for HTTP"
RFC2295: "Transparent Content Negotiation in HTTP"
RFC2310: "The Safe Response Header Field"
RFC2324: "Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0)"
RFC2397: "The 'data' URL scheme"
RFC2518: "HTTP Extensions for Distributed Authoring -- WEBDAV"
RFC2616: "Hypertext Transfer Protocol -- HTTP/1.1"
RFC2617: "HTTP Authentication: Basic and Digest Access Authentication"
RFC2660: "The Secure HyperText Transfer Protocol"
RFC2774: "An HTTP Extension Framework"
RFC2965: "HTTP State Management Mechanism"
RFC3229: "Delta encoding in HTTP"
RFC3230: "Instance Digests in HTTP"
RFC3253: "Versioning Extensions to WebDAV (Web Distributed Authoring and Versioning)"
RFC3648: "Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol"
RFC3986: "Uniform Resource Identifier (URI): Generic Syntax"
RFC4229: "HTTP Header Field Registrations"
SOAP1.1: "Simple Object Access Protocol (SOAP) 1.1"
UA Attributes: "User-Agent Display Attributes Headers"
WIRE: "WIRE - W3 Identifier Resolution Extensions"

Raw HTTP Header Debugger originally appeared on AskApache.com

HTTP Status Codes and Htaccess ErrorDocuments

AskApache — Tue, 04 Jan 2011 20:56:15 +0000

AskApache.com

I was trying to find an official, authoritative list of HTTP Status Codes but I kept finding lists that weren't authoritative or complete. So I searched and found my answer in the Apache HTTP Server source code. Once I had the exact HTTP Status Codes and resulting Error Documents sent by Apache, I researched deeper into HTTP Status Codes by reading as many related RFC's as I could find, and several other software source codes were explored. This is the most authoritative list I know of, if you can do better leave a comment and I'll update it. Another thing to keep in mind, the Status code number itself is what is used by software and hardware to make determinations, the phrase returned by the status code is for the human only and does not have any weight other than informing the user.. So "503 Service Unavailable", "503 Service Temporarily Unavailable", and "503 Get the heck outta here" are all completely valid.

Update March 9, 2009: A lot of sites on the web have updated their HTTP status code lists to include the HTTP Status codes listed on this page, including Wikipedia, IANA, W3C, and others, so rest assured this info is accurate and complete. If you'd like to see how to create custom error pages for all of these errors like mine /show-error-506 , then check out this detailed tutorial I just posted.

57 APACHE HTTP STATUS RESPONSE CODES

Once I compiled the list of Apache recognized HTTP Status Codes, I was dying to see them all in action (i.e. the corresponding ErrorDocument). At first I thought I would have to create a php or perl script emulating each of the 57 HTTP Status Codes, a tedious undertaking I wasn't about to do. Instead I "asked Apache" by searching the Apache HTTP Documentation for ambiguity sending Status Codes and/or triggering ErrorDocuments with an Apache Directive.
While reading up on mod_alias and the Redirect directive I found:

Apache Docs
Syntax: Redirect [status] URL-path URL The status argument can be used to return other HTTP status codes. Other status codes can be returned by giving the numeric status code as the value of status. If the status is between 300 and 399, the URL argument must be present, otherwise it must be omitted.

100 Continue: ErrorDocument Continue | Sample 100 Continue
This means that the server has received the request headers, and that the client should proceed to send the request body (in case of a request which needs to be sent; for example, a POST request). If the request body is large, sending it to a server when a request has already been rejected based upon inappropriate headers is inefficient. To have a server check if the request could be accepted based on the requests headers alone, a client must send Expect: 100-continue as a header in its initial request (see RFC 2616 14.20 Expect header) and check if a 100 Continue status code is received in response before continuing (or receive 417 Expectation Failed and not continue).
101 Switching Protocols: ErrorDocument Switching Protocols | Sample 101 Switching Protocols
This means the requester has asked the server to switch protocols and the server is acknowledging that it will do so.[3]
102 Processing: ErrorDocument Processing | Sample 102 Processing
(WebDAV) - (RFC 2518 )
200 OK: ErrorDocument OK | Sample 200 OK
Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request the response will contain an entity describing or containing the result of the action.
201 Created: ErrorDocument Created | Sample 201 Created
The request has been fulfilled and resulted in a new resource being created.
202 Accepted: ErrorDocument Accepted | Sample 202 Accepted
The request has been accepted for processing, but the processing has not been completed. The request might or might not eventually be acted upon, as it might be disallowed when processing actually takes place.
203 Non-Authoritative Information: ErrorDocument Non-Authoritative Information | Sample 203 Non-Authoritative Information
The server successfully processed the request, but is returning information that may be from another source.
204 No Content: ErrorDocument No Content | Sample 204 No Content
The server successfully processed the request, but is not returning any content.
205 Reset Content: ErrorDocument Reset Content | Sample 205 Reset Content
The server successfully processed the request, but is not returning any content. Unlike a 204 response, this response requires that the requester reset the document view.
206 Partial Content: ErrorDocument Partial Content | Sample 206 Partial Content
The server is delivering only part of the resource due to a range header sent by the client. This is used by tools like wget to enable resuming of interrupted downloads, or split a download into multiple simultaneous streams.
207 Multi-Status: ErrorDocument Multi-Status | Sample 207 Multi-Status
(WebDAV) - The message body that follows is an XML message and can contain a number of separate response codes, depending on how many sub-requests were made.
226 IM Used: ErrorDocument IM Used | Sample 226 IM Used
The server has fulfilled a GET request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance. The actual current instance might not be available except by combining this response with other previous or future responses, as appropriate for the specific instance-manipulation(s).
300 Multiple Choices: ErrorDocument Multiple Choices | Sample 300 Multiple Choices
Indicates multiple options for the resource that the client may follow. It, for instance, could be used to present different format options for video, list files with different extensions, or word sense disambiguation.
301 Moved Permanently: ErrorDocument Moved Permanently | Sample 301 Moved Permanently
This and all future requests should be directed to the given URI.
302 Found: ErrorDocument Found | Sample 302 Found
This is the most popular redirect code[citation needed], but also an example of industrial practice contradicting the standard. HTTP/1.0 specification (RFC 1945 ) required the client to perform a temporary redirect (the original describing phrase was "Moved Temporarily"), but popular browsers implemented it as a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307 to disambiguate between the two behaviours. However, the majority of Web applications and frameworks still use the 302 status code as if it were the 303.
303 See Other: ErrorDocument See Other | Sample 303 See Other
The response to the request can be found under another URI using a GET method. When received in response to a PUT, it should be assumed that the server has received the data and the redirect should be issued with a separate GET message.
304 Not Modified: ErrorDocument Not Modified | Sample 304 Not Modified
Indicates the resource has not been modified since last requested. Typically, the HTTP client provides a header like the If-Modified-Since header to provide a time against which to compare. Utilizing this saves bandwidth and reprocessing on both the server and client, as only the header data must be sent and received in comparison to the entirety of the page being re-processed by the server, then resent using more bandwidth of the server and client.
305 Use Proxy: ErrorDocument Use Proxy | Sample 305 Use Proxy
Many HTTP clients (such as Mozilla[4] and Internet Explorer) do not correctly handle responses with this status code, primarily for security reasons.
306 Switch Proxy: ErrorDocument Switch Proxy | Sample 306 Switch Proxy
No longer used.
307 Temporary Redirect: ErrorDocument Temporary Redirect | Sample 307 Temporary Redirect
In this occasion, the request should be repeated with another URI, but future requests can still use the original URI. In contrast to 303, the request method should not be changed when reissuing the original request. For instance, a POST request must be repeated using another POST request.
400 Bad Request: ErrorDocument Bad Request | Sample 400 Bad Request
The request contains bad syntax or cannot be fulfilled.
401 Unauthorized: ErrorDocument Unauthorized | Sample 401 Unauthorized
Similar to 403 Forbidden, but specifically for use when authentication is possible but has failed or not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. See Basic access authentication and Digest access authentication.
402 Payment Required: ErrorDocument Payment Required | Sample 402 Payment Required
The original intention was that this code might be used as part of some form of digital cash or micropayment scheme, but that has not happened, and this code has never been used.
403 Forbidden: ErrorDocument Forbidden | Sample 403 Forbidden
The request was a legal request, but the server is refusing to respond to it. Unlike a 401 Unauthorized response, authenticating will make no difference.
404 Not Found: ErrorDocument Not Found | Sample 404 Not Found
The requested resource could not be found but may be available again in the future. Subsequent requests by the client are permissible.
405 Method Not Allowed: ErrorDocument Method Not Allowed | Sample 405 Method Not Allowed
A request was made of a resource using a request method not supported by that resource; for example, using GET on a form which requires data to be presented via POST, or using PUT on a read-only resource.
406 Not Acceptable: ErrorDocument Not Acceptable | Sample 406 Not Acceptable
The requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request.
407 Proxy Authentication Required: ErrorDocument Proxy Authentication Required | Sample 407 Proxy Authentication Required
Required
408 Request Timeout: ErrorDocument Request Timeout | Sample 408 Request Timeout
The server timed out waiting for the request.
409 Conflict: ErrorDocument Conflict | Sample 409 Conflict
Indicates that the request could not be processed because of conflict in the request, such as an edit conflict.
410 Gone: ErrorDocument Gone | Sample 410 Gone
Indicates that the resource requested is no longer available and will not be available again. This should be used when a resource has been intentionally removed; however, it is not necessary to return this code and a 404 Not Found can be issued instead. Upon receiving a 410 status code, the client should not request the resource again in the future. Clients such as search engines should remove the resource from their indexes.
411 Length Required: ErrorDocument Length Required | Sample 411 Length Required
The request did not specify the length of its content, which is required by the requested resource.
412 Precondition Failed: ErrorDocument Precondition Failed | Sample 412 Precondition Failed
The server does not meet one of the preconditions that the requester put on the request.
413 Request Entity Too Large: ErrorDocument Request Entity Too Large | Sample 413 Request Entity Too Large
The request is larger than the server is willing or able to process.
414 Request-URI Too Long: ErrorDocument Request-URI Too Long | Sample 414 Request-URI Too Long
The URI provided was too long for the server to process.
415 Unsupported Media Type: ErrorDocument Unsupported Media Type | Sample 415 Unsupported Media Type
The request did not specify any media types that the server or resource supports. For example the client specified that an image resource should be served as image/svg+xml, but the server cannot find a matching version of the image.
416 Requested Range Not Satisfiable: ErrorDocument Requested Range Not Satisfiable | Sample 416 Requested Range Not Satisfiable
The client has asked for a portion of the file, but the server cannot supply that portion (for example, if the client asked for a part of the file that lies beyond the end of the file).
417 Expectation Failed: ErrorDocument Expectation Failed | Sample 417 Expectation Failed
The server cannot meet the requirements of the Expect request-header field.
418 I'm a teapot: ErrorDocument I'm a teapot | Sample 418 I'm a teapot
The HTCPCP server is a teapot. The responding entity MAY be short and stout. Defined by the April Fools specification RFC 2324. See Hyper Text Coffee Pot Control Protocol for more information.
422 Unprocessable Entity: ErrorDocument Unprocessable Entity | Sample 422 Unprocessable Entity
(WebDAV) (RFC 4918 ) - The request was well-formed but was unable to be followed due to semantic errors.
423 Locked: ErrorDocument Locked | Sample 423 Locked
(WebDAV) (RFC 4918 ) - The resource that is being accessed is locked
424 Failed Dependency: ErrorDocument Failed Dependency | Sample 424 Failed Dependency
(WebDAV) (RFC 4918 ) - The request failed due to failure of a previous request (e.g. a PROPPATCH).
425 Unordered Collection: ErrorDocument Unordered Collection | Sample 425 Unordered Collection
Defined in drafts of WebDav Advanced Collections, but not present in "Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol" (RFC 3648).
426 Upgrade Required: ErrorDocument Upgrade Required | Sample 426 Upgrade Required
(RFC 2817 ) - The client should switch to TLS/1.0.
449 Retry With: ErrorDocument Retry With | Sample 449 Retry With
A Microsoft extension. The request should be retried after doing the appropriate action.
500 Internal Server Error: ErrorDocument Internal Server Error | Sample 500 Internal Server Error
A generic error message, given when no more specific message is suitable.
501 Not Implemented: ErrorDocument Not Implemented | Sample 501 Not Implemented
The server either does not recognise the request method, or it lacks the ability to fulfil the request.
502 Bad Gateway: ErrorDocument Bad Gateway | Sample 502 Bad Gateway
The server was acting as a gateway or proxy and received an invalid response from the upstream server.
503 Service Unavailable: ErrorDocument Service Unavailable | Sample 503 Service Unavailable
The server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state.
504 Gateway Timeout: ErrorDocument Gateway Timeout | Sample 504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a timely request from the upstream server.
505 HTTP Version Not Supported: ErrorDocument HTTP Version Not Supported | Sample 505 HTTP Version Not Supported
The server does not support the HTTP protocol version used in the request.
506 Variant Also Negotiates: ErrorDocument Variant Also Negotiates | Sample 506 Variant Also Negotiates
(RFC 2295 ) - Transparent content negotiation for the request, results in a circular reference.
507 Insufficient Storage: ErrorDocument Insufficient Storage | Sample 507 Insufficient Storage
(WebDAV) (RFC 4918 )
509 Bandwidth Limit Exceeded: ErrorDocument Bandwidth Limit Exceeded | Sample 509 Bandwidth Limit Exceeded
(Apache bw/limited extension) - This status code, while used by many servers, is not specified in any RFCs.
510 Not Extended: ErrorDocument Not Extended | Sample 510 Not Extended
(RFC 2774 ) - Further extensions to the request are required for the server to fulfil it.

1xx Info / Informational

HTTP_INFO - Request received, continuing process. Indicates a provisional response, consisting only of the Status-Line and optional headers, and is terminated by an empty line.

100 Continue - HTTP_CONTINUE
101 Switching Protocols - HTTP_SWITCHING_PROTOCOLS
102 Processing - HTTP_PROCESSING

2xx Success / OK

HTTP_SUCCESS - The action was successfully received, understood, and accepted. Indicates that the client's request was successfully received, understood, and accepted.

200 OK - HTTP_OK
201 Created - HTTP_CREATED
202 Accepted - HTTP_ACCEPTED
203 Non-Authoritative Information - HTTP_NON_AUTHORITATIVE
204 No Content - HTTP_NO_CONTENT
205 Reset Content - HTTP_RESET_CONTENT
206 Partial Content - HTTP_PARTIAL_CONTENT
207 Multi-Status - HTTP_MULTI_STATUS

3xx Redirect

HTTP_REDIRECT - The client must take additional action to complete the request. Indicates that further action needs to be taken by the user-agent in order to fulfill the request. The action required may be carried out by the user agent without interaction with the user if and only if the method used in the second request is GET or HEAD. A user agent should not automatically redirect a request more than 5 times, since such redirections usually indicate an infinite loop.

300 Multiple Choices - HTTP_MULTIPLE_CHOICES
301 Moved Permanently - HTTP_MOVED_PERMANENTLY
302 Found - HTTP_MOVED_TEMPORARILY
303 See Other - HTTP_SEE_OTHER
304 Not Modified - HTTP_NOT_MODIFIED
305 Use Proxy - HTTP_USE_PROXY
306 unused - UNUSED
307 Temporary Redirect - HTTP_TEMPORARY_REDIRECT

4xx Client Error

HTTP_CLIENT_ERROR - The request contains bad syntax or cannot be fulfilled. Indicates case where client seems to have erred. Except when responding to a HEAD request, the server should include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition.

400 Bad Request - HTTP_BAD_REQUEST
401 Authorization Required - HTTP_UNAUTHORIZED
402 Payment Required - HTTP_PAYMENT_REQUIRED
403 Forbidden - HTTP_FORBIDDEN
404 Not Found - HTTP_NOT_FOUND
405 Method Not Allowed - HTTP_METHOD_NOT_ALLOWED
406 Not Acceptable - HTTP_NOT_ACCEPTABLE
407 Proxy Authentication Required - HTTP_PROXY_AUTHENTICATION_REQUIRED
408 Request Time-out - HTTP_REQUEST_TIME_OUT
409 Conflict - HTTP_CONFLICT
410 Gone - HTTP_GONE
411 Length Required - HTTP_LENGTH_REQUIRED
412 Precondition Failed - HTTP_PRECONDITION_FAILED
413 Request Entity Too Large - HTTP_REQUEST_ENTITY_TOO_LARGE
414 Request-URI Too Large - HTTP_REQUEST_URI_TOO_LARGE
415 Unsupported Media Type - HTTP_UNSUPPORTED_MEDIA_TYPE
416 Requested Range Not Satisfiable - HTTP_RANGE_NOT_SATISFIABLE
417 Expectation Failed - HTTP_EXPECTATION_FAILED
418 I'm a teapot - UNUSED
419 unused - UNUSED
420 unused - UNUSED
421 unused - UNUSED
422 Unprocessable Entity - HTTP_UNPROCESSABLE_ENTITY
423 Locked - HTTP_LOCKED
424 Failed Dependency - HTTP_FAILED_DEPENDENCY
425 No code - HTTP_NO_CODE
426 Upgrade Required - HTTP_UPGRADE_REQUIRED

5xx Server Error

HTTP_SERVER_ERROR - The server failed to fulfill an apparently valid request. Indicate cases in which the server is aware that it has erred or is incapable of performing the request. Except when responding to a HEAD request, the server should include an entity containing an explanation of the error situation, and whether it is a temporary or permanent condition. User agents should display any included entity to the user. These response codes are applicable to any request method.

500 Internal Server Error - HTTP_INTERNAL_SERVER_ERROR
501 Method Not Implemented - HTTP_NOT_IMPLEMENTED
502 Bad Gateway - HTTP_BAD_GATEWAY
503 Service Temporarily Unavailable - HTTP_SERVICE_UNAVAILABLE
504 Gateway Time-out - HTTP_GATEWAY_TIME_OUT
505 HTTP Version Not Supported - HTTP_VERSION_NOT_SUPPORTED
506 Variant Also Negotiates - HTTP_VARIANT_ALSO_VARIES
507 Insufficient Storage - HTTP_INSUFFICIENT_STORAGE
508 unused - UNUSED
509 unused - UNUSED
510 Not Extended - HTTP_NOT_EXTENDED

Quick Start to triggering ErrorDocuments for each Status Code

Let start with a quick and easy example. Add the following Redirect rules to your htaccess file, then open your browser and goto each url like yoursite.com/e/400. Don't create an /e/ directory or any files.

Redirect 400 /e/400
Redirect 503 /e/503
Redirect 405 /e/405

Automate the ErrorDocument Triggering

The htaccess Redirects

When a Status code is encountered, Apache outputs the Header and the ErrorDocument for that error code. So you can view any Header and the default ErrorDocument, by causing that numerical error code, which is caused by the Status Code.

For instance, if you request a file that doesn't exist, a 404 Not Found Header is issued and the corresponding ErrorDocument is served with the 404 Not Found Header.

Redirect 100 /e/100
Redirect 101 /e/101
Redirect 102 /e/102
Redirect 200 /e/200
Redirect 201 /e/201
Redirect 202 /e/202
Redirect 203 /e/203
Redirect 204 /e/204
Redirect 205 /e/205
Redirect 206 /e/206
Redirect 207 /e/207
Redirect 300 /e/300 http://www.askapache.com/?s=300
Redirect 301 /e/301 http://www.askapache.com/?s=301
Redirect 302 /e/302 http://www.askapache.com/?s=302
Redirect 303 /e/303 http://www.askapache.com/?s=303
Redirect 304 /e/304 http://www.askapache.com/?s=304
Redirect 305 /e/305 http://www.askapache.com/?s=305
Redirect 306 /e/306 http://www.askapache.com/?s=306
Redirect 307 /e/307 http://www.askapache.com/?s=307
Redirect 400 /e/400
Redirect 401 /e/401
Redirect 402 /e/402
Redirect 403 /e/403
Redirect 404 /e/404
Redirect 405 /e/405
Redirect 406 /e/406
Redirect 407 /e/407
Redirect 408 /e/408
Redirect 409 /e/409
Redirect 410 /e/410
Redirect 411 /e/411
Redirect 412 /e/412
Redirect 413 /e/413
Redirect 414 /e/414
Redirect 415 /e/415
Redirect 416 /e/416
Redirect 417 /e/417
Redirect 418 /e/418
Redirect 419 /e/419
Redirect 420 /e/420
Redirect 421 /e/421
Redirect 422 /e/422
Redirect 423 /e/423
Redirect 424 /e/424
Redirect 425 /e/425
Redirect 426 /e/426
Redirect 500 /e/500
Redirect 501 /e/501
Redirect 502 /e/502
Redirect 503 /e/503
Redirect 504 /e/504
Redirect 505 /e/505
Redirect 506 /e/506
Redirect 507 /e/507
Redirect 508 /e/508
Redirect 509 /e/509
Redirect 510 /e/510

PHP script that gets and outputs the Headers/Content

Now all I have to do is add 57 Redirect Directives to my htaccess, and then request each of them 1 at a time from my browser to see the result, and use a packet sniffing program like WireShark to see the Headers. Uh, scratch that, that would take way too long!

Instead I hacked up a simple php script using cURL to automate sending GET Requests to each of the 57 Redirect URL-paths. A side benefit of using the php script is that it performs all 57 Requests concurrently and saves each Requests returned headers and content to an output buffer. After all 57 have been queried, the output buffer is flushed to the browser.

 $res)
{
foreach($res as $key)
{
$ch = curl_init("$SITENAME/e/$key");
$fp = fopen ($TMPSAVETO, "a");
curl_setopt ($ch, CURLOPT_FILE, $fp);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION ,1);
curl_setopt ($ch, CURLOPT_HEADER ,1);
curl_exec ($ch);
curl_close ($ch);
fclose ($fp);
}
}
$OUT='';
ob_start();
header ("Content-Type: text/plain;");
readfile($TMPSAVETO);
$OUT=ob_get_clean();
echo $OUT;
unlink($TMPSAVETO);
exit;
?>

Headers and Content Returned

100 Continue

HTTP/1.1 100 Continue 100 Continue

Continue

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

101 Switching Protocols

HTTP/1.1 101 Switching Protocols 101 Switching Protocols

Switching Protocols

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

102 Processing

HTTP/1.1 102 Processing X-Pad: avoid browser bug 102 Processing

Processing

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

200 OK

HTTP/1.1 200 OK 200 OK

OK

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

201 Created

HTTP/1.1 201 Created 201 Created

Created

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

202 Accepted

HTTP/1.1 202 Accepted 202 Accepted

Accepted

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

203 Non-Authoritative Information

HTTP/1.1 203 Non-Authoritative Information 203 Non-Authoritative Information

Non-Authoritative Information

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

204 No Content

HTTP/1.1 204 No Content
Content-Type: text/plain; charset=UTF-8

205 Reset Content

HTTP/1.1 205 Reset Content 205 Reset Content

Reset Content

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

206 Partial Content

HTTP/1.1 206 Partial Content 206 Partial Content

Partial Content

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

207 Multi-Status

HTTP/1.1 207 Multi-Status X-Pad: avoid browser bug 207 Multi-Status

Multi-Status

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

300 Multiple Choices

HTTP/1.1 300 Multiple Choices
Location: http://www.askapache.com/?s=300

300 Multiple Choices


Multiple Choices

301 Moved Permanently

HTTP/1.1 301 Moved Permanently Location: http://www.askapache.com/?s=301 301 Moved Permanently

Moved Permanently

The document has moved here .

302 Found

HTTP/1.1 302 Found Location: http://www.askapache.com/?s=302 302 Found

Found

The document has moved here .

303 See Other

HTTP/1.1 303 See Other Location: http://www.askapache.com/?s=303 303 See Other

See Other

The answer to your request is located here .

304 Not Modified

HTTP/1.1 304 Not Modified

305 Use Proxy

HTTP/1.1 305 Use Proxy Location: http://www.askapache.com/?s=305 305 Use Proxy

Use Proxy

This resource is only accessible through the proxy http://www.askapache.com/?s=305
You will need to configure your client to use that proxy.

306 unused

HTTP/1.1 306 unused Location: http://www.askapache.com/?s=306 306 unused

unused

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

307 Temporary Redirect

HTTP/1.1 307 Temporary Redirect Location: http://www.askapache.com/?s=307 307 Temporary Redirect

Temporary Redirect

The document has moved here .

400 Bad Request

HTTP/1.1 400 Bad Request Connection: close 400 Bad Request

Bad Request

Your browser sent a request that this server could not understand.

401 Authorization Required

HTTP/1.1 401 Authorization Required 401 Authorization Required

Authorization Required

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

402 Payment Required

HTTP/1.1 402 Payment Required 402 Payment Required

Payment Required

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

403 Forbidden

HTTP/1.1 403 Forbidden 403 Forbidden

Forbidden

You don't have permission to access /e/403 on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

404 Not Found

HTTP/1.1 404 Not Found 404 Not Found

Not Found

The requested URL /e/404 was not found on this server.

NOTE:
You will most definately want to check out and use the Google 404 Error Page if you run WordPress.

405 Method Not Allowed

HTTP/1.1 405 Method Not Allowed Allow: TRACE 405 Method Not Allowed

Method Not Allowed

The requested method GET is not allowed for the URL /e/405.

406 Not Acceptable

HTTP/1.1 406 Not Acceptable 406 Not Acceptable

Not Acceptable

An appropriate representation of the requested resource /e/406 could not be found on this server.

407 Proxy Authentication Required

HTTP/1.1 407 Proxy Authentication Required 407 Proxy Authentication Required

Proxy Authentication Required

408 Request Time-out

HTTP/1.1 408 Request Time-out Connection: close 408 Request Time-out

Request Time-out

Server timeout waiting for the HTTP request from the client.

409 Conflict

HTTP/1.1 409 Conflict 409 Conflict

Conflict

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

410 Gone

HTTP/1.1 410 Gone 410 Gone

Gone

The requested resource
/e/410
is no longer available on this server and there is no forwarding address. Please remove all references to this resource.

411 Length Required

HTTP/1.1 411 Length Required Connection: close 411 Length Required

Length Required

A request of the requested method GET requires a valid Content-length.

412 Precondition Failed

HTTP/1.1 412 Precondition Failed 412 Precondition Failed

Precondition Failed

The precondition on the request for the URL /e/412 evaluated to false.

413 Request Entity Too Large

HTTP/1.1 413 Request Entity Too Large
Connection: close

413 Request Entity Too Large


Request Entity Too Large
The requested resource
/e/413
does not allow request data with GET requests, or the amount of data provided in
the request exceeds the capacity limit.

414 Request-URI Too Large

HTTP/1.1 414 Request-URI Too Large Connection: close 414 Request-URI Too Large

Request-URI Too Large

The requested URL's length exceeds the capacity limit for this server.

415 Unsupported Media Type

HTTP/1.1 415 Unsupported Media Type 415 Unsupported Media Type

Unsupported Media Type

The supplied request data is not in a format acceptable for processing by this resource.

416 Requested Range Not Satisfiable

HTTP/1.1 416 Requested Range Not Satisfiable

417 Expectation Failed

HTTP/1.1 417 Expectation Failed 417 Expectation Failed

Expectation Failed

The expectation given in the Expect request-header field could not be met by this server.

The client sent

Expect:

418 I'm a teapot

HTTP/1.1 418 I'm a teapot 418 I'm a teapot

I'm a teapot

Unfortunately this coffee machine is out of coffee.

419 unused

HTTP/1.1 419 unused 419 unused

unused

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

420 unused

HTTP/1.1 420 unused 420 unused

unused

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

421 unused

HTTP/1.1 421 unused 421 unused

unused

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

422 Unprocessable Entity

HTTP/1.1 422 Unprocessable Entity 422 Unprocessable Entity

Unprocessable Entity

The server understands the media type of the request entity, but was unable to process the contained instructions.

423 Locked

HTTP/1.1 423 Locked 423 Locked

Locked

The requested resource is currently locked. The lock must be released or proper identification given before the method can be applied.

424 Failed Dependency

HTTP/1.1 424 Failed Dependency 424 Failed Dependency

Failed Dependency

The method could not be performed on the resource because the requested action depended on another action and that other action failed.

425 No code

HTTP/1.1 425 No code 425 No code

No code

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

426 Upgrade Required

HTTP/1.1 426 Upgrade Required 426 Upgrade Required

Upgrade Required

The requested resource can only be retrieved using SSL. The server is willing to upgrade the current connection to SSL, but your client doesn't support it. Either upgrade your client, or try requesting the page using https://

500 Internal Server Error

HTTP/1.1 500 Internal Server Error Connection: close 500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

501 Method Not Implemented

HTTP/1.1 501 Method Not Implemented Allow: TRACE Connection: close 501 Method Not Implemented

Method Not Implemented

GET to /e/501 not supported.

502 Bad Gateway

HTTP/1.1 502 Bad Gateway X-Pad: avoid browser bug 502 Bad Gateway

Bad Gateway

The proxy server received an invalid response from an upstream server.

503 Service Temporarily Unavailable

HTTP/1.1 503 Service Temporarily Unavailable Connection: close 503 Service Temporarily Unavailable

Service Temporarily Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

504 Gateway Time-out

HTTP/1.1 504 Gateway Time-out 504 Gateway Time-out

Gateway Time-out

The proxy server did not receive a timely response from the upstream server.

505 HTTP Version Not Supported

HTTP/1.1 505 HTTP Version Not Supported 505 HTTP Version Not Supported

HTTP Version Not Supported

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

506 Variant Also Negotiates

HTTP/1.1 506 Variant Also Negotiates 506 Variant Also Negotiates

Variant Also Negotiates

A variant for the requested resource

    /e/506

is itself a negotiable resource. This indicates a configuration error.

507 Insufficient Storage

HTTP/1.1 507 Insufficient Storage 507 Insufficient Storage

Insufficient Storage

The method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. There is insufficient free space left in your storage allocation.

508 unused

HTTP/1.1 508 unused 508 unused

unused

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

509 unused

HTTP/1.1 509 unused 509 unused

unused

The server encountered an internal error or misconfigurationand was unable to complete your request.

Please contact the server administrator, a@s.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

510 Not Extended

HTTP/1.1 510 Not Extended X-Pad: avoid browser bug 510 Not Extended

Not Extended

A mandatory extension policy in the request is not accepted by the server for this resource.

Apache Source Code

httpd.h

From httpd.h

/**
* The size of the static array in http_protocol.c for storing
* all of the potential response status-lines (a sparse table).
* A future version should dynamically generate the apr_table_t at startup.
*/
#define RESPONSE_CODES 57
#define HTTP_CONTINUE            100
#define HTTP_SWITCHING_PROTOCOLS       101
#define HTTP_PROCESSING          102
#define HTTP_OK              200
#define HTTP_CREATED             201
#define HTTP_ACCEPTED            202
#define HTTP_NON_AUTHORITATIVE       203
#define HTTP_NO_CONTENT          204
#define HTTP_RESET_CONTENT         205
#define HTTP_PARTIAL_CONTENT         206
#define HTTP_MULTI_STATUS          207
#define HTTP_MULTIPLE_CHOICES        300
#define HTTP_MOVED_PERMANENTLY       301
 
#define HTTP_MOVED_TEMPORARILY       302
#define HTTP_SEE_OTHER           303
#define HTTP_NOT_MODIFIED          304
#define HTTP_USE_PROXY           305
#define HTTP_TEMPORARY_REDIRECT      307
#define HTTP_BAD_REQUEST           400
#define HTTP_UNAUTHORIZED          401
#define HTTP_PAYMENT_REQUIRED        402
#define HTTP_FORBIDDEN           403
#define HTTP_NOT_FOUND           404
#define HTTP_METHOD_NOT_ALLOWED      405
#define HTTP_NOT_ACCEPTABLE        406
#define HTTP_PROXY_AUTHENTICATION_REQUIRED 407
#define HTTP_REQUEST_TIME_OUT        408
#define HTTP_CONFLICT            409
#define HTTP_GONE              410
#define HTTP_LENGTH_REQUIRED         411
#define HTTP_PRECONDITION_FAILED       412
#define HTTP_REQUEST_ENTITY_TOO_LARGE    413
#define HTTP_REQUEST_URI_TOO_LARGE     414
#define HTTP_UNSUPPORTED_MEDIA_TYPE    415
#define HTTP_RANGE_NOT_SATISFIABLE     416
#define HTTP_EXPECTATION_FAILED      417
#define HTTP_UNPROCESSABLE_ENTITY      422
#define HTTP_LOCKED            423
#define HTTP_FAILED_DEPENDENCY       424
#define HTTP_UPGRADE_REQUIRED        426
#define HTTP_INTERNAL_SERVER_ERROR     500
#define HTTP_NOT_IMPLEMENTED         501
#define HTTP_BAD_GATEWAY           502
#define HTTP_SERVICE_UNAVAILABLE       503
#define HTTP_GATEWAY_TIME_OUT        504
#define HTTP_VERSION_NOT_SUPPORTED     505
#define HTTP_VARIANT_ALSO_VARIES       506
#define HTTP_INSUFFICIENT_STORAGE      507
#define HTTP_NOT_EXTENDED          510
 
/** is the status code informational */
#define ap_is_HTTP_INFO(x)     (((x) >= 100)&&((x) < 200))
/** is the status code OK ?*/
#define ap_is_HTTP_SUCCESS(x)    (((x) >= 200)&&((x) < 300))
/** is the status code a redirect */
#define ap_is_HTTP_REDIRECT(x)   (((x) >= 300)&&((x) < 400))
/** is the status code a error (client or server) */
#define ap_is_HTTP_ERROR(x)    (((x) >= 400)&&((x) < 600))
/** is the status code a client error  */
#define ap_is_HTTP_CLIENT_ERROR(x) (((x) >= 400)&&((x) < 500))
/** is the status code a server error  */
#define ap_is_HTTP_SERVER_ERROR(x) (((x) >= 500)&&((x) < 600))
/** is the status code a (potentially) valid response code?  */
#define ap_is_HTTP_VALID_RESPONSE(x) (((x) >= 100)&&((x) < 600))
 
/** should the status code drop the connection */
#define ap_status_drops_connection(x) \
(((x) == HTTP_BAD_REQUEST)       || \
((x) == HTTP_REQUEST_TIME_OUT)    || \
((x) == HTTP_LENGTH_REQUIRED)     || \
((x) == HTTP_REQUEST_ENTITY_TOO_LARGE) || \
((x) == HTTP_REQUEST_URI_TOO_LARGE) || \
((x) == HTTP_INTERNAL_SERVER_ERROR) || \
((x) == HTTP_SERVICE_UNAVAILABLE) || \
((x) == HTTP_NOT_IMPLEMENTED))

HTTP_INFO

Is the status code (x) informational?

x >= 100 && x < 200

HTTP_SUCCESS

Is the status code (x) OK?

x >= 200 && x < 300

HTTP_REDIRECT

Is the status code (x) a redirect?

x >= 300 && x < 400

HTTP_ERROR

Is the status code (x) a error (client or server)?

x >= 400 && x < 600

HTTP_CLIENT_ERROR

Is the status code (x) a client error?

x >= 400 && x < 500

HTTP_SERVER_ERROR

Is the status code (x) a server error?

x >= 500 && x < 600

HTTP_VALID_RESPONSE

Is the status code (x) a (potentially) valid response code?

x >= 100 && x < 600

http_protocol.c

From http_protocol.c

static const char * status_lines[RESPONSE_CODES] =
static const char * const status_lines[RESPONSE_CODES] =
"100 Continue",
"101 Switching Protocols",
"102 Processing",
"200 OK",
"201 Created",
"202 Accepted",
"203 Non-Authoritative Information",
"204 No Content",
"205 Reset Content",
"206 Partial Content",
"207 Multi-Status",
"300 Multiple Choices",
"301 Moved Permanently",
"302 Found",
"303 See Other",
"304 Not Modified",
"305 Use Proxy",
"306 unused",
"307 Temporary Redirect",
"400 Bad Request",
"401 Authorization Required",
"402 Payment Required",
"403 Forbidden",
"404 Not Found",
"405 Method Not Allowed",
"406 Not Acceptable",
"407 Proxy Authentication Required",
"408 Request Time-out",
"409 Conflict",
"410 Gone",
"411 Length Required",
"412 Precondition Failed",
"413 Request Entity Too Large",
"414 Request-URI Too Large",
"415 Unsupported Media Type",
"416 Requested Range Not Satisfiable",
"417 Expectation Failed",
"418 unused",
"419 unused",
"420 unused",
"421 unused",
"422 Unprocessable Entity",
"423 Locked",
"424 Failed Dependency",
"425 No code",
"426 Upgrade Required",
"500 Internal Server Error",
"501 Method Not Implemented",
"502 Bad Gateway",
"503 Service Temporarily Unavailable",
"504 Gateway Time-out",
"505 HTTP Version Not Supported",
"506 Variant Also Negotiates",
"507 Insufficient Storage",
"508 unused",
"509 unused",
"510 Not Extended"

IANA HTTP Status Code Registry

Value	Description	Reference
100	Continue	[RFC2616] , Section 10.1.1
101	Switching Protocols	[RFC2616] , Section 10.1.2
102	Processing	[RFC2518] , Section 10.1
200	OK	[RFC2616] , Section 10.2.1
201	Created	[RFC2616] , Section 10.2.2
202	Accepted	[RFC2616] , Section 10.2.3
203	Non-Authoritative Information	[RFC2616] , Section 10.2.4
204	No Content	[RFC2616] , Section 10.2.5
205	Reset Content	[RFC2616] , Section 10.2.6
206	Partial Content	[RFC2616] , Section 10.2.7
207	Multi-Status	[RFC4918] , Section 11.1
226	IM Used	[RFC3229] , Section 10.4.1
300	Multiple Choices	[RFC2616] , Section 10.3.1
301	Moved Permanently	[RFC2616] , Section 10.3.2
302	Found	[RFC2616] , Section 10.3.3
303	See Other	[RFC2616] , Section 10.3.4
304	Not Modified	[RFC2616] , Section 10.3.5
305	Use Proxy	[RFC2616] , Section 10.3.6
306	(Reserved)	[RFC2616] , Section 10.3.7
307	Temporary Redirect	[RFC2616] , Section 10.3.8
400	Bad Request	[RFC2616] , Section 10.4.1
401	Unauthorized	[RFC2616] , Section 10.4.2
402	Payment Required	[RFC2616] , Section 10.4.3
403	Forbidden	[RFC2616] , Section 10.4.4
404	Not Found	[RFC2616] , Section 10.4.5
405	Method Not Allowed	[RFC2616] , Section 10.4.6
406	Not Acceptable	[RFC2616] , Section 10.4.7
407	Proxy Authentication Required	[RFC2616] , Section 10.4.8
408	Request Timeout	[RFC2616] , Section 10.4.9
409	Conflict	[RFC2616] , Section 10.4.10
410	Gone	[RFC2616] , Section 10.4.11
411	Length Required	[RFC2616] , Section 10.4.12
412	Precondition Failed	[RFC2616] , Section 10.4.13
413	Request Entity Too Large	[RFC2616] , Section 10.4.14
414	Request-URI Too Long	[RFC2616] , Section 10.4.15
415	Unsupported Media Type	[RFC2616] , Section 10.4.16
416	Requested Range Not Satisfiable	[RFC2616] , Section 10.4.17
417	Expectation Failed	[RFC2616] , Section 10.4.18
422	Unprocessable Entity	[RFC4918] , Section 11.2
423	Locked	[RFC4918] , Section 11.3
424	Failed Dependency	[RFC4918] , Section 11.4
426	Upgrade Required	[RFC2817] , Section 6
500	Internal Server Error	[RFC2616] , Section 10.5.1
501	Not Implemented	[RFC2616] , Section 10.5.2
502	Bad Gateway	[RFC2616] , Section 10.5.3
503	Service Unavailable	[RFC2616] , Section 10.5.4
504	Gateway Timeout	[RFC2616] , Section 10.5.5
505	HTTP Version Not Supported	[RFC2616] , Section 10.5.6
506	Variant Also Negotiates	[RFC2295] , Section 8.1
507	Insufficient Storage	[RFC4918] , Section 11.5
510	Not Extended	[RFC2774] , Section 7

WordPress 2.8 Changes

I just learned that my modification to the WordPress core was accepted and will be implemented for version 2.8! This may mean WordPress is the only 100% HTTP/1.1 compliant software on the net! Below is the new list (I thought someone out there could use the php array) and as you can see, unfortunately418 I'm a teapotdidn't make it ;)

$wp_header_to_desc = array(
  100 => 'Continue',
  101 => 'Switching Protocols',
  102 => 'Processing',
 
  200 => 'OK',
  201 => 'Created',
  202 => 'Accepted',
  203 => 'Non-Authoritative Information',
  204 => 'No Content',
  205 => 'Reset Content',
  206 => 'Partial Content',
  207 => 'Multi-Status',
  226 => 'IM Used',
 
  300 => 'Multiple Choices',
  301 => 'Moved Permanently',
  302 => 'Found',
  303 => 'See Other',
  304 => 'Not Modified',
  305 => 'Use Proxy',
  306 => 'Reserved',
  307 => 'Temporary Redirect',
 
  400 => 'Bad Request',
  401 => 'Unauthorized',
  402 => 'Payment Required',
  403 => 'Forbidden',
  404 => 'Not Found',
  405 => 'Method Not Allowed',
  406 => 'Not Acceptable',
  407 => 'Proxy Authentication Required',
  408 => 'Request Timeout',
  409 => 'Conflict',
  410 => 'Gone',
  411 => 'Length Required',
  412 => 'Precondition Failed',
  413 => 'Request Entity Too Large',
  414 => 'Request-URI Too Long',
  415 => 'Unsupported Media Type',
  416 => 'Requested Range Not Satisfiable',
  417 => 'Expectation Failed',
  422 => 'Unprocessable Entity',
  423 => 'Locked',
  424 => 'Failed Dependency',
  426 => 'Upgrade Required',
 
  500 => 'Internal Server Error',
  501 => 'Not Implemented',
  502 => 'Bad Gateway',
  503 => 'Service Unavailable',
  504 => 'Gateway Timeout',
  505 => 'HTTP Version Not Supported',
  506 => 'Variant Also Negotiates',
  507 => 'Insufficient Storage',
  510 => 'Not Extended'
);

RIPE WHOIS

All the status codes are standard HTTP codes ( http://www.iana.org/assignments/http-status-codes ).

Clients should avoid any form of coupling with the the text/plain error message contained in response body since it may change between different releases of the API and is only intended as a starting point for indentifying the real causes of the exception event.

The following table gives a brief description of the mapping between standard Whois V.3 responses and the related REST services status codes. Consider this table as just an example of the error mapping strategy, it may change with future releases.

System Exception	Whois Error	HTTP Status Code
IllegalArgumentException		Bad Request (400)
IllegalStateException		Internal Server Error (500)
UnsupportedOperationException		Bad Request (400)
ObjectNotFoundException		Not Found (404)
IllegalStateException		Bad Request (400)
IOException		Bad Request (400)
SystemException		Internal Server Error (500)
TooManyResultsException		Internal Server Error (500)
WhoisServerException	No Entries Found (101)	Not Found (404)
WhoisServerException	Unknown Source (102)	Bad Request (400)
WhoisServerException	Unknown Object Type (103)	Bad Request (400)
WhoisServerException	Unknown Attribute in Query (104)	Bad Request (400)
WhoisServerException	Attribute Is Not Inverse Searchable (105)	Bad Request (400)
WhoisServerException	No Search Key Specified (106)	Bad Request (400)
WhoisServerException	Access Denied (201)	Forbidden (403)
WhoisServerException	Access Control Limit Reached (202)	Forbidden (403)
WhoisServerException	Address Passing Not Allowed (203)	Bad Request (400)
WhoisServerException	Maximum Referral Lines Exceeded (204)	Internal Server Error (500)
WhoisServerException	Connection Has Been Closed(301)	Internal Server Error (500)
WhoisServerException	Referral Timeout (302)	Internal Server Error (500)
WhoisServerException	No Referral Host (303)	Internal Server Error (500)
WhoisServerException	Referral Host Not Responding (304)	Internal Server Error (500)

Clients will have to define error messages generic enough to represent the four main error conditions, that are Bad Request, Forbidden, Not Found and Internal Server Error.

For example a possible mapping for client side error messages may be:

HTTP Status Code	Error Message
Bad Request (400)	The service is unable to understand and process the query.
Forbidden (403)	Query limit exceeded.
Not Found (404)	No results were found for Your search "`Search term`"
Internal Server Error (500)	The server encountered an unexpected condition which prevented it from fulfilling the request.

Helpful HTTP Links

IANA registry
Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0)
Adobe Flash status code definitions (ie 408)
Microsoft Internet Information Server Status Codes and Sub-Codes
httplint
HTTP Headers, brief intro.
Common User-Agent Issues
[RFC2295] Holtman, K. and A.H. Mutz , " Transparent Content Negotiation in HTTP ", RFC 2295, March 1998.
[RFC2518] Goland, Y. , Whitehead, E. , Faizi, A. , Carter, S.R. , and D. Jensen , " HTTP Extensions for Distributed Authoring -- WEBDAV ", RFC 2518, February 1999.
[RFC2616] Fielding, R. , Gettys, J. , Mogul, J. , Frystyk, H. , Masinter, L. , Leach, P. , and T. Berners-Lee , " Hypertext Transfer Protocol -- HTTP/1.1 ", RFC 2616, June 1999.
[RFC2774] Nielsen, H. , Leach, P. , and S. Lawrence , " An HTTP Extension Framework ", RFC 2774, February 2000.
[RFC2817] Khare, R. and S. Lawrence, " Upgrading to TLS Within HTTP/1.1 ", RFC 2817, May 2000.
[RFC3229] Mogul, J., Krishnamurthy, B., Douglis, F., Feldmann, A., Goland, Y., van Hoff, A., and D. Hellerstein, " Delta encoding in HTTP ", RFC 3229, January 2002.
[RFC4918] Dusseault, L., Ed. , " HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV) ", RFC 4918, June 2007.

HTTP Status Codes and Htaccess ErrorDocuments originally appeared on AskApache.com

PHP to handle HTTP Status Codes for ErrorDocument

AskApache — Fri, 19 Nov 2010 04:03:22 +0000

AskApache.com

The php part of this article is based on my Advanced WordPress 404.php article from 2008. Many of the following ideas came out of the research performed to enumerate every single Apache ErrorDocument, including learning how to view the defaults and many cool tricks for htaccess.

The PHP HTTP ErrorDocument Handler

Just save this as /err.php or whatever. The best is to put it in a cgi-bin script-alias directory under your DOCUMENT_ROOT like /cgi-bin/e.php but most people don't know how. That way you can setup some advanced stuff in a /cgi-bin/.htaccess file. If you are interested in locking it down, I recommend reading Securing php.ini and php-cgi with .htaccess.

Advantages and Reasons for Using

Fast, HTTP Protocol Compliance, protection. If you are reading this article, you already know and just want to check out the code!

 'Continue',
  101 => 'Switching Protocols',
  102 => 'Processing',
  200 => 'OK',
  201 => 'Created',
  202 => 'Accepted',
  203 => 'Non-Authoritative Information',
  204 => 'No Content',
  205 => 'Reset Content',
  206 => 'Partial Content',
  207 => 'Multi-Status',
  226 => 'IM Used',
  300 => 'Multiple Choices',
  301 => 'Moved Permanently',
  302 => 'Found',
  303 => 'See Other',
  304 => 'Not Modified',
  305 => 'Use Proxy',
  306 => 'Reserved',
  307 => 'Temporary Redirect',
  400 => 'Bad Request',
  401 => 'Unauthorized',
  402 => 'Payment Required',
  403 => 'Forbidden',
  404 => 'Not Found',
  405 => 'Method Not Allowed',
  406 => 'Not Acceptable',
  407 => 'Proxy Authentication Required',
  408 => 'Request Timeout',
  409 => 'Conflict',
  410 => 'Gone',
  411 => 'Length Required',
  412 => 'Precondition Failed',
  413 => 'Request Entity Too Large',
  414 => 'Request-URI Too Long',
  415 => 'Unsupported Media Type',
  416 => 'Requested Range Not Satisfiable',
  417 => 'Expectation Failed',
  422 => 'Unprocessable Entity',
  423 => 'Locked',
  424 => 'Failed Dependency',
  426 => 'Upgrade Required',
  500 => 'Internal Server Error',
  501 => 'Not Implemented',
  502 => 'Bad Gateway',
  503 => 'Service Unavailable',
  504 => 'Gateway Timeout',
  505 => 'HTTP Version Not Supported',
  506 => 'Variant Also Negotiates',
  507 => 'Insufficient Storage',
  510 => 'Not Extended'
  );
 
  $status_msg = array(
  400 => "Your browser sent a request that this server could not understand.",
  401 => "This server could not verify that you are authorized to access the document requested.",
  402 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.',
  403 => "You don't have permission to access %U% on this server.",
  404 => "We couldn't find that uri on our server, though it's most certainly not your fault.",
  405 => "The requested method is not allowed for the URL %U%.",
  406 => "An appropriate representation of the requested resource %U% could not be found on this server.",
  407 => "An appropriate representation of the requested resource %U% could not be found on this server.",
  408 => "Server timeout waiting for the HTTP request from the client.",
  409 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.',
  410 => "The requested resource %U% is no longer available on this server and there is no forwarding address. Please remove all references to this resource.",
  411 => "A request of the requested method GET requires a valid Content-length.",
  412 => "The precondition on the request for the URL %U% evaluated to false.",
  413 => "The requested resource %U% does not allow request data with GET requests, or the amount of data provided in the request exceeds the capacity limit.",
  414 => "The requested URL's length exceeds the capacity limit for this server.",
  415 => "The supplied request data is not in a format acceptable for processing by this resource.",
  416 => 'Requested Range Not Satisfiable',
  417 => "The expectation given in the Expect request-header field could not be met by this server. The client sent Expect:",
  422 => "The server understands the media type of the request entity, but was unable to process the contained instructions.",
  423 => "The requested resource is currently locked. The lock must be released or proper identification given before the method can be applied.",
  424 => "The method could not be performed on the resource because the requested action depended on another action and that other action failed.",
  425 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.',
  426 => "The requested resource can only be retrieved using SSL. Either upgrade your client, or try requesting the page using https://",
  500 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.',
  501 => "This type of request method to %U% is not supported.",
  502 => "The proxy server received an invalid response from an upstream server.",
  503 => "The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.",
  504 => "The proxy server did not receive a timely response from the upstream server.",
  505 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.',
  506 => "A variant for the requested resource %U% is itself a negotiable resource. This indicates a configuration error.",
  507 => "The method could not be performed.  There is insufficient free space left in your storage allocation.",
  510 => "A mandatory extension policy in the request is not accepted by the server for this resource."
  );
 
  // Get the Status Code
  if (isset($_SERVER['REDIRECT_STATUS']) && ($_SERVER['REDIRECT_STATUS'] != 200))$sc = $_SERVER['REDIRECT_STATUS'];
  elseif (isset($_SERVER['REDIRECT_REDIRECT_STATUS']) && ($_SERVER['REDIRECT_REDIRECT_STATUS'] != 200)) $sc = $_SERVER['REDIRECT_REDIRECT_STATUS'];
  $sc = (!isset($_GET['error']) ? 404 : $_GET['error']);
 
  $sc=abs(intval($sc));
 
  // Redirect to server home if called directly or if status is under 400
  if( ( (isset($_SERVER['REDIRECT_STATUS']) && $_SERVER['REDIRECT_STATUS'] == 200) && (floor($sc / 100) == 3) )
     || (!isset($_GET['error']) && $_SERVER['REDIRECT_STATUS'] == 200)  )
  {
      @header("Location: http://{$_SERVER['SERVER_NAME']}",1,302);
      die();
  }
 
  // Check range of code or issue 500
  if (($sc < 200) || ($sc > 599)) $sc = 500;
 
  // Check for valid protocols or else issue 505
  if (!in_array($_SERVER["SERVER_PROTOCOL"], array('HTTP/1.0','HTTP/1.1','HTTP/0.9'))) $sc = 505;
 
  // Get the status reason
  $reason = (isset($status_reason[$sc]) ? $status_reason[$sc] : '');
 
  // Get the status message
  $msg = (isset($status_msg[$sc]) ? str_replace('%U%', htmlspecialchars(strip_tags(stripslashes($_SERVER['REQUEST_URI']))), $status_msg[$sc]) : 'Error');
 
  // issue optimized headers (optimized for your server)
  @header("{$_SERVER['SERVER_PROTOCOL']} {$sc} {$reason}", 1, $sc);
  if( @php_sapi_name() != 'cgi-fcgi' ) @header("Status: {$sc} {$reason}", 1, $sc);
 
  // A very small footprint for certain types of 4xx class errors and all 5xx class errors
  if (in_array($sc, array(400, 403, 405)) || (floor($sc / 100) == 5))
  {
    @header("Connection: close", 1);
    if ($sc == 405) @header('Allow: GET,HEAD,POST,OPTIONS', 1, 405);
  }
 
  echo "\n";
  echo "\n{$sc} {$reason}\n{$reason}
\n{$msg}
\n\n";
}
 
function askapache_global_debug()
{
  # http://www.php.net/manual/en/function.array-walk.php#100681
  global $_GET,$_POST,$_ENV,$_SERVER;  $g=array('_ENV','_SERVER','_GET','_POST');
  array_walk_recursive($g, create_function('$n','global $$n;if( !!$$n&&ob_start()&&(print "[ $"."$n ]\n")&&array_walk($$n,
    create_function(\'$v,$k\', \'echo "[$k] => $v\n";\'))) echo "<"."p"."r"."e>".htmlspecialchars(ob_get_clean())."<"."/"."pr"."e>";') );
}
 
print_error_page();
//if($_SERVER['REMOTE_ADDR']=='youripaddress')askapache_global_debug();
echo "\n";
echo ob_get_clean();
exit;
?>

Note: If you are installing this on a non-linux/non-apache machine/server, you will need to read your products documentation for custom error documents. It will work on any machine that can run php.

Htaccess ErrorDocument Tips

The thing is, how do you setup your website to use this php file to be able to handle all those HTTP Status Codes gracefully? You just need to configure your server to use that php file for any Status Codes you want. If you are building an ErrorDocument handling system for a server-wide, multi-site, setup, you will want to instead use the method I use. Instead of using a separate language like PHP, Python, Ruby, Perl, etc, to handle errors, I rely on the very safe and fast SSI method. I detailed the advanced ErrorDocument SSI (.htaccess or httpd.conf)..

If you instead like most of us, you will be setting this up for 1 site, or 1 DOCUMENT_ROOT serving virtual hosts. For that the best method is to modify your .htaccess file.

Using Redirect in .htaccess to trigger Errors

This is one of my all time favorite discoveries from my apache studies. It's documented elsewhere on this site, but if you want to test it out, just request www.askapache.com/show-error-402. Of course the error handling that I have in place is quite nice.

Redirect 400 /show-error-400
Redirect 401 /show-error-401
Redirect 402 /show-error-402
Redirect 403 /show-error-403
Redirect 405 /show-error-405
Redirect 406 /show-error-406
Redirect 407 /show-error-407
Redirect 408 /show-error-408
Redirect 409 /show-error-409
Redirect 410 /show-error-410
Redirect 411 /show-error-411
Redirect 412 /show-error-412
Redirect 413 /show-error-413
Redirect 414 /show-error-414
Redirect 415 /show-error-415
Redirect 416 /show-error-416
Redirect 417 /show-error-417
Redirect 418 /show-error-418
Redirect 419 /show-error-419
Redirect 420 /show-error-420
Redirect 421 /show-error-421
Redirect 422 /show-error-422
Redirect 423 /show-error-423
Redirect 424 /show-error-424
Redirect 425 /show-error-425
Redirect 426 /show-error-426
Redirect 500 /show-error-500
Redirect 501 /show-error-501
Redirect 502 /show-error-502
Redirect 503 /show-error-503
Redirect 504 /show-error-504
Redirect 505 /show-error-505
Redirect 506 /show-error-506
Redirect 507 /show-error-507
Redirect 508 /show-error-508
Redirect 509 /show-error-509
Redirect 510 /show-error-510

Powerful Mod_Rewrite Trick

Here's how to combine the power of mod_rewrites ability to parse requests and environment variables with the above Redirect trick to trigger a specific ErrorDocument based on the query_string parameter error. This trick is only on AskApache.com, very powerful trick if you need to force ErrorDocuments.

RewriteCond %{QUERY_STRING} error=([4|5][0-9][0-9]) [NC]
RewriteCond %{QUERY_STRING} !404
RewriteRule . /show-error-%1 [L]

ErrorDocument Example for .htaccess

So if you save the php file as err.php in your DOCUMENT_ROOT, these are the htaccess commands that will enable its use.

The addition of the ?error=num should be unneccessary on a good linux machine, it's a way for lesser OS's and webhosts to still be able to use errordocuments. Basically Apache handles ErrorDocuments by setting special DEBUGGING variables (Start with REDIRECT_) so it's very easy to determine the STATUS CODE by just viewing $_SERVER['REDIRECT_STATUS']. If a recursive type of redirect is going on, you may see $_SERVER['REDIRECT_REDIRECT_STATUS']. Dumb (consistently) OS's like a Windows server almost always have problems with things like that, because they don't give a hoot about POSIX or standards, why should they when no one can view their code anyway. Here are some more details on the REDIRECT_STATUS and other ways to use these variables.

If you want to learn how to enumerate and view the different variables that are in your Apache environment, I think I have the best tutorial on the planet for how to do this with PHP and mod_rewrite with mod_headers. That article is the basis for anyone who is hired to do mod_rewrites on a new server without root access. I would say that one article will inform you more about mod_rewrite then any other article on this site.

###
# ErrorDocument: In the event of a problem or error, what the server will return to the client. URLs
# can begin with a / for local web-paths (relative to DocumentRoot), or be a full URL which the client
# can resolve. Alternatively, a message can be displayed.  If a malformed request is detected, normal
# request processing will be immediately halted and the internal error message returned.
#
# Prior to version 2.0, messages were indicated by prefixing them with a
# single unmatched double quote character.
#
# The special value default can be used to specify Apache's simple hardcoded message and
# will restore Apache's simple hardcoded message.
#
ErrorDocument 400 /err.php?error=400
ErrorDocument 401 /err.php?error=401
ErrorDocument 402 /err.php?error=402
ErrorDocument 403 /err.php?error=403
ErrorDocument 404 /err.php?error=404
ErrorDocument 405 /err.php?error=405
ErrorDocument 406 /err.php?error=406
ErrorDocument 407 /err.php?error=407
ErrorDocument 408 /err.php?error=408
ErrorDocument 409 /err.php?error=409
ErrorDocument 410 /err.php?error=410
ErrorDocument 411 /err.php?error=411
ErrorDocument 412 /err.php?error=412
ErrorDocument 413 /err.php?error=413
ErrorDocument 414 /err.php?error=414
ErrorDocument 415 /err.php?error=415
ErrorDocument 416 /err.php?error=416
ErrorDocument 417 /err.php?error=417
ErrorDocument 422 /err.php?error=422
ErrorDocument 423 /err.php?error=423
ErrorDocument 424 /err.php?error=424
ErrorDocument 426 /err.php?error=426
ErrorDocument 500 /err.php?error=500
ErrorDocument 501 /err.php?error=501
ErrorDocument 502 /err.php?error=502
ErrorDocument 503 /err.php?error=503
ErrorDocument 504 /err.php?error=504
ErrorDocument 505 /err.php?error=505
ErrorDocument 506 /err.php?error=506
ErrorDocument 507 /err.php?error=507
ErrorDocument 510 /err.php?error=510

PHP to handle HTTP Status Codes for ErrorDocument originally appeared on AskApache.com

Actual Htaccess Files from My Server

AskApache — Sat, 17 Apr 2010 15:06:22 +0000

AskApache.com

I was going through some backups from years ago, and ran:

locate .htaccess | xargs -I'{}' cat '{}' >> master-htaccesser.txt

My site is named after reading source code because that is what helps me the most when I'm trying to learn something unusually difficult. Just like functions and aliases, it is very helpful to have cheatsheets for common commands.. not much is better than real-world examples. Unfortunately because this was compiled from hundreds of htaccess files on multiple hosts and platforms, and due to the concatenation, it's not organized.

Normally I would not publish something like this, who knows how much unreleased tricks I forgot about.. but in order to say thanks to all those working for open-source, the FSF, and to all those who don't steal content, and to all the incredible authors who shared with me (I twitter most of what I find, and follow my favs), here ya go..

ATTN: Please let me know if this is total junk or not, this is around 1/500th of my master-htaccesser.txt file.. and I'd be happy to post more if it helps..

Checking for Cookie

Used this to stop mp3-scrapers.. checks for a cookie ending in MP3P=02357

Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_COOKIE} !^.*MP3P=([0-9]+).* [NC]
RewriteRule .* - [F,L]

Setting Environment Var if Proxied

RewriteEngine On
RewriteRule "\.(gif|png|jpg)$" "-" [ENV=proxied_image:1]
RewriteCond "%{ENV:proxied_image}" "!1"
RewriteRule "^" "-" [ENV=proxied_other:1]

nokeepalive for ErrorDocs and Abusers

Options SymLinksIfOwnerMatch IncludesNOEXEC
AddOutputFilter Includes html
SetEnv nokeepalive
Order Allow,Deny
Allow from all
# 1 YEAR

Header unset Pragma
FileETag None
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified
Header unset Last-Modified
Header unset ETag
 
SetOutputFilter DEFLATE
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"

SecFilterEngine Off
 
# 1 YEAR

Header unset Pragma
FileETag None
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified
Header unset Last-Modified
Header unset ETag
 
SetOutputFilter DEFLATE
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"

Unreleased Tests for AskApache Password Protection

# +ASKAPACHE PASSPRO 4.6.6
#######################################################
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
# +APRO SIDS
# +SID 21030002
Order Deny,Allow
Deny from All
Satisfy Any
AuthType Digest
AuthName "Protected By AskApache"
AuthDigestDomain / http://www.askapache.com/
AuthDigestFile /home/.greer/askapache/sites/askapache.com/.htpasswda3
Require valid-user

Allow from All



SecFilterEngine Off

Allow from All

# -SID 21030002
# -APRO SIDS
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
#######################################################
# -ASKAPACHE PASSPRO 4.6.6
 
# +ASKAPACHE PASSPRO 4.6.6
#######################################################
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
# +APRO SIDS
# +SID Test
ErrorDocument 401 /wp-content/askapache/test.gif
ErrorDocument 403 /wp-content/askapache/test.gif
ErrorDocument 404 /wp-content/askapache/test.gif
ErrorDocument 500 /wp-content/askapache/test.gif
ServerSignature On

RedirectMatch 305 ^.*modaliastest$ http://www.askapache.com


RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} modrewritetest [NC]
RewriteRule .* http://www.askapache.com [R=307,L]



SetEnv MODSEC_ENABLE On
SecFilterEngine On
SecFilterDefaultAction "nolog,noauditlog,pass"
SecAuditEngine Off
SecFilterInheritance Off
SecFilter modsecuritytest "deny,nolog,noauditlog,status:503"
Deny from All



AuthType Basic
AuthName "askapache test"
AuthUserFile /home/.greer/askapache/sites/askapache.com/htdocs/wp-content/askapache/.htpasswd-basic
Require valid-user


AuthType Digest
AuthName "askapache test"
AuthDigestDomain /wp-content/askapache/ http://www.askapache.com/wp-content/askapache/
AuthUserFile /home/.greer/askapache/sites/askapache.com/htdocs/wp-content/askapache/.htpasswd-digest
Require none


AuthType Digest
AuthName "askapache test"
AuthDigestDomain /wp-content/askapache/ http://www.askapache.com/wp-content/askapache/
AuthUserFile /home/.greer/askapache/sites/askapache.com/htdocs/wp-content/askapache/.htpasswd-digest
Require valid-user


AuthType Digest
AuthName "askapache test"
AuthDigestDomain /wp-content/askapache/ http://www.askapache.com/wp-content/askapache/
AuthDigestFile /home/.greer/askapache/sites/askapache.com/htdocs/wp-content/askapache/.htpasswd-digest
Require valid-user

# -SID Test
# -APRO SIDS
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
#######################################################
# -ASKAPACHE PASSPRO 4.6.6

Warming up to the really advanced tests

Options +ExecCGI
Order Deny,Allow
Deny from All
Allow from 208.113.134.190 64.111.114.111 208.113.134.203 208.113.152.201 env=REDIRECT_STATUS
Satisfy Any
Options +FollowSymLinks
AddHandler application/x-httpd-php .php
 
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !^tyy+$ [NC]
RewriteCond %{REMOTE_USER} ^(.+)$
RewriteRule ^(.*)$ $1/-%1 [R=302,L]
Options +ExecCGI +FollowSymLinks
DirectoryIndex index.php
ErrorDocument 404 /cgi-bin/pro/index.php
 
AuthType Digest
AuthName "AskApache Pro"
AuthDigestFile /home/askapache/sites/askapache.com/.htpasswd-pro
AuthDigestDomain /cgi-bin/pro/ http://www.askapache.com/cgi-bin/pro/ https://www.askapache.com/cgi-bin/pro/
Require user askapacheDirectoryIndex p.php
ErrorDocument 403 /cgi-bin/p/p.php
ErrorDocument 401 /cgi-bin/p/p.php
ErrorDocument 500 /cgi-bin/p/p.php
ErrorDocument 503 /cgi-bin/p/p.php
 
RewriteEngine On
RewriteBase /
RewriteRule .* - [E=INFO_API_VERSION:%{API_VERSION}]
RewriteRule .* - [E=INFO_AUTH_TYPE:%{AUTH_TYPE}]
RewriteRule .* - [E=INFO_CONTENT_LENGTH:%{CONTENT_LENGTH}]
RewriteRule .* - [E=INFO_CONTENT_TYPE:%{CONTENT_TYPE}]
RewriteRule .* - [E=INFO_DOCUMENT_ROOT:%{DOCUMENT_ROOT}]
RewriteRule .* - [E=INFO_GATEWAY_INTERFACE:%{GATEWAY_INTERFACE}]
RewriteRule .* - [E=INFO_HTTPS:%{HTTPS}]
RewriteRule .* - [E=INFO_HTTP_ACCEPT:%{HTTP:Accept}]
RewriteRule .* - [E=INFO_HTTP_ACCEPT_LANGUAGE:%{HTTP:Accept-Language}]
RewriteRule .* - [E=INFO_HTTP_ACCEPT_ENCODING:%{HTTP:Accept-Encoding}]
RewriteRule .* - [E=INFO_HTTP_ACCEPT_CHARSET:%{HTTP:Accept-Charset}]
RewriteRule .* - [E=INFO_HTTP_CACHE_CONTROL:%{HTTP:Cache-Control}]
RewriteRule .* - [E=INFO_HTTP_CONNECTION:%{HTTP:Connection}]
RewriteRule .* - [E=INFO_HTTP_COOKIE:%{HTTP_COOKIE}]
RewriteRule .* - [E=INFO_HTTP_FORWARDED:%{HTTP_FORWARDED}]
RewriteRule .* - [E=INFO_HTTP_HOST:%{HTTP_HOST}]
RewriteRule .* - [E=INFO_HTTP_KEEP_ALIVE:%{HTTP_KEEP_ALIVE}]
RewriteRule .* - [E=INFO_HTTP_PROXY_CONNECTION:%{HTTP_PROXY_CONNECTION}]
RewriteRule .* - [E=INFO_HTTP_REFERER:%{HTTP:Referer}]
RewriteRule .* - [E=INFO_HTTP_USER_AGENT:%{HTTP_USER_AGENT}]
RewriteRule .* - [E=INFO_IS_SUBREQ:%{IS_SUBREQ}]
RewriteRule .* - [E=INFO_ORIG_PATH_INFO:%{ORIG_PATH_INFO}]
RewriteRule .* - [E=INFO_ORIG_PATH_TRANSLATED:%{ORIG_PATH_TRANSLATED}]
RewriteRule .* - [E=INFO_ORIG_SCRIPT_FILENAME:%{ORIG_SCRIPT_FILENAME}]
RewriteRule .* - [E=INFO_ORIG_SCRIPT_NAME:%{ORIG_SCRIPT_NAME}]
RewriteRule .* - [E=INFO_PATH:%{PATH}]
RewriteRule .* - [E=INFO_PATH_INFO:%{PATH_INFO}]
RewriteRule .* - [E=INFO_QUERY_STRING:%{QUERY_STRING}]
RewriteRule .* - [E=INFO_REDIRECT_QUERY_STRING:%{REDIRECT_QUERY_STRING}]
RewriteRule .* - [E=INFO_REDIRECT_REMOTE_USER:%{REDIRECT_REMOTE_USER}]
RewriteRule .* - [E=INFO_REDIRECT_STATUS:%{REDIRECT_STATUS}]
RewriteRule .* - [E=INFO_REDIRECT_URL:%{REDIRECT_URL}]
RewriteRule .* - [E=INFO_REMOTE_ADDR:%{REMOTE_ADDR}]
RewriteRule .* - [E=INFO_REMOTE_HOST:%{REMOTE_HOST}]
RewriteRule .* - [E=INFO_REMOTE_IDENT:%{REMOTE_IDENT}]
RewriteRule .* - [E=INFO_REMOTE_PORT:%{REMOTE_PORT}]
RewriteRule .* - [E=INFO_REMOTE_USER:%{REMOTE_USER}]
RewriteRule .* - [E=INFO_REQUEST_FILENAME:%{REQUEST_FILENAME}]
RewriteRule .* - [E=INFO_REQUEST_METHOD:%{REQUEST_METHOD}]
RewriteRule .* - [E=INFO_REQUEST_URI:%{REQUEST_URI}]
RewriteRule .* - [E=INFO_REDIRECT_REQUEST_URI:%{REDIRECT_REQUEST_URI}]
RewriteRule .* - [E=INFO_SCRIPT_FILENAME:%{SCRIPT_FILENAME}]
RewriteRule .* - [E=INFO_SCRIPT_GROUP:%{SCRIPT_GROUP}]
RewriteRule .* - [E=INFO_SCRIPT_NAME:%{SCRIPT_NAME}]
RewriteRule .* - [E=INFO_SCRIPT_URI:%{SCRIPT_URI}]
RewriteRule .* - [E=INFO_SCRIPT_URL:%{SCRIPT_URL}]
RewriteRule .* - [E=INFO_SCRIPT_USER:%{SCRIPT_USER}]
RewriteRule .* - [E=INFO_SERVER_ADDR:%{SERVER_ADDR}]
RewriteRule .* - [E=INFO_SERVER_ADMIN:%{SERVER_ADMIN}]
RewriteRule .* - [E=INFO_SERVER_NAME:%{SERVER_NAME}]
RewriteRule .* - [E=INFO_SERVER_PORT:%{SERVER_PORT}]
RewriteRule .* - [E=INFO_SERVER_PROTOCOL:%{SERVER_PROTOCOL}]
RewriteRule .* - [E=INFO_SERVER_SIGNATURE:%{SERVER_SIGNATURE}]
RewriteRule .* - [E=INFO_SERVER_SOFTWARE:%{SERVER_SOFTWARE}]
RewriteRule .* - [E=INFO_THE_REQUEST:%{THE_REQUEST}]
RewriteRule .* - [E=INFO_TIME:%{TIME}]
RewriteRule .* - [E=INFO_TIME_DAY:%{TIME_DAY}]
RewriteRule .* - [E=INFO_TIME_HOUR:%{TIME_HOUR}]
RewriteRule .* - [E=INFO_TIME_MIN:%{TIME_MIN}]
RewriteRule .* - [E=INFO_TIME_MON:%{TIME_MON}]
RewriteRule .* - [E=INFO_TIME_SEC:%{TIME_SEC}]
RewriteRule .* - [E=INFO_TIME_WDAY:%{TIME_WDAY}]
RewriteRule .* - [E=INFO_TIME_YEAR:%{TIME_YEAR}]
RewriteRule .* - [E=INFO_TZ:%{TZ}]
RewriteRule .* - [E=INFO_UNIQUE_ID:%{UNIQUE_ID}]
 
RequestHeader set INFO_API_VERSION "%{INFO_API_VERSION}e"
RequestHeader set INFO_AUTH_TYPE "%{INFO_AUTH_TYPE}e"
RequestHeader set INFO_CONTENT_LENGTH "%{INFO_CONTENT_LENGTH}e"
RequestHeader set INFO_CONTENT_TYPE "%{INFO_CONTENT_TYPE}e"
RequestHeader set INFO_DOCUMENT_ROOT "%{INFO_DOCUMENT_ROOT}e"
RequestHeader set INFO_GATEWAY_INTERFACE "%{INFO_GATEWAY_INTERFACE}e"
RequestHeader set INFO_HTTPS "%{INFO_HTTPS}e"
RequestHeader set INFO_HTTP_ACCEPT "%{INFO_HTTP_ACCEPT}e"
RequestHeader set INFO_HTTP_ACCEPT_LANGUAGE "%{INFO_HTTP_ACCEPT_LANGUAGE}e"
RequestHeader set INFO_HTTP_ACCEPT_ENCODING "%{INFO_HTTP_ACCEPT_ENCODING}e"
RequestHeader set INFO_HTTP_ACCEPT_CHARSET "%{INFO_HTTP_ACCEPT_CHARSET}e"
RequestHeader set INFO_HTTP_CACHE_CONTROL "%{INFO_HTTP_CACHE_CONTROL}e"
RequestHeader set INFO_HTTP_CONNECTION "%{INFO_HTTP_CONNECTION}e"
RequestHeader set INFO_HTTP_COOKIE "%{INFO_HTTP_COOKIE}e"
RequestHeader set INFO_HTTP_FORWARDED "%{INFO_HTTP_FORWARDED}e"
RequestHeader set INFO_HTTP_HOST "%{INFO_HTTP_HOST}e"
RequestHeader set INFO_HTTP_KEEP_ALIVE "%{INFO_HTTP_KEEP_ALIVE}e"
RequestHeader set INFO_HTTP_PROXY_CONNECTION "%{INFO_HTTP_PROXY_CONNECTION}e"
RequestHeader set INFO_HTTP_REFERER "%{INFO_HTTP_REFERER}e"
RequestHeader set INFO_HTTP_USER_AGENT "%{INFO_HTTP_USER_AGENT}e"
RequestHeader set INFO_IS_SUBREQ "%{INFO_IS_SUBREQ}e"
RequestHeader set INFO_ORIG_PATH_INFO "%{INFO_ORIG_PATH_INFO}e"
RequestHeader set INFO_ORIG_PATH_TRANSLATED "%{INFO_ORIG_PATH_TRANSLATED}e"
RequestHeader set INFO_ORIG_SCRIPT_FILENAME "%{INFO_ORIG_SCRIPT_FILENAME}e"
RequestHeader set INFO_ORIG_SCRIPT_NAME "%{INFO_ORIG_SCRIPT_NAME}e"
RequestHeader set INFO_PATH "%{INFO_PATH}e"
RequestHeader set INFO_PATH_INFO "%{INFO_PATH_INFO}e"
RequestHeader set INFO_QUERY_STRING "%{INFO_QUERY_STRING}e"
RequestHeader set INFO_REDIRECT_QUERY_STRING "%{INFO_REDIRECT_QUERY_STRING}e"
RequestHeader set INFO_REDIRECT_REMOTE_USER "%{INFO_REDIRECT_REMOTE_USER}e"
RequestHeader set INFO_REDIRECT_STATUS "%{INFO_REDIRECT_STATUS}e"
RequestHeader set INFO_REDIRECT_URL "%{INFO_REDIRECT_URL}e"
RequestHeader set INFO_REMOTE_ADDR "%{INFO_REMOTE_ADDR}e"
RequestHeader set INFO_REMOTE_HOST "%{INFO_REMOTE_HOST}e"
RequestHeader set INFO_REMOTE_IDENT "%{INFO_REMOTE_IDENT}e"
RequestHeader set INFO_REMOTE_PORT "%{INFO_REMOTE_PORT}e"
RequestHeader set INFO_REMOTE_USER "%{INFO_REMOTE_USER}e"
RequestHeader set INFO_REQUEST_FILENAME "%{INFO_REQUEST_FILENAME}e"
RequestHeader set INFO_REQUEST_METHOD "%{INFO_REQUEST_METHOD}e"
RequestHeader set INFO_REQUEST_URI "%{INFO_REQUEST_URI}e"
RequestHeader set INFO_REQUEST_URI "%{INFO_REQUEST_URI}e"
RequestHeader set INFO_SCRIPT_FILENAME "%{INFO_SCRIPT_FILENAME}e"
RequestHeader set INFO_SCRIPT_GROUP "%{INFO_SCRIPT_GROUP}e"
RequestHeader set INFO_SCRIPT_NAME "%{INFO_SCRIPT_NAME}e"
RequestHeader set INFO_SCRIPT_URI "%{INFO_SCRIPT_URI}e"
RequestHeader set INFO_SCRIPT_URL "%{INFO_SCRIPT_URL}e"
RequestHeader set INFO_SCRIPT_USER "%{INFO_SCRIPT_USER}e"
RequestHeader set INFO_SERVER_ADDR "%{INFO_SERVER_ADDR}e"
RequestHeader set INFO_SERVER_ADMIN "%{INFO_SERVER_ADMIN}e"
RequestHeader set INFO_SERVER_NAME "%{INFO_SERVER_NAME}e"
RequestHeader set INFO_SERVER_PORT "%{INFO_SERVER_PORT}e"
RequestHeader set INFO_SERVER_PROTOCOL "%{INFO_SERVER_PROTOCOL}e"
RequestHeader set INFO_SERVER_SIGNATURE "%{INFO_SERVER_SIGNATURE}e"
RequestHeader set INFO_SERVER_SOFTWARE "%{INFO_SERVER_SOFTWARE}e"
RequestHeader set INFO_THE_REQUEST "%{INFO_THE_REQUEST}e"
RequestHeader set INFO_TIME "%{INFO_TIME}e"
RequestHeader set INFO_TIME_DAY "%{INFO_TIME_DAY}e"
RequestHeader set INFO_TIME_HOUR "%{INFO_TIME_HOUR}e"
RequestHeader set INFO_TIME_MIN "%{INFO_TIME_MIN}e"
RequestHeader set INFO_TIME_MON "%{INFO_TIME_MON}e"
RequestHeader set INFO_TIME_SEC "%{INFO_TIME_SEC}e"
RequestHeader set INFO_TIME_WDAY "%{INFO_TIME_WDAY}e"
RequestHeader set INFO_TIME_YEAR "%{INFO_TIME_YEAR}e"
RequestHeader set INFO_TZ "%{INFO_TZ}e"
RequestHeader set INFO_UNIQUE_ID "%{INFO_UNIQUE_ID}e"
 
Options +FollowSymLinks +ExecCGI
DirectoryIndex /cgi-bin/rewrite-test/index.php
 
Header echo ^.*
 
AuthType Digest
AuthName "AskApache Pro"
AuthDigestFile /home/askapache/sites/askapache.com/.htpasswd-pro
AuthDigestDomain / http://www.askapache.com/cgi-bin/rewrite-test/ https://www.askapache.com/cgi-bin/rewrite-test/
Require user askapache
 
SetEnv MODSEC_ENABLE=On
 
SetEnvIfNoCase ^WWW-Auth "(.+)" HTTP_WWW_AUTHORIZATION=$1
SetEnvIfNoCase ^If "(.+)" HTTP_IF_MODIFIED_SINCE=$1
SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1
SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1
SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1
SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
SetEnvIfNoCase ^Authorization$ ".+username=\"(.+)\".+" HTTP_REMOTE_USER=$1
SetEnvIfNoCase ^Content-Type$ "(.+)" HTTP_CONTENT_TYPE=$1
SetEnvIfNoCase ^Content-Length$ "(.+)" HTTP_CONTENT_LENGTH=$1
SetEnvIfNoCase Server_Addr "(.+)" SERVER_ADDR=$1
SetEnvIfNoCase Request_Method "(.+)" REQUEST_METHOD=$1
SetEnvIfNoCase Request_Protocol "(.+)" REQUEST_PROTOCOL=$1
SetEnvIfNoCase Request_URI "(.+)" REQUEST_URI=$1
 
ErrorDocument 100 /cgi-bin/rewrite-test/index.php?g=100
ErrorDocument 101 /cgi-bin/rewrite-test/index.php?g=101
ErrorDocument 102 /cgi-bin/rewrite-test/index.php?g=102
ErrorDocument 200 /cgi-bin/rewrite-test/index.php?g=200
ErrorDocument 201 /cgi-bin/rewrite-test/index.php?g=201
ErrorDocument 202 /cgi-bin/rewrite-test/index.php?g=202
ErrorDocument 203 /cgi-bin/rewrite-test/index.php?g=203
ErrorDocument 204 /cgi-bin/rewrite-test/index.php?g=204
ErrorDocument 205 /cgi-bin/rewrite-test/index.php?g=205
ErrorDocument 206 /cgi-bin/rewrite-test/index.php?g=206
ErrorDocument 207 /cgi-bin/rewrite-test/index.php?g=207
ErrorDocument 300 /cgi-bin/rewrite-test/index.php?g=300
ErrorDocument 301 /cgi-bin/rewrite-test/index.php?g=301
ErrorDocument 302 /cgi-bin/rewrite-test/index.php?g=302
ErrorDocument 303 /cgi-bin/rewrite-test/index.php?g=303
ErrorDocument 304 /cgi-bin/rewrite-test/index.php?g=304
ErrorDocument 305 /cgi-bin/rewrite-test/index.php?g=305
ErrorDocument 306 /cgi-bin/rewrite-test/index.php?g=306
ErrorDocument 307 /cgi-bin/rewrite-test/index.php?g=307
ErrorDocument 400 /cgi-bin/rewrite-test/index.php?g=400
ErrorDocument 401 /cgi-bin/rewrite-test/index.php?g=401
ErrorDocument 402 /cgi-bin/rewrite-test/index.php?g=402
ErrorDocument 403 /cgi-bin/rewrite-test/index.php?g=403
ErrorDocument 404 /cgi-bin/rewrite-test/index.php?g=404
ErrorDocument 405 /cgi-bin/rewrite-test/index.php?g=405
ErrorDocument 406 /cgi-bin/rewrite-test/index.php?g=406
ErrorDocument 407 /cgi-bin/rewrite-test/index.php?g=407
ErrorDocument 408 /cgi-bin/rewrite-test/index.php?g=408
ErrorDocument 409 /cgi-bin/rewrite-test/index.php?g=409
ErrorDocument 410 /cgi-bin/rewrite-test/index.php?g=410
ErrorDocument 411 /cgi-bin/rewrite-test/index.php?g=411
ErrorDocument 412 /cgi-bin/rewrite-test/index.php?g=412
ErrorDocument 413 /cgi-bin/rewrite-test/index.php?g=413
ErrorDocument 414 /cgi-bin/rewrite-test/index.php?g=414
ErrorDocument 415 /cgi-bin/rewrite-test/index.php?g=415
ErrorDocument 416 /cgi-bin/rewrite-test/index.php?g=416
ErrorDocument 417 /cgi-bin/rewrite-test/index.php?g=417
ErrorDocument 418 /cgi-bin/rewrite-test/index.php?g=418
ErrorDocument 419 /cgi-bin/rewrite-test/index.php?g=419
ErrorDocument 420 /cgi-bin/rewrite-test/index.php?g=420
ErrorDocument 421 /cgi-bin/rewrite-test/index.php?g=421
ErrorDocument 422 /cgi-bin/rewrite-test/index.php?g=422
ErrorDocument 423 /cgi-bin/rewrite-test/index.php?g=423
ErrorDocument 424 /cgi-bin/rewrite-test/index.php?g=424
ErrorDocument 425 /cgi-bin/rewrite-test/index.php?g=425
ErrorDocument 426 /cgi-bin/rewrite-test/index.php?g=426
ErrorDocument 500 /cgi-bin/rewrite-test/index.php?g=500
ErrorDocument 501 /cgi-bin/rewrite-test/index.php?g=501
ErrorDocument 502 /cgi-bin/rewrite-test/index.php?g=502
ErrorDocument 503 /cgi-bin/rewrite-test/index.php?g=503
ErrorDocument 504 /cgi-bin/rewrite-test/index.php?g=504
ErrorDocument 505 /cgi-bin/rewrite-test/index.php?g=505
ErrorDocument 506 /cgi-bin/rewrite-test/index.php?g=506
ErrorDocument 507 /cgi-bin/rewrite-test/index.php?g=507
ErrorDocument 508 /cgi-bin/rewrite-test/index.php?g=508
ErrorDocument 509 /cgi-bin/rewrite-test/index.php?g=509
ErrorDocument 510 /cgi-bin/rewrite-test/index.php?g=510
 
RewriteEngine On
RewriteBase /
 
RewriteRule .* - [E=IN_AUTH_TYPE:%{AUTH_TYPE}]
RewriteRule .* - [E=IN_CONTENT_LENGTH:%{CONTENT_LENGTH}]
RewriteRule .* - [E=IN_CONTENT_TYPE:%{CONTENT_TYPE}]
RewriteRule .* - [E=IN_DATE_GMT:%{DATE_GMT}]
RewriteRule .* - [E=IN_DATE_LOCAL:%{DATE_LOCAL}]
RewriteRule .* - [E=IN_DOCUMENT_NAME:%{DOCUMENT_NAME}]
RewriteRule .* - [E=IN_DOCUMENT_PATH_INFO:%{DOCUMENT_PATH_INFO}]
RewriteRule .* - [E=IN_DOCUMENT_ROOT:%{DOCUMENT_ROOT}]
RewriteRule .* - [E=IN_DOCUMENT_URI:%{DOCUMENT_URI}]
RewriteRule .* - [E=IN_GATEWAY_INTERFACE:%{GATEWAY_INTERFACE}]
RewriteRule .* - [E=IN_LAST_MODIFIED:%{LAST_MODIFIED}]
RewriteRule .* - [E=IN_PATH_INFO:%{PATH_INFO}]
RewriteRule .* - [E=IN_PATH_TRANSLATED:%{PATH_TRANSLATED}]
RewriteRule .* - [E=IN_QUERY_STRING:%{QUERY_STRING}]
RewriteRule .* - [E=IN_QUERY_STRING_UNESCAPED:%{QUERY_STRING_UNESCAPED}]
RewriteRule .* - [E=IN_REMOTE_ADDR:%{REMOTE_ADDR}]
RewriteRule .* - [E=IN_REMOTE_HOST:%{REMOTE_HOST}]
RewriteRule .* - [E=IN_REMOTE_IDENT:%{REMOTE_IDENT}]
RewriteRule .* - [E=IN_REMOTE_PORT:%{REMOTE_PORT}]
RewriteRule .* - [E=IN_REMOTE_USER:%{REMOTE_USER}]
RewriteRule .* - [E=IN_REDIRECT_HANDLER:%{REDIRECT_HANDLER}]
RewriteRule .* - [E=IN_REDIRECT_QUERY_STRING:%{REDIRECT_QUERY_STRING}]
RewriteRule .* - [E=IN_REDIRECT_REMOTE_USER:%{REDIRECT_REMOTE_USER}]
RewriteRule .* - [E=IN_REDIRECT_STATUS:%{REDIRECT_STATUS}]
RewriteRule .* - [E=IN_REDIRECT_URL:%{REDIRECT_URL}]
RewriteRule .* - [E=IN_REQUEST_METHOD:%{REQUEST_METHOD}]
RewriteRule .* - [E=IN_REQUEST_URI:%{REQUEST_URI}]
RewriteRule .* - [E=IN_SCRIPT_FILENAME:%{SCRIPT_FILENAME}]
RewriteRule .* - [E=IN_SCRIPT_NAME:%{SCRIPT_NAME}]
RewriteRule .* - [E=IN_SERVER_ADMIN:%{SERVER_ADMIN}]
RewriteRule .* - [E=IN_SERVER_NAME:%{SERVER_NAME}]
RewriteRule .* - [E=IN_SERVER_ADDR:%{SERVER_ADDR}]
RewriteRule .* - [E=IN_SERVER_PORT:%{SERVER_PORT}]
RewriteRule .* - [E=IN_SERVER_PROTOCOL:%{SERVER_PROTOCOL}]
RewriteRule .* - [E=IN_SERVER_SIGNATURE:%{SERVER_SIGNATURE}]
RewriteRule .* - [E=IN_SERVER_SOFTWARE:%{SERVER_SOFTWARE}]
RewriteRule .* - [E=IN_USER_NAME:%{USER_NAME}]
RewriteRule .* - [E=IN_TZ:%{TZ}]
RewriteRule .* - [E=IN_API_VERSION:%{API_VERSION}]
RewriteRule .* - [E=IN_HTTPS:%{HTTPS}]
RewriteRule .* - [E=IN_HTTP_ACCEPT:%{HTTP_ACCEPT}]
RewriteRule .* - [E=IN_HTTP_ACCEPT_CHARSET:%{HTTP_ACCEPT_CHARSET}]
RewriteRule .* - [E=IN_HTTP_ACCEPT_ENCODING:%{HTTP_ACCEPT_ENCODING}]
RewriteRule .* - [E=IN_HTTP_ACCEPT_LANGUAGE:%{HTTP_ACCEPT_LANGUAGE}]
RewriteRule .* - [E=IN_HTTP_CACHE_CONTROL:%{HTTP_CACHE_CONTROL}]
RewriteRule .* - [E=IN_HTTP_CONNECTION:%{HTTP_CONNECTION}]
RewriteRule .* - [E=IN_HTTP_COOKIE:%{HTTP_COOKIE}]
RewriteRule .* - [E=IN_HTTP_FORWARDED:%{HTTP_FORWARDED}]
RewriteRule .* - [E=IN_HTTP_HOST:%{HTTP_HOST}]
RewriteRule .* - [E=IN_HTTP_KEEP_ALIVE:%{HTTP_KEEP_ALIVE}]
RewriteRule .* - [E=IN_HTTP_PROXY_CONNECTION:%{HTTP_PROXY_CONNECTION}]
RewriteRule .* - [E=IN_HTTP_REFERER:%{HTTP_REFERER}]
RewriteRule .* - [E=IN_HTTP_USER_AGENT:%{HTTP_USER_AGENT}]
RewriteRule .* - [E=IN_IS_SUBREQ:%{IS_SUBREQ}]
RewriteRule .* - [E=IN_ORIG_PATH_INFO:%{ORIG_PATH_INFO}]
RewriteRule .* - [E=IN_ORIG_PATH_TRANSLATED:%{ORIG_PATH_TRANSLATED}]
RewriteRule .* - [E=IN_ORIG_SCRIPT_FILENAME:%{ORIG_SCRIPT_FILENAME}]
RewriteRule .* - [E=IN_ORIG_SCRIPT_NAME:%{ORIG_SCRIPT_NAME}]
RewriteRule .* - [E=IN_PATH:%{PATH}]
RewriteRule .* - [E=IN_PHP_SELF:%{PHP_SELF}]
RewriteRule .* - [E=IN_REQUEST_FILENAME:%{REQUEST_FILENAME}]
RewriteRule .* - [E=IN_REQUEST_TIME:%{REQUEST_TIME}]
RewriteRule .* - [E=IN_SCRIPT_GROUP:%{SCRIPT_GROUP}]
RewriteRule .* - [E=IN_SCRIPT_USER:%{SCRIPT_USER}]
RewriteRule .* - [E=IN_THE_REQUEST:%{THE_REQUEST}]
RewriteRule .* - [E=IN_TIME:%{TIME}]
RewriteRule .* - [E=IN_TIME_DAY:%{TIME_DAY}]
RewriteRule .* - [E=IN_TIME_HOUR:%{TIME_HOUR}]
RewriteRule .* - [E=IN_TIME_MIN:%{TIME_MIN}]
RewriteRule .* - [E=IN_TIME_MON:%{TIME_MON}]
RewriteRule .* - [E=IN_TIME_SEC:%{TIME_SEC}]
RewriteRule .* - [E=IN_TIME_WDAY:%{TIME_WDAY}]
RewriteRule .* - [E=IN_TIME_YEAR:%{TIME_YEAR}]
RewriteRule .* - [E=IN_PATH:%{PATH}]
RewriteRule .* - [E=IN_SCRIPT_URI:%{SCRIPT_URI}]
RewriteRule .* - [E=IN_SCRIPT_URL:%{SCRIPT_URL}]
RewriteRule .* - [E=IN_UNIQUE_ID:%{UNIQUE_ID}]
 
RewriteRule .* - [E=ENV_PATH:%{ENV:PATH}]
RewriteRule .* - [E=ENV_SCRIPT_URI:%{ENV:SCRIPT_URI}]
RewriteRule .* - [E=ENV_SCRIPT_URL:%{ENV:SCRIPT_URL}]
RewriteRule .* - [E=ENV_UNIQUE_ID:%{ENV:UNIQUE_ID}]
 
RequestHeader set AUTH_TYPE "%{IN_AUTH_TYPE}e"
RequestHeader set CONTENT_LENGTH "%{IN_CONTENT_LENGTH}e"
RequestHeader set CONTENT_TYPE "%{IN_CONTENT_TYPE}e"
RequestHeader set DATE_GMT "%{IN_DATE_GMT}e"
RequestHeader set DATE_LOCAL "%{IN_DATE_LOCAL}e"
RequestHeader set DOCUMENT_NAME "%{IN_DOCUMENT_NAME}e"
RequestHeader set DOCUMENT_PATH_INFO "%{IN_DOCUMENT_PATH_INFO}e"
RequestHeader set DOCUMENT_ROOT "%{IN_DOCUMENT_ROOT}e"
RequestHeader set DOCUMENT_URI "%{IN_DOCUMENT_URI}e"
RequestHeader set GATEWAY_INTERFACE "%{IN_GATEWAY_INTERFACE}e"
RequestHeader set LAST_MODIFIED "%{IN_LAST_MODIFIED}e"
RequestHeader set PATH_INFO "%{IN_PATH_INFO}e"
RequestHeader set PATH_TRANSLATED "%{IN_PATH_TRANSLATED}e"
RequestHeader set QUERY_STRING "%{IN_QUERY_STRING}e"
RequestHeader set QUERY_STRING_UNESCAPED "%{IN_QUERY_STRING_UNESCAPED}e"
RequestHeader set REMOTE_ADDR "%{IN_REMOTE_ADDR}e"
RequestHeader set REMOTE_HOST "%{IN_REMOTE_HOST}e"
RequestHeader set REMOTE_IDENT "%{IN_REMOTE_IDENT}e"
RequestHeader set REMOTE_PORT "%{IN_REMOTE_PORT}e"
RequestHeader set REMOTE_USER "%{IN_REMOTE_USER}e"
RequestHeader set REDIRECT_HANDLER "%{IN_REDIRECT_HANDLER}e"
RequestHeader set REDIRECT_QUERY_STRING "%{IN_REDIRECT_QUERY_STRING}e"
RequestHeader set REDIRECT_REMOTE_USER "%{IN_REDIRECT_REMOTE_USER}e"
RequestHeader set REDIRECT_STATUS "%{IN_REDIRECT_STATUS}e"
RequestHeader set REDIRECT_URL "%{IN_REDIRECT_URL}e"
RequestHeader set REQUEST_METHOD "%{IN_REQUEST_METHOD}e"
RequestHeader set REQUEST_URI "%{IN_REQUEST_URI}e"
RequestHeader set SCRIPT_FILENAME "%{IN_SCRIPT_FILENAME}e"
RequestHeader set SCRIPT_NAME "%{IN_SCRIPT_NAME}e"
RequestHeader set SCRIPT_URI "%{IN_SCRIPT_URI}e"
RequestHeader set SCRIPT_URL "%{IN_SCRIPT_URL}e"
RequestHeader set SERVER_ADMIN "%{IN_SERVER_ADMIN}e"
RequestHeader set SERVER_NAME "%{IN_SERVER_NAME}e"
RequestHeader set SERVER_ADDR "%{IN_SERVER_ADDR}e"
RequestHeader set SERVER_PORT "%{IN_SERVER_PORT}e"
RequestHeader set SERVER_PROTOCOL "%{IN_SERVER_PROTOCOL}e"
RequestHeader set SERVER_SIGNATURE "%{IN_SERVER_SIGNATURE}e"
RequestHeader set SERVER_SOFTWARE "%{IN_SERVER_SOFTWARE}e"
RequestHeader set UNIQUE_ID "%{IN_UNIQUE_ID}e"
RequestHeader set USER_NAME "%{IN_USER_NAME}e"
RequestHeader set TZ "%{IN_TZ}e"
RequestHeader set API_VERSION "%{IN_API_VERSION}e"
RequestHeader set HTTPS "%{IN_HTTPS}e"
RequestHeader set HTTP_ACCEPT "%{IN_HTTP_ACCEPT}e"
RequestHeader set HTTP_ACCEPT_CHARSET "%{IN_HTTP_ACCEPT_CHARSET}e"
RequestHeader set HTTP_ACCEPT_ENCODING "%{IN_HTTP_ACCEPT_ENCODING}e"
RequestHeader set HTTP_ACCEPT_LANGUAGE "%{IN_HTTP_ACCEPT_LANGUAGE}e"
RequestHeader set HTTP_CACHE_CONTROL "%{IN_HTTP_CACHE_CONTROL}e"
RequestHeader set HTTP_CONNECTION "%{IN_HTTP_CONNECTION}e"
RequestHeader set HTTP_COOKIE "%{IN_HTTP_COOKIE}e"
RequestHeader set HTTP_FORWARDED "%{IN_HTTP_FORWARDED}e"
RequestHeader set HTTP_HOST "%{IN_HTTP_HOST}e"
RequestHeader set HTTP_KEEP_ALIVE "%{IN_HTTP_KEEP_ALIVE}e"
RequestHeader set HTTP_PROXY_CONNECTION "%{IN_HTTP_PROXY_CONNECTION}e"
RequestHeader set HTTP_REFERER "%{IN_HTTP_REFERER}e"
RequestHeader set HTTP_USER_AGENT "%{IN_HTTP_USER_AGENT}e"
RequestHeader set IS_SUBREQ "%{IN_IS_SUBREQ}e"
RequestHeader set ORIG_PATH_INFO "%{IN_ORIG_PATH_INFO}e"
RequestHeader set ORIG_PATH_TRANSLATED "%{IN_ORIG_PATH_TRANSLATED}e"
RequestHeader set ORIG_SCRIPT_FILENAME "%{IN_ORIG_SCRIPT_FILENAME}e"
RequestHeader set ORIG_SCRIPT_NAME "%{IN_ORIG_SCRIPT_NAME}e"
RequestHeader set PATH "%{IN_PATH}e"
RequestHeader set PHP_SELF "%{IN_PHP_SELF}e"
RequestHeader set REQUEST_FILENAME "%{IN_REQUEST_FILENAME}e"
RequestHeader set REQUEST_TIME "%{IN_REQUEST_TIME}e"
RequestHeader set SCRIPT_GROUP "%{IN_SCRIPT_GROUP}e"
RequestHeader set SCRIPT_USER "%{IN_SCRIPT_USER}e"
RequestHeader set THE_REQUEST "%{IN_THE_REQUEST}e"
RequestHeader set TIME "%{IN_TIME}e"
RequestHeader set TIME_DAY "%{IN_TIME_DAY}e"
RequestHeader set TIME_HOUR "%{IN_TIME_HOUR}e"
RequestHeader set TIME_MIN "%{IN_TIME_MIN}e"
RequestHeader set TIME_MON "%{IN_TIME_MON}e"
RequestHeader set TIME_SEC "%{IN_TIME_SEC}e"
RequestHeader set TIME_WDAY "%{IN_TIME_WDAY}e"
RequestHeader set TIME_YEAR "%{IN_TIME_YEAR}e"
 
SetEnvIfNoCase ^WWW-Auth "(.+)" HTTP_WWW_AUTHORIZATION=$1
SetEnvIfNoCase ^If "(.+)" HTTP_IF_MODIFIED_SINCE=$1
SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1
SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1
SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1
SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
SetEnvIfNoCase ^Content-Type$ "(.+)" HTTP_CONTENT_TYPE=$1
SetEnvIfNoCase ^Content-Length$ "(.+)" HTTP_CONTENT_LENGTH=$1
SetEnvIfNoCase ^Authorization$ ".+username=\"([a-zA-Z0-9]+)\".+" REMOTE_USER=$1
SetEnvIfNoCase Server_Addr "(.+)" SERVER_ADDR=$1
SetEnvIfNoCase Request_Method "(.+)" REQUEST_METHOD=$1
SetEnvIfNoCase Request_Protocol "(.+)" REQUEST_PROTOCOL=$1
SetEnvIfNoCase Request_URI "(.+)" REQUEST_URI=$1
 
RequestHeader set IF_MODIFIED_SINCE "%{HTTP_IF_MODIFIED_SINCE}e"
RequestHeader set IF_NONE_MATCH "%{HTTP_IF_NONE_MATCH}e"
RequestHeader set CACHE_CONTROL "%{HTTP_CACHE_CONTROL}e"
RequestHeader set CONNECTION "%{HTTP_CONNECTION}e"
RequestHeader set KEEP_ALIVE "%{HTTP_KEEP_ALIVE}e"
RequestHeader set AUTHORIZATION "%{HTTP_AUTHORIZATION}e"
RequestHeader set REMOTE_USER "%{REMOTE_USER}e"
RequestHeader set CONTENT_TYPE "%{HTTP_CONTENT_TYPE}e"
RequestHeader set CONTENT_LENGTH "%{HTTP_CONTENT_LENGTH}e"
RequestHeader set SERVER_ADDR "%{SERVER_ADDR}e"
RequestHeader set REQUEST_METHOD "%{REQUEST_METHOD}e"
RequestHeader set REQUEST_PROTOCOL "%{REQUEST_PROTOCOL}e"
RequestHeader set REQUEST_URI "%{REQUEST_URI}e"
 
RequestHeader set UNIQUE_ID "%{ENV_UNIQUE_ID}e"
RequestHeader set SCRIPT_URL "%{ENV_SCRIPT_URL}e"
RequestHeader set SCRIPT_URI "%{ENV_SCRIPT_URI}e"
RequestHeader set PATH "%{ENV_PATH}e"
 
Options +ExecCGI +FollowSymLinks
 
Order Deny,Allow
Deny from All
Allow from 208.113.134.190  64.111.114.111 208.113.134.203 208.113.152.201 env=REDIRECT_STATUS
Satisfy Any
 
SecFilterEngine Off

More Mod_Security (1)

#
# Order Deny,Allow
# First, all Allow directives are evaluated; at least one must match, or the request is rejected.
# Next, all Deny directives are evaluated. If any matches, the request is rejected.
# Last, any requests which do not match an Allow or a Deny directive are denied by default.
#
Order Allow,Deny
Allow from all
Deny from 217.219.
 
#Order Deny,Allow
# First, all Deny directives are evaluated; if any match, the request is denied unless it also matches an Allow directive.
# Any requests which do not match any Allow or Deny directives are permitted.
 
#SetEnvIf content-type (multipart/form-data)(.*) NEW_CONTENT_TYPE=application/x-www-form-urlencoded$2 OLD_CONTENT_TYPE=$1$2
#RequestHeader set content-type %{NEW_CONTENT_TYPE}e env=NEW_CONTENT_TYPE
SetEnvIfNoCase Content-Type "^multipart/form-data" !MODSEC_NOPOSTBUFFERING
SetEnvIfNoCase Content-Type "^application/x-www-form-urlencoded" !MODSEC_NOPOSTBUFFERING
SetEnv suppress-error-charset
SetEnvIfNoCase Content-Type "^multipart/form-data" !MODSEC_NOPOSTBUFFERING
 
SetEnvIf Request_URI "^/(cgi-bin/search\.php|cgi-bin/java\.cgi|wp-admin/.*)" MODSEC_ENABLE=Off
SetEnvIf Request_URI "^/(online-tools/js-compress.*)" "MODSEC_NOPOSTBUFFERING=Do not buffer file uploads"
SetEnvIfNoCase Remote_Addr ^208\.113\.134\.190$ MODSEC_ENABLE=Off
SetEnvIfNoCase Remote_Addr ^64\.111\.114\.111$ MODSEC_ENABLE=Off
 
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# TZ: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
SetEnv TZ America/Indianapolis
 
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
SetEnv SERVER_ADMIN webmaster@askapache.com
 
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature Off
 
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.0/mod/core.html#options
# for more information.
#
Options -Indexes -Includes -ExecCGI -MultiViews
 
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
DirectoryIndex index.php
 
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
Action php5-cgi /bin/php.cgi
 
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler php5-cgi .php .inc
 
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#
AddDefaultCharset UTF-8
 
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#
AddType 'application/rdf+xml; charset=UTF-8' .rdf
AddType 'application/xhtml+xml; charset=UTF-8' .xhtml
AddType 'application/xhtml+xml; charset=UTF-8' .xhtml.gz
AddType 'text/html; charset=UTF-8' .html
AddType 'text/html; charset=UTF-8' .html.gz
AddType application/octet-stream .rar .chm .bz2 .tgz .msi .pdf .exe
AddType application/vnd.ms-excel .csv
AddType application/x-httpd-php-source .phps
AddType application/x-pilot .prc .pdb
AddType application/x-shockwave-flash .swf
AddType application/xrds+xml .xrdf
AddType text/plain .ini .sh .bsh .bash .awk .nawk .gawk .csh .var .c .in .h .asc .md5 .sha .sha1
AddType video/x-flv .flv
 
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
#
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
 
#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/html

Error Documents

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
#100 Continue
#101 Switching Protocols
#102 Processing
#200 OK
#201 Created
#202 Accepted
#203 Non-Authoritative Information
#204 No Content
#205 Reset Content
#206 Partial Content
#207 Multi-Status
#300 Multiple Choices
#301 Moved Permanently
#302 Found
#303 See Other
#304 Not Modified
#305 Use Proxy
#306 unused
#307 Temporary Redirect
#400 Bad Request
#401 Authorization Required
#402 Payment Required
#403 Forbidden
#404 Not Found
#405 Method Not Allowed
#406 Not Acceptable
#407 Proxy Authentication Required
#408 Request Time-out
#409 Conflict
#410 Gone
#411 Length Required
#412 Precondition Failed
#413 Request Entity Too Large
#414 Request-URI Too Large
#415 Unsupported Media Type
#416 Requested Range Not Satisfiable
#417 Expectation Failed
#418 unused
#419 unused
#420 unused
#421 unused
#422 Unprocessable Entity
#423 Locked
#424 Failed Dependency
#425 No code
#426 Upgrade Required
#500 Internal Server Error
#501 Method Not Implemented
#502 Bad Gateway
#503 Service Temporarily Unavailable
#504 Gateway Time-out
#505 HTTP Version Not Supported
#506 Variant Also Negotiates
#507 Insufficient Storage
#508 unused
#509 unused
#510 Not Extended
 
#ErrorDocument 100 /e/100_CONTINUE.html
#ErrorDocument 101 /e/101_SWITCHING_PROTOCOLS.html
#ErrorDocument 102 /e/102_PROCESSING.html
 
#ErrorDocument 200 /e/200_OK.html
#ErrorDocument 201 /e/201_CREATED.html
#ErrorDocument 202 /e/202_ACCEPTED.html
#ErrorDocument 203 /e/203_NON_AUTHORITATIVE.html
#ErrorDocument 204 /e/204_NO_CONTENT.html
#ErrorDocument 205 /e/205_RESET_CONTENT.html
#ErrorDocument 206 /e/206_PARTIAL_CONTENT.html
#ErrorDocument 207 /e/207_MULTI_STATUS.html
 
#ErrorDocument 300 /e/300_MULTIPLE_CHOICES.html
#ErrorDocument 301 /e/301_MOVED_PERMANENTLY.html
#ErrorDocument 302 /e/302_MOVED_TEMPORARILY.html
#ErrorDocument 303 /e/303_SEE_OTHER.html
#ErrorDocument 304 /e/304_NOT_MODIFIED.html
#ErrorDocument 305 /e/305_USE_PROXY.html
#ErrorDocument 307 /e/307_TEMPORARY_REDIRECT.html
 
ErrorDocument 400 /e/400_BAD_REQUEST.html
ErrorDocument 401 /e/401_UNAUTHORIZED.html
ErrorDocument 402 /e/402_PAYMENT_REQUIRED.html
ErrorDocument 403 /e/403_FORBIDDEN.html
#ErrorDocument 404 /e/404_NOT_FOUND.html
ErrorDocument 404 /index.php?error=404
ErrorDocument 405 /e/405_METHOD_NOT_ALLOWED.html
ErrorDocument 406 /e/406_NOT_ACCEPTABLE.html
ErrorDocument 407 /e/407_PROXY_AUTHENTICATION_REQUIRED.html
ErrorDocument 408 /e/408_REQUEST_TIME_OUT.html
ErrorDocument 409 /e/409_CONFLICT.html
ErrorDocument 410 /e/410_GONE.html
ErrorDocument 411 /e/411_LENGTH_REQUIRED.html
ErrorDocument 412 /e/412_PRECONDITION_FAILED.html
ErrorDocument 413 /e/413_REQUEST_ENTITY_TOO_LARGE.html
ErrorDocument 414 /e/414_REQUEST_URI_TOO_LARGE.html
ErrorDocument 415 /e/415_UNSUPPORTED_MEDIA_TYPE.html
ErrorDocument 416 /e/416_RANGE_NOT_SATISFIABLE.html
ErrorDocument 417 /e/417_EXPECTATION_FAILED.html
ErrorDocument 422 /e/422_UNPROCESSABLE_ENTITY.html
ErrorDocument 423 /e/423_LOCKED.html
ErrorDocument 424 /e/424_FAILED_DEPENDENCY.html
ErrorDocument 426 /e/426_UPGRADE_REQUIRED.html
ErrorDocument 500 /e/500_INTERNAL_SERVER_ERROR.html
ErrorDocument 501 /e/501_NOT_IMPLEMENTED.html
ErrorDocument 502 /e/502_BAD_GATEWAY.html
ErrorDocument 503 /e/503_SERVICE_UNAVAILABLE.html
ErrorDocument 504 /e/504_GATEWAY_TIME_OUT.html
ErrorDocument 505 /e/505_VERSION_NOT_SUPPORTED.html
ErrorDocument 506 /e/506_VARIANT_ALSO_VARIES.html
ErrorDocument 507 /e/507_INSUFFICIENT_STORAGE.html
ErrorDocument 510 /e/510_NOT_EXTENDED.html

Caching

#
#  HEADERS and CACHING
#
Header unset Pragma
FileETag None
Header unset ETag
 
# 1 YEAR

Header unset P3P
Header unset Pragma
FileETag None
Header unset ETag
Header set Cache-Control "public,max-age=29030400"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified

 
# 2 HOURS


ExpiresActive On
ExpiresDefault A3600

Redirect Hack

#Redirect 400 /e/400
#Redirect 401 /e/401
#Redirect 402 /e/402
#Redirect 403 /e/403
Redirect 404 /index.php?error=404
#Redirect 405 /e/405
#Redirect 406 /e/406
#Redirect 407 /e/407
#Redirect 408 /e/408
#Redirect 409 /e/409
#Redirect 410 /e/410
#Redirect 411 /e/411
#Redirect 412 /e/412
#Redirect 413 /e/413
#Redirect 414 /e/414
#Redirect 415 /e/415
#Redirect 416 /e/416
#Redirect 417 /e/417
#Redirect 418 /e/418
#Redirect 419 /e/419
#Redirect 420 /e/420
#Redirect 421 /e/421
#Redirect 422 /e/422
#Redirect 423 /e/423
#Redirect 424 /e/424
#Redirect 425 /e/425
#Redirect 426 /e/426
#Redirect 500 /e/500
#Redirect 501 /e/501
#Redirect 502 /e/502
#Redirect 503 /e/503
#Redirect 504 /e/504
#Redirect 505 /e/505
#Redirect 506 /e/506
#Redirect 507 /e/507
#Redirect 508 /e/508
#Redirect 509 /e/509
#Redirect 510 /e/510

301 PERMANENT REDIRECTS

#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
#
Redirect 301 /12-lessons-for-those-afraid-of-css.html http://www.askapache.com/css/12-lessons-for-those-afraid-of-css.html
Redirect 301 /2006/htaccess/htaccesselite-ultimate-htaccess-article.html http://www.askapache.com/htaccess/apache-htaccess.html
Redirect 301 /2007/phpbb/sending-post-form-data-with-php-curl.html http://www.askapache.com/htaccess/sending-post-form-data-with-php-curl.html
Redirect 301 /2007/webmaster/custom-phpini-with-fastcgi-on-dreamhost.html http://www.askapache.com/dreamhost/custom-phpini-with-fastcgi-on-dreamhost.html
Redirect 301 /2007/webmaster/custom-phpini-with-fastcgi-on-dreamhost.html http://www.askapache.com/dreamhost/custom-phpini-with-fastcgi-on-dreamhost.html
Redirect 301 /2007/webmaster/php-and-ajax-shell-console.html http://www.askapache.com/tools/php-and-ajax-shell-console.html
Redirect 301 /27-request-methods-for-use-with-apache-and-rewritecond-and-htaccess.html http://www.askapache.com/htaccess/27-request-methods-for-use-with-apache-and-rewritecond-and-htaccess.html
Redirect 301 /404-google-wordpress-plugin.html http://www.askapache.com/seo/404-google-wordpress-plugin.html
Redirect 301 /503-service-temporarily-unavailable.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /Overview-about.rdf http://www.askapache.com/askapache-home.rdf
Redirect 301 /abbr-acronym.html http://www.askapache.com/xhtml/abbr-acronym.html
Redirect 301 /adsense-robots.html http://www.askapache.com/google/adsense-robots.html
Redirect 301 /alexa-toolbar-firefox.html http://www.askapache.com/tools/alexa-toolbar-firefox.html
Redirect 301 /allowing-access-from-1-static-ip-and-deny-the-rest.html http://www.askapache.com/htaccess/apache-htaccess.html
Redirect 301 /anti-virus-spyware-rootkit.html http://www.askapache.com/security/anti-virus-spyware-rootkit.html
Redirect 301 /apache-ssl-in-htaccess-examples.html http://www.askapache.com/htaccess/apache-ssl-in-htaccess-examples.html
Redirect 301 /awk-tutorial.html http://www.askapache.com/awk/awk-tutorial.html
Redirect 301 /best-adsense-optimization.html http://www.askapache.com/wordpress/best-adsense-optimization.html
Redirect 301 /commonly-used-htaccess-code-examples.html http://www.askapache.com/htaccess/commonly-used-htaccess-code-examples.html
Redirect 301 /css-background-image-sprite.html http://www.askapache.com/css/css-background-image-sprite.html
Redirect 301 /css-browser-screenshots.html http://www.askapache.com/tools/css-browser-screenshots.html
Redirect 301 /css-class-example.html http://www.askapache.com/css/css-class-example.html
Redirect 301 /curl-multi-downloads.html http://www.askapache.com/php/curl-multi-downloads.html
Redirect 301 /custom-boot-menu-in-windows-xp.html http://www.askapache.com/windows/custom-boot-menu-in-windows-xp.html
Redirect 301 /donate http://www.dreamhost.com/donate.cgi?id=8261
Redirect 301 /donate/ http://www.dreamhost.com/donate.cgi?id=8261
Redirect 301 /htaccess.txt http://z.askapache.com/p/htaccess.txt
Redirect 301 /htaccess/404-errorpages.html http://www.askapache.com/seo/google-ajax-search-seo-tips.html
Redirect 301 /htaccess/feedsmith http://www.askapache.com/htaccess/feedsmith-htaccess.html
Redirect 301 /htaccess/http-status-codes.html http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
Redirect 301 /htaccess/instruct-search-engines-to-come-back-to-site-after-you-finish-working-on-it.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /htaccess/speed-up-the-apache-web-server-with-configuration-hacks.html http://www.askapache.com/htaccess/apache-web-server-speed-configuration-hacks.html
Redirect 301 /instruct-search-engines-to-come-back-to-site-after-you-finish-working-on-it.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /security/bypassing-vlan.html http://www.askapache.com/security/hacking-vlan-switched-networks.html
Redirect 301 /security/bypassing-vlanbypassing-vlan.html http://www.askapache.com/security/hacking-vlan-switched-networks.html
Redirect 301 /security/rigging-the-dreamhost-site-of-the-month-contest.html http://www.askapache.com/dreamhost/rigging-the-dreamhost-site-of-the-month-contest.html
Redirect 301 /seo/tailrankcom-robot.html http://www.askapache.com/seo/tailrank-robot.html
Redirect 301 /webmaster/caching-tutorial-for-webmasters.html http://www.askapache.com/htaccess/caching-tutorial-for-webmasters.html
Redirect 301 /webmaster/lft-traceroute-tool.html http://www.askapache.com/tools/lft-traceroute-tool.html

301 PERMANENT REDIRECTMATCH

#
#  PERMANENT REDIRECTMATCH
#
#RedirectMatch 301 ^/&(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/(.+)\.html/$ http://www.askapache.com/$1.html
RedirectMatch 301 ^/&(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/.*feed\.gif$ http://z.askapache.com/feed.gif
RedirectMatch 301 ^/([^/]+)//$ http://www.askapache.com/$1/
RedirectMatch 301 ^/(.+)/htaccesselite-ultimate-htaccess-article.html(.*) http://www.askapache.com/htaccess/apache-htaccess.html
RedirectMatch 301 ^/(.+)\.html/([a-z][a-z])/$ http://www.askapache.com/$1.html
RedirectMatch 301 ^/([\(]+)(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/([^9]*)9O1X.3y(.*)/(.*)$ http://www.askapache.com/$2
RedirectMatch 301 ^/.3y(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/200([0-9])/([0-9])(.*)$ http://www.askapache.com/top-100/
RedirectMatch 301 ^/200([0-9])/([^01])(.*)$ http://www.askapache.com/$2$3
RedirectMatch 301 ^/about/glossary(.*)$ http://www.askapache.com/glossary$1
RedirectMatch 301 ^/apache-speed(.*)$ http://www.askapache.com/htaccess/apache-speed$1
RedirectMatch 301 ^/category/(.+)$ http://www.askapache.com/$1
RedirectMatch 301 ^/docs/(.*)$ http://askapache.info/$1
RedirectMatch 301 ^/htaccess/feedsmith-htaccess(.*) http://www.askapache.com/htaccess/redirecting-wordpress-feeds-to-feedburner.html
RedirectMatch 301 ^/robots-txt(.*)$ http://www.askapache.com/robots.txt
RedirectMatch 301 ^/hosting/?$ http://www.askapache.com/hosting/
RedirectMatch 301 ^/.+favicon.ico$ http://www.askapache.com/favicon.ico
#RedirectMatch 301 ^/wp-content/uploads/(.*)$ http://z.askapache.com/uploads/$1
#RedirectMatch 301 ^/z/(.+)$ http://z.askapache.com/$1
#RedirectMatch 301 ^/(z|t|i|j|c|p)/(.*)$ http://z.askapache.com/$1/$2
 
#
#  TEMPORARY REDIRECTMATCH
#
RedirectMatch 307 ^/getflash/?$ http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
RedirectMatch 307 ^/dream/?$ http://www.askapache.com/dreamhost/
RedirectMatch 307 ^/(cse|apachecse|apachecsetest|apachesearch)/?$ http://www.google.com/coop/cse?cx=002660089121042511758%3Akk7rwc2gx0i
RedirectMatch 307 ^/search/lr-lang(.*)$ http://feeds.askapache.com/apache/htaccess
 
#
#  PERMANENT GONE
#
RedirectMatch 410 ^/funny(.*)

My Favorite modsec_v1 stuff

# Pass: Allows request to continue, further filters could still halt request.
# Allow: Allows matching requests through, will not be tested against other filters.
# Deny: Stops the request outright, returns a HTTP 500 error code by default.
# Status: Used to specify an alternate HTTP error code.
# Redirect: Matching requests are redirected to the provided URL.
# Exec: Allows execution of a local system binary or script.
# Log: Logs request only.
# Nolog: Does not log request.
# Chain: Allows you to create list of filters for more granulated security. All filters must be cleared before action is taken with the final filter.
 
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding Off
SecFilterScanPOST On
 
#SecUploadKeepFiles On
#SecUploadDir /home/askapache/sites/askapache.com/logs/sec-upload
#SecUploadApproveScript /home/askapache/sites/askapache.com/htdocs/cgi-bin/check.sh
 
#SecRuleEngine On
#SecAuditEngine On
#SecAuditEngine Off
SecAuditEngine RelevantOnly
SecAuditLog /home/askapache/sites/askapache.com/logs/modsec_audit.log
SecFilterDebugLog /home/askapache/sites/askapache.com/logs/modsec_debug.log
SecFilterDebugLevel 1
#SecAuditLogRelevantStatus "^(?:1|2(?!00)|5|4(?!04))"
SecAuditLogRelevantStatus "^(1|2(?!00)|4([0-9](0|1|2|5|6|7|8|9))|5)"
SecFilterForceByteRange 1 255
 
#SecFilterInheritance Off
# 0 EMERGENCY - system is unusable
# 1 ALERT - action must be taken immediately
# 2 CRITICAL - critical conditions
# 3 ERROR - error conditions
# 4 WARNING - warning conditions
# 5 NOTICE - normal but significant conditions
# 6 INFO - informational
# 7 DEBUG - debug-level messages
 
SecFilterDefaultAction "deny,severity:6,status:403"
 
#SecFilterSelective REQUEST_METHOD "POST" "pass,auditlog,severity:6"
SecFilterSelective REQUEST_URI "^/(xmlrpc|wp-comments-post)\.php" "pass,log,auditlog,severity:6"
#SecFilterSelective REMOTE_ADDR ^$ "pass,log,auditlog,severity:6"
#SecFilterSelective REMOTE_ADDR ^203\.221\.91\.20$ "pass,log,auditlog,severity:6"
 
#SecFilterSelective REQUEST_URI "^/htaccess.*" "pass,log,auditlog"
#SecFilterSelective REQUEST_URI "^/feed.*" "pass,log,auditlog"
#SecFilterSelective REQUEST_URI "^/.*trackback.*" "pass,log,auditlog"
#SecFilterSelective REQUEST_URI "^/valid.*" "pass,log,auditlog"
 
#Enforce proper HTTP requests
SecFilterSelective SERVER_PROTOCOL "!^HTTP/(0\.9|1\.0|1\.1)$" "id:340000,rev:1,severity:6,msg:'Bad HTTP Protocol'"
 
# Only accept request encodings we know how to handle
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD|POST)$" "chain,id:340001,rev:1,severity:6,msg:'Restricted HTTP function,status:405'"
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
 
# Require Content-Length to be provided with every POST request
SecFilterSelective REQUEST_METHOD "^POST$" "chain,id:340003,rev:1,severity:6,msg:'Content Length not provided with POST',status:411"
SecFilterSelective HTTP_Content-Length "^$"
 
# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$" "id:340004,rev:1,severity:6,msg:'Dis-allowed Transfer Encoding'"
 
#Generic rule for allowed characters, adjust for your site before activating
##SecFilterSelective REQUEST_URI "!^[a-zA-Z0-9\.\+\_\/\-\?\=\&\%\#]+$" "chain,id:390002,rev:1,severity:4,msg:'Restricted HTTP character set'"
##SecFilterSelective REQUEST_URI "!^/(openid|wp-admin|wp-includes|wp-content|wp-login.php)"
 
#HTTP response splitting generic sigs
#SecFilter "Content-Length\:.*Content-Type\:.*Content-Type\:" "id:340005,rev:1,severity:4,msg:'HTTP response splitting'"
 
#HTTP response splitting generic sigs
#SecFilter "Content-Length\:" "chain,id:340006,rev:1,severity:4,msg:'HTTP response splitting'"
#SecFilter "Content-Type\:"
 
#catch smuggling attacks
#SecFilter "^(GET|POST).*Host:.*^(GET|POST)"  "id:300012,rev:1,severity:4,msg:'catch smuggling attacks'"
 
#XSS insertion into Content-Type
#SecFilterSelective THE_REQUEST "Content-Type\:.*(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:)" "id:300002,rev:1,severity:4,msg:'XSS attack in Content-type header'"
 
#Code injection via content length
#SecFilterSelective HTTP_Content-Length|HTTP_USER_AGENT "\;(system|passthru|exec)\(" "id:330003,rev:1,severity:4,msg:'Code Injection in Content-Length header'"
 
#Don't accept chunked encodings modsecurity can not look at these, so this is a hole that can bypass your rules, the rule before this one should cover this, but hey paranoia is cheap
#SecFilterSelective HTTP_Transfer-Encoding "chunked" "id:300003,rev:1,severity:4,msg:'Chunked Transfer Encoding denied'"
 
##generic recursion signatures
#SecFilterSelective REQUEST_URI "\.\./\.\./" "id:300004,rev:2,severity:4,msg:'Generic Path Recursion1 denied'"
#SecFilterSelective THE_REQUEST "\.\|\./\.\|\./\.\|" "id:300005,rev:1,severity:4,msg:'Generic Path Recursion2 denied'"
#SecFilterSelective THE_REQUEST "\.\.\./" "id:300006,rev:1,severity:4,msg:'Bogus Path denied'"
 
#Generic PHP exploit signatures
#SecFilterSelective REQUEST_URI "<\?php (chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" "id:330002,rev:1,severity:4,msg:'Generic PHP exploit pattern denied'"
 
#Prevent SQL injection in cookies
##SecFilterSelective COOKIE_VALUES "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" "id:300011,rev:1,severity:4,msg:'Generic SQL injection in cookie'"
 
#Prevent SQL injection in UA
##SecFilterSelective HTTP_USER_AGENT "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" "id:300012,rev:1,severity:4,msg:'Generic SQL injection in User Agent header'"
 
# Generic filter to prevent SQL injection attacks
# Understand that all SQL filters are very limited and are very difficult to prevent false postives and negatives.
# Please report false positives/negatives to mike@gotroot.com
#SecFilter "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" "id:300013,rev:1,severity:4,msg:'Generic SQL injection protection'"
 
#generic XSS PHP attack types
##SecFilterSelective REQUEST_URI "\.php\?" "chain,id:300010,rev:1,severity:4,msg:'Generic PHP XSS exploit pattern denied'"
#SecFilter "(javascript\:/(.*new\x20ActiveXObject.*Sh\.regwrite|.*window\.opener\.document\.body.\innerHTML=window\.opener\.document\.body\.innerHTML\.replace)|onmouseover=\'javascript)"
 
#Generic XSS filter
#please report false positives
##SecFilterSelective REQUEST_URI "!/mt\.cgi" "chain,msg:'XSS2'"
#SecFilter "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
 
#XSS in referrer and UA headers
##SecFilterSelective HTTP_REFERER|HTTP_USER_AGENT "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>" "msg:'XSS3'"
 
#HTTP header PHP code injection attacks
##SecFilterSelective HTTP_CLIENT_IP|HTTP_USER_AGENT|HTTP_Referer "(<\?php|<[[:space:]]?\?[[:space:]]?php|<\? php)" "msg:'PHP1'"
 
#Generic PHP remote file injection
##SecFilterSelective REQUEST_URI "!(/do_command)" "chain,msg:'PHP2'"
##SecFilterSelective REQUEST_URI "\.php\?.*=(https?|ftp)\:/.*(cmd|command)="
 
#script, perl, etc. code in HTTP_Referer string
##SecFilterSelective HTTP_Referer "\#\!.*/" "msg:'perl script1'"
 
#remote file inclusion generic attack signature
#SecFilterSelective THE_REQUEST  "\.(dat|gif|jpg|png|bmp|txt|vir|dot)\?" "chain,msg:'remote 1'"
#SecFilter "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)"
 
#remote file inclusion generic attack signature
#SecFilterSelective THE_REQUEST  "\.(dat|gif|jpg|png|bmp|txt|vir|dot)\?\&(cmd|command|inc|name)=" "msg:'remote2'"
 
#remote file inclusion generic attack signature
#SecFilterSelective ARGS  "\.(dat|gif|jpg|png|bmp|txt|vir|dot)" "chain,msg:'file inclusion1'"
#SecFilter "\?\&(cmd|inc|name)="
 
#remote file inclusion generic attack signature
#SecFilterSelective ARGS  "\.(dat|gif|jpg|png|bmp|txt|vir|dot)\?\&(cmd|inc|name)=" "msg:'file inclusion2'"
 
#remote file inclusion generic attack signature
#SecFilterSelective REQUEST_URI  "\.php\?.*=(http|https|ftp)\:/.*\?&cmd=" "msg:'file inclusion3'"
 
#Bogus file extensions generic signature
#SecFilterSelective THE_REQUEST  "[A-Za-z0-9]\.(gif|jpg|png|bmp)\.txt" "msg:'file extension'"
 
#PHP remote path attach generic signature
#SecFilterSelective REQUEST_URI  "\.ph(p(3|4)?).*path=(http|https|ftp)\:/" "msg:'remote path1'"
#SecFilterSelective REQUEST_URI  "\.php.*path=(http|https|ftp)\:/" "msg:'remote path2'"
 
#generic php attack sigs
#SecFilterSelective REQUEST_URI "(&(cmd|command)=(id|uname)\x20|cmd\?(cmd|command)=|(spy|cmd|cmd_out|sh)\.(gif|jpg|png|bmp|txt)\?&(cmd|command)=|\.php\?&(cmd|command)=)" "msg:'php attack1'"
 
# WEB-MISC apache directory disclosure attempt
#SecFilterSelective THE_REQUEST "////" "msg:'apache directory disclosure'"
 
#PHP defenses
##SecFilterSelective ARG_PHPSESSID "!^$" "msg:'something in phpsessid'"
##SecFilterSelective COOKIE_PHPSESSID "!^$" "msg:'something in cookie phpsessid'"
 
#PHP defenses
##SecFilterSelective COOKIE_ASKAPACHEID "!^[0-9a-z]*$" "msg:'bad value for cookie'"
 
#cross site scripting attempt TYPE + JAVASCRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/javascript" "msg:'cross-site1'"
 
#cross site scripting attempt STYLE + JAVASCRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]application\/x-javascript" "msg:'cross-site1'"
 
#cross site scripting attempt STYLE + JSCRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/jscript" "msg:'cross-site1'"
 
# cross site scripting attempt STYLE + VBSCRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/vbscript" "msg:'cross-site1'"
 
#cross site scripting attempt STYLE + VBSCRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]application\/x-vbscript" "msg:'cross-site1'"
 
#cross site scripting attempt STYLE + ECMACRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/ecmascript" "msg:'cross-site1'"
 
# cross site scripting attempt STYLE + EXPRESSION
##SecFilterSelective THE_REQUEST "STYLE[\s]*=[\s]*[^>]expression[\s]*\(" "msg:'cross-site1'"
 
#cross site scripting attempt STYLE + EXPRESSION
##SecFilterSelective THE_REQUEST "[\s]*expression[\s]*\([^}]}[\s]*<\/STYLE>" "msg:'cross-site1'"
 
# cross site scripting attempt using XML
##SecFilterSelective THE_REQUEST "SCRIPT" "msg:'cross-site1'"
 
#cross site scripting attempt executing hidden Javascript
##SecFilterSelective THE_REQUEST "eval[\s]*\([\s]*[^\.]\.innerHTML[\s]*\)" "msg:'cross-site1'"
 
#cross site scripting attempt executing hidden Javascript
##SecFilterSelective THE_REQUEST "window\.execScript[\s]*\(" "msg:'cross-site1'"
 
#cross site scripting attempt to execute Javascript code
###SecFilterSelective THE_REQUEST "/(((URL|SRC|HREF|LOWSRC)[\s]*=)|(url[\s]*[\(]))[\s]*[\'\"]*javascript[\:]" "msg:'cross-site1'"
 
#cross site scripting HTML Image tag set to javascript attempt
#SecFilterSelective THE_REQUEST "img src=javascript" "msg:'cross-site1'"
 
#Fake image file shell attacvk
#SecFilterSelective HTTP_Content-Type "image/.*" "msg:'image shell 1'"
#SecFilterSelective POST_PAYLOAD "chr\(" "msg:'image shell2'"
 
#bogus graphics file
#SecFilterSelective HTTP_Content-Disposition "\.php"  "chain,msg:'bogus graphics'"
#SecFilterSelective HTTP_Content-Type "(image/gif|image/jpg|image/png|image/bmp)"
 
# Allow only letters, digits, underscore, and square brackets (for arrays)
# in variable names#
#SecFilterSelective ARGS_NAMES "!^[][a-zA-Z0-9_]+$"
 
#---------------------------------------------
# reject keywords that appear in POST or GET
#=============================================
SecFilterSignatureAction "nolog,auditlog,deny,severity:6,status:403"
 
SecFilterSelective REQUEST_URI  "^/.*/wp-comments-post\.php" "id:50200,msg:'WORDPRESS SPAM bad wp-comments-post location'"
 

# fail for empty comment fields
SecFilterSelective "ARG_comment_post_ID|ARG_submit" "^$" "id:50300,msg:'WORDPRESS SPAM MISSING comment_post_ID'"
SecFilterSelective "ARG_comment_post_ID" "!^[0-9]{1,6}$" "id:50301,msg:'WORDPRESS SPAM BAD comment_post_ID'"
SecFilterSelective "HTTP_Cookie" "^$" "id:50302,msg:'WORDPRESS SPAM No cookie'"
 
##SecFilterSelective "comment_post_DI" "^$" "id:50310,msg:'WORDPRESS SPAM MISSING comment_post_DI'"
##SecFilterSelective "comment_post_DI" "!^[0-9]{1,2}$" "id:50311,msg:'WORDPRESS SPAM MISSING comment_post_DI'"

 
MODSEC Continued.. Custom Anti-Spam (WordPress) I made
SecFilterSignatureAction "nolog,noauditlog,deny,severity:6,redirect:http://www.askapache.com/feed/"
SecFilterSelective ARGS|THE_REQUEST "00bp\.com|360\.yahoo|987mb\.com|Ambien|American airline" "id:50010,msg:'SPAM 10'
SecFilterSelective ARGS|THE_REQUEST "Ativan|Caresoprodol|Darvocet|Ephedra|Ephedrine" "id:50011,msg:'SPAM 11'
SecFilterSelective ARGS|THE_REQUEST "Gambling|Lexapro|Tramadol|Venlafaxine" "id:50012,msg:'SPAM 12'
SecFilterSelective ARGS|THE_REQUEST "\[URL=|abgood|acura|acyclovir|adderall" "id:50013,msg:'SPAM 13'
SecFilterSelective ARGS|THE_REQUEST "adipex|alcohol|alprazolam|amateur|amrit" "id:50014,msg:'SPAM 14'
SecFilterSelective ARGS|THE_REQUEST "anal sex|analfinder|angelina jolie|asshole|axspace\.com" "id:50015,msg:'SPAM 15'
SecFilterSelective ARGS|THE_REQUEST "baccarat|bankrupt|bikini|biotic|black jack|blowjob" "id:50016,msg:'SPAM 16'
SecFilterSelective ARGS|THE_REQUEST "blackjack|blog\.360|brutality|buddhism|butalbital" "id:50017,msg:'SPAM 17'
SecFilterSelective ARGS|THE_REQUEST "cadillac|canalis|card credit|card stud|carisoprodol" "id:50018,msg:'SPAM 18'
SecFilterSelective ARGS|THE_REQUEST "carmen|cash advance|cash credit|casino|catch\.com" "id:50019,msg:'SPAM 19'
SecFilterSelective ARGS|THE_REQUEST "celebrex|celexa|cellulite|cheap|cheerleader" "id:50020,msg:'SPAM 20'
SecFilterSelective ARGS|THE_REQUEST "chevrolet|child abuse|cialis|cigarette|cipro" "id:50021,msg:'SPAM 21'
SecFilterSelective ARGS|THE_REQUEST "citroen|claritin|cleavage|clomid|codeine" "id:50022,msg:'SPAM 22'
SecFilterSelective ARGS|THE_REQUEST "consulting23|craps online|credit card|credit debt|crestor" "id:50023,msg:'SPAM 23'
SecFilterSelective ARGS|THE_REQUEST "dealership|debt free|desnudas|diazepam|dick" "id:50024,msg:'SPAM 24'
SecFilterSelective ARGS|THE_REQUEST "dildo|drugstore|earrings|endometrioma|endowment" "id:50025,msg:'SPAM 25'
SecFilterSelective ARGS|THE_REQUEST "erotic|estrogen|fioricet|francaise|freehost\.com" "id:50026,msg:'SPAM 26'
SecFilterSelective ARGS|THE_REQUEST "freehostia|freemb\.com|fuck|geocities\.com|hacking myspace" "id:50027,msg:'SPAM 27'
SecFilterSelective ARGS|THE_REQUEST "holdem|honda|hotels|hydrocodone|hypnotic" "id:50028,msg:'SPAM 28'
SecFilterSelective ARGS|THE_REQUEST "hyundai|implants|incest|instant approval|insurance" "id:50029,msg:'SPAM 29'
SecFilterSelective ARGS|THE_REQUEST "interracial|jaguar|jenny movie|johanson|kasino" "id:50030,msg:'SPAM 30'
SecFilterSelective ARGS|THE_REQUEST "lesbian|levitra|lipitor|loan|lolita" "id:50031,msg:'SPAM 31'
SecFilterSelective ARGS|THE_REQUEST "lorazepam|lorcet|lyrics|madamic|majorette" "id:50032,msg:'SPAM 32'
SecFilterSelective ARGS|THE_REQUEST "malaria|mastercar|masturbate|masturbation|maturewomen" "id:50033,msg:'SPAM 33'
SecFilterSelective ARGS|THE_REQUEST "mazda|medication|medicine|megsfree5\.com|mercedes" "id:50034,msg:'SPAM 34'
SecFilterSelective ARGS|THE_REQUEST "meridia|metformin|mitsubishi|mortgage|myspace profile" "id:50035,msg:'SPAM 35'
SecFilterSelective ARGS|THE_REQUEST "naked|neocool|nexium|nimire\.com|nissan" "id:50036,msg:'SPAM 36'
SecFilterSelective ARGS|THE_REQUEST "nokia|nude|nudism|nymph|open toe" "id:50037,msg:'SPAM 37'
SecFilterSelective ARGS|THE_REQUEST "oprodol|orgasm|oxycodone|oxycontin|packages" "id:50038,msg:'SPAM 38'
SecFilterSelective ARGS|THE_REQUEST "painrelief|pantyhose|paxil|payday|penis" "id:50039,msg:'SPAM 39'
SecFilterSelective ARGS|THE_REQUEST "percocet|pharmacy|phentermine|phetermine|phpbb_root" "id:50040,msg:'SPAM 40'
SecFilterSelective ARGS|THE_REQUEST "pictaboo|pictorial|pills|pissing|play craps" "id:50041,msg:'SPAM 41'
SecFilterSelective ARGS|THE_REQUEST "playgirl|pocker web|poker|pontiac|poquer" "id:50042,msg:'SPAM 42'
SecFilterSelective ARGS|THE_REQUEST "porn|pounder|prescription|preteen|prevacid" "id:50043,msg:'SPAM 43'
SecFilterSelective ARGS|THE_REQUEST "price1|prilosec|propecia|proza|prozac" "id:50044,msg:'SPAM 44'
SecFilterSelective ARGS|THE_REQUEST "puddled|pussy|refinance|rentals|replica" "id:50045,msg:'SPAM 45'
SecFilterSelective ARGS|THE_REQUEST "ringtones|roulette|screensaver|seduced|sexual" "id:50046,msg:'SPAM 46'
SecFilterSelective ARGS|THE_REQUEST "sexy|shemale|shiloh|singulair|site-host" "id:50047,msg:'SPAM 47'
SecFilterSelective ARGS|THE_REQUEST "slot machine|slot maschine|slots machine|solpip\.com|soma" "id:50048,msg:'SPAM 48'
SecFilterSelective ARGS|THE_REQUEST "sperm|starlets|supplier|suzuki|tadalafil" "id:50049,msg:'SPAM 49'
SecFilterSelective ARGS|THE_REQUEST "toyota|tylenol|ultram|valium|viagra" "id:50050,msg:'SPAM 50'
SecFilterSelective ARGS|THE_REQUEST "vigora|vioxx|wallpaper|warez|webcam" "id:50051,msg:'SPAM 51'
SecFilterSelective ARGS|THE_REQUEST "webpages\.com|wellbutrin|whitesluts|wholesale|whore" "id:50052,msg:'SPAM 52'
SecFilterSelective ARGS|THE_REQUEST "windshield|xanax|xenical|y lohan|yourgirls" "id:50053,msg:'SPAM 53'
SecFilterSelective ARGS|THE_REQUEST "youtube\.com|zantac|sex offenders|hotgay|Zoloft|celtic women" "id:50054,msg:'SPAM 54'
SecFilterSelective ARGS|THE_REQUEST "dollhouse|freehot|kardashian|oralsex" "id:50055,msg:'SPAM 55'
SecFilterSelective ARGS|THE_REQUEST "freeimghost" "id:50056,msg:'SPAM 56'





Unreleased AskApache Lightning code - caching plugin for WordPress
RewriteEngine On
RewriteBase /
 
RewriteCond %{REQUEST_URI} ^/(stats/|missing\.html|failed_auth\.html|test/).* [NC,OR]
RewriteCond %{ENV:REDIRECT_STATUS} =200
RewriteRule .* - [L]
 
RewriteCond %{HTTP_HOST} !=www.askapache.com
RewriteCond %{HTTP_HOST} !=z.askapache.com
RewriteRule .? http://www.askapache.com%{REQUEST_URI}%{QUERY_STRING} [R=301,L]
 
#RewriteCond %{HTTPS} =on
#RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ /(wp-login.php|wp-admin)(.*)\ HTTP/ [NC]
#RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)\ HTTP/ [NC]
#RewriteRule .* http://www.askapache.com/$1 [R=301,L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.+)%20(.+)\ HTTP/ [NC]
RewriteRule .* http://www.askapache.com/%1-%2 [R=301,L]
 
RewriteCond %{THE_REQUEST} ^GET\ /valid-html/.*\ HTTP/ [NC]
RewriteCond %{HTTP_REFERER} ^https?://www.askapache.com(.+).*$ [NC]
RewriteRule .* http://validator.w3.org/check?uri=http://www.askapache.com%1;ss=1;outline=1;debug [R=307,L,NE]
 
RewriteCond %{THE_REQUEST} ^GET\ /valid-css/.*\ HTTP/ [NC]
RewriteRule .* http://jigsaw.w3.org/css-validator/validator?uri=z.askapache.com/z/c/apache-10.css [R=301,L]
 
RewriteCond %{THE_REQUEST} ^GET\ /search/.*\ HTTP/ [NC]
RewriteCond %{QUERY_STRING} ^s=(.+)$ [NC]
RewriteRule .* http://www.askapache.com/search/%1? [R=302,L]
 
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}/X%{REQUEST_URI}index.html -f
RewriteRule ^(.*)$ /X%{REQUEST_URI}index.html [L]
 
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}/X%{REQUEST_URI} -f
RewriteRule ^(.*)$ /X%{REQUEST_URI} [L]



Passing Parameters to CGI through HTTP Headers
This deserves a note.. this trick lets you bypass so many hosting environment restrictions it's not even funny... like you can run bash as your webserver instead of apache!  (kinda...)
RewriteCond %{REQUEST_URI} ^/cgi-bin/(hash|java)\.cgi$ [NC]
RewriteCond %{HTTP:P3P} ^(([^:]+):(.+))$ [NC]
RewriteRule .* - [E=HTTP_JS:%{HTTP:P3P},E=HTTP_US:%2,E=HTTP_PA:%3]



Redirect to FeedBurner
Yes.. I was the first to do this (parse the real rewrites internally in wordpress for no bypassing possibilities)... 
#RewriteCond %{REQUEST_URI} ^/feed/.*?$ [NC,OR]
#RewriteCond %{HTTP_REFERER} ^https?://www.askapache.com/wp-admin(.+).*$ [NC]
RewriteCond %{HTTP_USER_AGENT} FeedBurner [NC]
RewriteRule .* - [S=1]
 
RewriteCond %{REQUEST_URI} ^/(feed|rdf|rss|rss2|atom).* [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-(feed|rdf|rss|rss2|atom).* [NC,OR]
RewriteCond %{REQUEST_FILENAME} ^.*/(wp-atom|wp-feed|wp-rdf|wp-rss|wp-rss2)\.php$ [NC,OR]
RewriteCond %{REQUEST_FILENAME} ^.*/wp-includes/feed[^\.]*\.php$ [NC,OR]
RewriteCond %{QUERY_STRING} .*(feed|rdf|rss|rss2|atom).* [NC]
RewriteRule .* http://feeds.askapache.com/apache/htaccess? [R=302,L]
































More Unreleased Caching Tests
# +ASKAPACHE CRAZYCACHE 2.3
#######################################################
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
# +ACACHE RULES
# +RULE
RewriteCond %{THE_REQUEST} ^(GET|HEAD)\ //?(.+)\.rdf\ HTTP/ [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-cache/%2.html/index.rdf -f
RewriteRule ^(.+)\.rdf$ /wp-cache/%2.html/index.rdf [L,S=3]
 
RewriteCond %{QUERY_STRING} !^.*cacheit.* [NC]
#RewriteCond %{HTTP_USER_AGENT} W3C_Validator [OR,NC]
#RewriteCond %{REMOTE_ADDR} = [OR]
 
RewriteCond %{REQUEST_METHOD} =POST [OR]
RewriteCond %{THE_REQUEST} ^$ [OR]
RewriteCond %{QUERY_STRING} nocache [OR]
RewriteCond %{REMOTE_ADDR} = [OR]
RewriteCond %{HTTP_COOKIE} ^.*wordpress_logged_in_.*$ [NC]
RewriteRule .+ - [S=2]
 
RewriteCond %{DOCUMENT_ROOT}/wp-cache%{REQUEST_URI} !-d
RewriteRule .+ - [S=1]
 
RewriteCond %{DOCUMENT_ROOT}/wp-cache%{REQUEST_URI}/index.html -f
RewriteRule .+ /wp-cache%{REQUEST_URI}/index.html [L]
# -RULE
# -ACACHE RULES
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
#######################################################
# -ASKAPACHE CRAZYCACHE 2.3
 
# +ASKAPACHE CRAZYCACHE 2.3
#######################################################
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
# +ACACHE RULES
# +RULE
FileETag None
AddOutputFilterByType DEFLATE text/html
 
AddType 'text/html; charset=UTF-8' .html
 
Header set P3P "policyref=\"http://www.askapache.com/w3c/p3p.xml\""
Header set X-Pingback "http://www.askapache.com/xmlrpc.php"
Header set Content-Language "en-US"
Header set Vary "Accept-Encoding,Accept"
 

ExpiresActive On
ExpiresDefault M7200

# -RULE
# -ACACHE RULES
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
#######################################################
# -ASKAPACHE CRAZYCACHE 2.3
 
Options +IndexesOptions +FollowSymLinks
AddHandler application/x-httpd-php .php
 
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !^tyy+$ [NC]
RewriteCond %{REMOTE_USER} ^(.+)$
RewriteRule ^(.*)$ $1/-%1 [R=302,L]
Options +FollowSymLinks
DirectoryIndex index.php
ErrorDocument 404 /cgi-bin/pro/index.php
 
AuthName "Protection"
AuthUserFile /home/askapache/sites/askapache.com/.htpasswda1
AuthGroupFile /dev/null
AuthType Basic
Require valid-user
Satisfy Any
 

SecFilterEngine Off

Options +ExecCGI -Indexes -Includes +FollowSymLinks
Order Deny,Allow
Deny from All
Allow from 208.113.134.190 64.111.114.111  env=REDIRECT_STATUS
 
#SetEnvIf Remote_Addr ^$ MODSEC_ENABLE=Off
#SetEnvIf Server_Addr ^$ MODSEC_ENABLE=Off
#SetEnvIf Remote_Addr ^({SERVER_ADDR}e)$ GOOD=$1
#SetEnvIf Server_Addr GOOD R


Default HTACCESS
#
# Directives controlling the display of server-generated directory listings.
#
# Required modules: mod_autoindex, mod_alias
#
# To see the listing of a directory, the Options directive for the
# directory must include "Indexes", and the directory must not contain
# a file matching those listed in the DirectoryIndex directive.
#
Options +Indexes +MultiViews -ExecCGI +FollowSymLinks
DirectoryIndex index.html
 
#
#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
IndexOptions FancyIndexing IconHeight=22 IconWidth=20 IgnoreClient NameWidth=* DescriptionWidth=* ScanHTMLTitles SuppressLastModified XHTML FoldersFirst SuppressHTMLPreamble
 
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions.  These are only displayed for
# FancyIndexed directories.
#
 
AddIconByEncoding (CMP,http://z.askapache.com/i/s/compressed.gif) x-compress x-gzip
 
AddIconByType (IMG,http://z.askapache.com/i/s/image.gif) image/*
AddIconByType (SND,http://z.askapache.com/i/s/sound2.gif) audio/*
AddIconByType (TXT,http://z.askapache.com/i/s/text.gif) text/*
AddIconByType (VID,http://z.askapache.com/i/s/movie.gif) video/*
 
AddIcon http://z.askapache.com/i/s/hand.right.gif README
AddIcon http://z.askapache.com/i/s/folder.gif ^^DIRECTORY^^
AddIcon http://z.askapache.com/i/s/dir.png ^^DIRECTORY^^
AddIcon http://z.askapache.com/i/s/blank.gif ^^BLANKICON^^
AddDescription "100 Continue" 100* 100/index.html
AddDescription "101 Switching Protocols" 101* 101/index.html
AddDescription "102 Processing" 102* 102/index.html
AddDescription "200 OK" 200* 200/index.html
AddDescription "201 Created" 201* 201/index.html
AddDescription "202 Accepted" 202* 202/index.html
AddDescription "203 Non-Authoritative Information" 203* 203/index.html
AddDescription "204 No Content" 204* 204/index.html
AddDescription "205 Reset Content" 205* 205/index.html
AddDescription "206 Partial Content" 206* 206/index.html
AddDescription "207 Multi-Status" 207* 207/index.html
AddDescription "300 Multiple Choices" 300* 300/index.html
AddDescription "301 Moved Permanently" 301* 301/index.html
AddDescription "302 Found" 302* 302/index.html
AddDescription "303 See Other" 303* 303/index.html
AddDescription "304 Not Modified" 304* 304/index.html
AddDescription "305 Use Proxy" 305* 305/index.html
AddDescription "306 unused" 306* 306/index.html
AddDescription "307 Temporary Redirect" 307* 307/index.html
AddDescription "400 Bad Request" 400* 400/index.html
AddDescription "401 Authorization Required" 401* 401/index.html
AddDescription "402 Payment Required" 402* 402/index.html
AddDescription "403 Forbidden" 403* 403/index.html
AddDescription "404 Not Found" 404* 404/index.html
AddDescription "405 Method Not Allowed" 405* 405/index.html
AddDescription "406 Not Acceptable" 406* 406/index.html
AddDescription "407 Proxy Authentication Required" 407* 407/index.html
AddDescription "408 Request Time-out" 408* 408/index.html
AddDescription "409 Conflict" 409* 409/index.html
AddDescription "410 Gone" 410* 410/index.html
AddDescription "411 Length Required" 411* 411/index.html
AddDescription "412 Precondition Failed" 412* 412/index.html
AddDescription "413 Request Entity Too Large" 413* 413/index.html
AddDescription "414 Request-URI Too Large" 414* 414/index.html
AddDescription "415 Unsupported Media Type" 415* 415/index.html
AddDescription "416 Requested Range Not Satisfiable" 416* 416/index.html
AddDescription "417 Expectation Failed" 417* 417/index.html
AddDescription "418 unused" 418* 418/index.html
AddDescription "419 unused" 419* 419/index.html
AddDescription "420 unused" 420* 420/index.html
AddDescription "421 unused" 421* 421/index.html
AddDescription "422 Unprocessable Entity" 422* 422/index.html
AddDescription "423 Locked" 423* 423/index.html
AddDescription "424 Failed Dependency" 424* 424/index.html
AddDescription "425 No code" 425* 425/index.html
AddDescription "426 Upgrade Required" 426* 426/index.html
AddDescription "500 Internal Server Error" 500* 500/index.html
AddDescription "501 Method Not Implemented" 501* 501/index.html
AddDescription "502 Bad Gateway" 502* 502/index.html
AddDescription "503 Service Temporarily Unavailable" 503* 503/index.html
AddDescription "504 Gateway Time-out" 504* 504/index.html
AddDescription "505 HTTP Version Not Supported" 505* 505/index.html
AddDescription "506 Variant Also Negotiates" 506* 506/index.html
AddDescription "507 Insufficient Storage" 507* 507/index.html
AddDescription "508 unused" 508* 508/index.html
AddDescription "509 unused" 509* 509/index.html
AddDescription "510 Not Extended" 510* 510/index.html
AddDescription ".htaccess ErrorDocuments" *
 
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName /X/error/README.html
HeaderName /X/error/HEADER.html
 
# DefaultIcon is which icon to show for where none is explicitly set.
DefaultIcon http://z.askapache.com/i/s/generic.gif


Ok I'm done commenting..
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing.  Shell-style wildcarding is permitted.
#
IndexIgnore .??*  *_notes *~
RewriteEngine On
RewriteCond %{HTTPS} !=on [NC]
RewriteRule .* https://www.askapache.com%{REQUEST_URI}
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},E=REMOTE_USER:%{HTTP:Authorization}]
 
#RewriteCond %{QUERY_STRING} openid.mode=authorize
#RewriteCond %{REQUEST_URI} ^/openid.*$ [NC]
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},E=REMOTE_USER:%{HTTP:Authorization}]
Options +FollowSymLinks
DirectoryIndex index.html
 
#SetEnvIfNoCase ^Cookie$ "(.*)" HTTP_MY_COOKIE=$1
#SetEnvIfNoCase Remote_Addr "(.*)" HTTP_MY_REMOTE_ADDR=$1
ExpiresActive Off
FileETag None
Header unset Connection
Header set Connection "close"
Header unset Last-Modified
Header unset ETag
Header unset Accept-Ranges
Header unset Vary
Header unset Content-Type
Header unset X-Pingback
Header unset P3P
#Header add RouterBits "%D %t"
#Header add Location "http://www.askapache.com/feed/"
#Header add Found "http://askapache.com/feed/"
#Header add Content-Location "http://www.askapache.com/feed/"
#Header add Refresh "http://www.askapache.com/feed/"
#Header set Hi "%{HTTP_MY_REMOTE_ADDR}e"
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# TZ: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
SetEnv TZ America/Indianapolis
 
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
SetEnv SERVER_ADMIN webmaster@askapache.com
 
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.0/mod/core.html#options
# for more information.
#
Options  +FollowSymLinks -ExecCGI -Indexes -Includes -MultiViews
 
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
DirectoryIndex index.html index.php /index.php
 
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#

    Order allow,deny
    Deny from all
  Satisfy All

 
#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/html
 
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature Off
 
##############################################
#           HEADERS and CACHING              #
##############################################
Header unset Pragma
Header unset Last-Modified
FileETag None
 
Redirect 400 /e/400
Redirect 401 /e/401
Redirect 402 /e/402
Redirect 403 /e/403
Redirect 404 /e/404
Redirect 405 /e/405
Redirect 406 /e/406
Redirect 407 /e/407
Redirect 408 /e/408
Redirect 409 /e/409
Redirect 410 /e/410
Redirect 411 /e/411
Redirect 412 /e/412
Redirect 413 /e/413
Redirect 414 /e/414
Redirect 415 /e/415
Redirect 416 /e/416
Redirect 417 /e/417
Redirect 418 /e/418
Redirect 419 /e/419
Redirect 420 /e/420
Redirect 421 /e/421
Redirect 422 /e/422
Redirect 423 /e/423
Redirect 424 /e/424
Redirect 425 /e/425
Redirect 426 /e/426
Redirect 500 /e/500
Redirect 501 /e/501
Redirect 502 /e/502
Redirect 503 /e/503
Redirect 504 /e/504
Redirect 505 /e/505
Redirect 506 /e/506
Redirect 507 /e/507
Redirect 508 /e/508
Redirect 509 /e/509
Redirect 510 /e/510
 
#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
##############################################
#          PERMANENT REDIRECTS               #
##############################################
Redirect 301 /12-lessons-for-those-afraid-of-css.html http://www.askapache.com/css/12-lessons-for-those-afraid-of-css.html
Redirect 301 /2006/htaccess/htaccesselite-ultimate-htaccess-article.html http://www.askapache.com/htaccess/apache-htaccess.html
Redirect 301 /2007/phpbb/sending-post-form-data-with-php-curl.html http://www.askapache.com/htaccess/sending-post-form-data-with-php-curl.html
Redirect 301 /2007/webmaster/custom-phpini-with-fastcgi-on-dreamhost.html http://www.askapache.com/dreamhost/custom-phpini-with-fastcgi-on-dreamhost.html
Redirect 301 /2007/webmaster/custom-phpini-with-fastcgi-on-dreamhost.html http://www.askapache.com/dreamhost/custom-phpini-with-fastcgi-on-dreamhost.html
Redirect 301 /2007/webmaster/php-and-ajax-shell-console.html http://www.askapache.com/tools/php-and-ajax-shell-console.html
Redirect 301 /27-request-methods-for-use-with-apache-and-rewritecond-and-htaccess.html http://www.askapache.com/htaccess/27-request-methods-for-use-with-apache-and-rewritecond-and-htaccess.html
Redirect 301 /404-google-wordpress-plugin.html http://www.askapache.com/seo/404-google-wordpress-plugin.html
Redirect 301 /503-service-temporarily-unavailable.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /Overview-about.rdf http://www.askapache.com/askapache-home.rdf
Redirect 301 /abbr-acronym.html http://www.askapache.com/xhtml/abbr-acronym.html
Redirect 301 /adsense-robots.html http://www.askapache.com/google/adsense-robots.html
Redirect 301 /alexa-toolbar-firefox.html http://www.askapache.com/tools/alexa-toolbar-firefox.html
Redirect 301 /allowing-access-from-1-static-ip-and-deny-the-rest.html http://www.askapache.com/htaccess/apache-htaccess.html
Redirect 301 /anti-virus-spyware-rootkit.html http://www.askapache.com/security/anti-virus-spyware-rootkit.html
Redirect 301 /apache-ssl-in-htaccess-examples.html http://www.askapache.com/htaccess/apache-ssl-in-htaccess-examples.html
Redirect 301 /awk-tutorial.html http://www.askapache.com/awk/awk-tutorial.html
Redirect 301 /best-adsense-optimization.html http://www.askapache.com/wordpress/best-adsense-optimization.html
Redirect 301 /commonly-used-htaccess-code-examples.html http://www.askapache.com/htaccess/commonly-used-htaccess-code-examples.html
Redirect 301 /css-background-image-sprite.html http://www.askapache.com/css/css-background-image-sprite.html
Redirect 301 /css-browser-screenshots.html http://www.askapache.com/tools/css-browser-screenshots.html
Redirect 301 /css-class-example.html http://www.askapache.com/css/css-class-example.html
Redirect 301 /curl-multi-downloads.html http://www.askapache.com/php/curl-multi-downloads.html
Redirect 301 /custom-boot-menu-in-windows-xp.html http://www.askapache.com/windows/custom-boot-menu-in-windows-xp.html
Redirect 301 /donate http://www.dreamhost.com/donate.cgi?id=8261
Redirect 301 /donate/ http://www.dreamhost.com/donate.cgi?id=8261
Redirect 301 /htaccess.txt http://z.askapache.com/p/htaccess.txt
Redirect 301 /htaccess/404-errorpages.html http://www.askapache.com/seo/google-ajax-search-seo-tips.html
Redirect 301 /htaccess/feedsmith http://www.askapache.com/htaccess/feedsmith-htaccess.html
Redirect 301 /htaccess/http-status-codes.html http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
Redirect 301 /htaccess/instruct-search-engines-to-come-back-to-site-after-you-finish-working-on-it.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /htaccess/speed-up-the-apache-web-server-with-configuration-hacks.html http://www.askapache.com/htaccess/apache-web-server-speed-configuration-hacks.html
Redirect 301 /instruct-search-engines-to-come-back-to-site-after-you-finish-working-on-it.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /security/bypassing-vlan.html http://www.askapache.com/security/hacking-vlan-switched-networks.html
Redirect 301 /security/bypassing-vlanbypassing-vlan.html http://www.askapache.com/security/hacking-vlan-switched-networks.html
Redirect 301 /security/rigging-the-dreamhost-site-of-the-month-contest.html http://www.askapache.com/dreamhost/rigging-the-dreamhost-site-of-the-month-contest.html
Redirect 301 /seo/tailrankcom-robot.html http://www.askapache.com/seo/tailrank-robot.html
Redirect 301 /webmaster/caching-tutorial-for-webmasters.html http://www.askapache.com/htaccess/caching-tutorial-for-webmasters.html
Redirect 301 /webmaster/lft-traceroute-tool.html http://www.askapache.com/tools/lft-traceroute-tool.html
 
##############################################
#          PERMANENT REDIRECTMATCH           #
##############################################
#RedirectMatch 301 ^/&(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/&(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/([^/]+)//$ http://www.askapache.com/$1/
RedirectMatch 301 ^/(.+)/htaccesselite-ultimate-htaccess-article.html(.*) http://www.askapache.com/htaccess/apache-htaccess.html
RedirectMatch 301 ^/(.+)\.html/([a-z][a-z])/$ http://www.askapache.com/$1.html
RedirectMatch 301 ^/([\(]+)(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/([^9]*)9O1X.3y(.*)/(.*)$ http://www.askapache.com/$2
RedirectMatch 301 ^/.3y(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/200([0-9])/([0-9])(.*)$ http://www.askapache.com/top-100/
RedirectMatch 301 ^/200([0-9])/([^01])(.*)$ http://www.askapache.com/$2$3
RedirectMatch 301 ^/about/glossary(.*)$ http://www.askapache.com/glossary$1
RedirectMatch 301 ^/apache-speed(.*)$ http://www.askapache.com/htaccess/apache-speed$1
RedirectMatch 301 ^/category/(.+)$ http://www.askapache.com/$1
RedirectMatch 301 ^/docs/(.*)$ http://askapache.info/$1
RedirectMatch 301 ^/htaccess/feedsmith-htaccess(.*) http://www.askapache.com/htaccess/redirecting-wordpress-feeds-to-feedburner.html
RedirectMatch 301 ^/robots-txt(.*)$ http://www.askapache.com/robots.txt
#RedirectMatch 301 ^/wp-content/uploads/(.*)$ http://z.askapache.com/uploads/$1
RedirectMatch 301 ^/z/(.+)$ http://z.askapache.com/$1
RedirectMatch 301 ^/(z|t|i|j|c|p)/(.*)$ http://z.askapache.com/$1/$2
RedirectMatch 301 ^/hosting/?$ http://www.askapache.com/hosting/
 
##############################################
#          TEMPORARY REDIRECTMATCH           #
##############################################
RedirectMatch 307 ^/getflash/?$ http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
RedirectMatch 307 ^/dream/?$ http://www.askapache.com/dreamhost/
RedirectMatch 307 ^/(cse|apachecse|apachecsetest|apachesearch)/?$ http://www.google.com/coop/cse?cx=002660089121042511758%3Akk7rwc2gx0i
 
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#
AddDefaultCharset UTF-8
 
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#
AddType 'application/rdf+xml; charset=UTF-8' .rdf
AddType 'application/xhtml+xml; charset=UTF-8' .xhtml
AddType 'application/xhtml+xml; charset=UTF-8' .xhtml.gz
AddType 'text/html; charset=UTF-8' .html
AddType 'text/html; charset=UTF-8' .html.gz
AddType application/octet-stream .rar .chm .bz2 .tgz .msi .pdf .exe
AddType application/vnd.ms-excel .csv
AddType application/x-httpd-php-source .phps
AddType application/x-pilot .prc .pdb
AddType application/x-shockwave-flash .swf
AddType application/xrds+xml .xrdf
AddType text/plain .ini .sh .bsh .bash .awk .nawk .gawk .csh .var .c .in .h .asc .md5 .sha .sha1
AddType video/x-flv .flv
 
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
#
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
 
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler php-cgi .php
 
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
Action php-cgi /cgi-bin/php.cgi
 
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
#100 Continue
#101 Switching Protocols
#102 Processing
#200 OK
#201 Created
#202 Accepted
#203 Non-Authoritative Information
#204 No Content
#205 Reset Content
#206 Partial Content
#207 Multi-Status
#300 Multiple Choices
#301 Moved Permanently
#302 Found
#303 See Other
#304 Not Modified
#305 Use Proxy
#306 unused
#307 Temporary Redirect
#400 Bad Request
#401 Authorization Required
#402 Payment Required
#403 Forbidden
#404 Not Found
#405 Method Not Allowed
#406 Not Acceptable
#407 Proxy Authentication Required
#408 Request Time-out
#409 Conflict
#410 Gone
#411 Length Required
#412 Precondition Failed
#413 Request Entity Too Large
#414 Request-URI Too Large
#415 Unsupported Media Type
#416 Requested Range Not Satisfiable
#417 Expectation Failed
#418 unused
#419 unused
#420 unused
#421 unused
#422 Unprocessable Entity
#423 Locked
#424 Failed Dependency
#425 No code
#426 Upgrade Required
#500 Internal Server Error
#501 Method Not Implemented
#502 Bad Gateway
#503 Service Temporarily Unavailable
#504 Gateway Time-out
#505 HTTP Version Not Supported
#506 Variant Also Negotiates
#507 Insufficient Storage
#508 unused
#509 unused
#510 Not Extended
 
#ErrorDocument 100 /X/err/1/HTTP_CONTINUE.html
#ErrorDocument 101 /X/err/1/HTTP_SWITCHING_PROTOCOLS.html
#ErrorDocument 102 /X/err/1/HTTP_PROCESSING.html
 
#ErrorDocument 200 /X/err/2/HTTP_OK.html
#ErrorDocument 201 /X/err/2/HTTP_CREATED.html
#ErrorDocument 202 /X/err/2/HTTP_ACCEPTED.html
#ErrorDocument 203 /X/err/2/HTTP_NON_AUTHORITATIVE.html
#ErrorDocument 204 /X/err/2/HTTP_NO_CONTENT.html
#ErrorDocument 205 /X/err/2/HTTP_RESET_CONTENT.html
#ErrorDocument 206 /X/err/2/HTTP_PARTIAL_CONTENT.html
#ErrorDocument 207 /X/err/2/HTTP_MULTI_STATUS.html
 
#ErrorDocument 300 /X/err/HTTP_MULTIPLE_CHOICES.html
#ErrorDocument 301 /X/err/HTTP_MOVED_PERMANENTLY.html
#ErrorDocument 302 /X/err/HTTP_MOVED_TEMPORARILY.html
#ErrorDocument 303 /X/err/HTTP_SEE_OTHER.html
#ErrorDocument 304 /X/err/HTTP_NOT_MODIFIED.html
#ErrorDocument 305 /X/err/HTTP_USE_PROXY.html
#ErrorDocument 307 /X/err/HTTP_TEMPORARY_REDIRECT.html
#ErrorDocument 404 /X/err/HTTP_NOT_FOUND.html
 
ErrorDocument 400 /X/err/4/HTTP_BAD_REQUEST.html
ErrorDocument 401 /X/err/4/HTTP_UNAUTHORIZED.html
ErrorDocument 402 /X/err/4/HTTP_PAYMENT_REQUIRED.html
ErrorDocument 403 /X/err/4/HTTP_FORBIDDEN.html
ErrorDocument 405 /X/err/4/HTTP_METHOD_NOT_ALLOWED.html
ErrorDocument 406 /X/err/4/HTTP_NOT_ACCEPTABLE.html
ErrorDocument 407 /X/err/4/HTTP_PROXY_AUTHENTICATION_REQUIRED.html
ErrorDocument 408 /X/err/4/HTTP_REQUEST_TIME_OUT.html
ErrorDocument 409 /X/err/4/HTTP_CONFLICT.html
ErrorDocument 410 /X/err/4/HTTP_GONE.html
ErrorDocument 411 /X/err/4/HTTP_LENGTH_REQUIRED.html
ErrorDocument 412 /X/err/4/HTTP_PRECONDITION_FAILED.html
ErrorDocument 413 /X/err/4/HTTP_REQUEST_ENTITY_TOO_LARGE.html
ErrorDocument 414 /X/err/4/HTTP_REQUEST_URI_TOO_LARGE.html
ErrorDocument 415 /X/err/4/TTP_UNSUPPORTED_MEDIA_TYPE.html
ErrorDocument 416 /X/err/4/HTTP_RANGE_NOT_SATISFIABLE.html
ErrorDocument 417 /X/err/4/HTTP_EXPECTATION_FAILED.html
ErrorDocument 422 /X/err/4/HTTP_UNPROCESSABLE_ENTITY.html
ErrorDocument 423 /X/err/4/HTTP_LOCKED.html
ErrorDocument 424 /X/err/4/HTTP_FAILED_DEPENDENCY.html
ErrorDocument 426 /X/err/4/HTTP_UPGRADE_REQUIRED.html
 
ErrorDocument 500 /X/err/5/HTTP_INTERNAL_SERVER_ERROR.html
ErrorDocument 501 /X/err/5/HTTP_NOT_IMPLEMENTED.html
ErrorDocument 502 /X/err/5/HTTP_BAD_GATEWAY.html
ErrorDocument 503 /X/err/5/HTTP_SERVICE_UNAVAILABLE.html
ErrorDocument 504 /X/err/5/HTTP_GATEWAY_TIME_OUT.html
ErrorDocument 505 /X/err/5/HTTP_VERSION_NOT_SUPPORTED.html
ErrorDocument 506 /X/err/5/HTTP_VARIANT_ALSO_VARIES.html
ErrorDocument 507 /X/err/5/HTTP_INSUFFICIENT_STORAGE.html
ErrorDocument 510 /X/err/5/HTTP_NOT_EXTENDED.html
ErrorDocument 404 /index.php?error=404
 
# 1 YEAR

Header unset P3P
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"

 
# 2 HOURS


ExpiresActive On
ExpiresDefault A3600


 
RewriteEngine On
RewriteBase /
 
RewriteCond %{ENV:REDIRECT_STATUS} =200
RewriteRule .* - [L]
 
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD) [OR]
#RewriteCond %{QUERY_STRING} !^$ [OR]
RewriteCond %{HTTP_COOKIE} ^.*(comment_author_|wordpress|wp-postpass_).*$ [NC]
RewriteRule ^(.*)$ - [S=6]
 
RewriteCond %{HTTP_USER_AGENT} .*W3C_Validator.* [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.xhtml.gz -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.xhtml.gz [L,S=5]
 
RewriteCond %{HTTP:Accept} application/xhtml\+xml [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.xhtml.gz -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.xhtml.gz [L,S=4]
 
RewriteCond %{HTTP:Accept-Encoding} gzip [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.html.gz -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.html.gz [L,S=3]
 
RewriteCond %{HTTP_USER_AGENT} .*W3C_Validator.* [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.xhtml -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.xhtml [L,S=2]
 
RewriteCond %{HTTP:Accept} application/xhtml\+xml [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.xhtml -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.xhtml [L,S=1]
 
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.html -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.html [L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.+)\.rdf\ HTTP/ [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/rdf/%1.html/index.rdf -f
RewriteRule ^(.*)$ /wp-content/rdf/%1.html/index.rdf [L,S=1]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(error|w3c|openid)(/?.*)\ HTTP/ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /X/%1%2 [L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(y_key_bf61afd498f7623a\.html|google3bb7b7e1032ad0d4\.html|yadis\.xrdf|askapache-home\.rdf|os-description\.xml|labels\.rdf|gnu-fdl\.txt|wlmmanifest\.xml|robots\.txt)\ HTTP/ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* /X/%1 [L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /X(.*)\ HTTP/ [NC]
RewriteRule .* - [F]
 
RewriteRule ^osq?(.*)$ /wp-content/plugins/wp-opensearch.php?$1 [QSA,L]
 
#RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /wp-login(.+)\ HTTP/ [NC]
#RewriteRule .+ https://www.askapache.com/wp-login%1 [R,L]
 
RewriteCond %{REQUEST_URI} ^/cgi-bin/(hash|java)\.cgi$ [NC]
RewriteCond %{HTTP:P3P} ^(([^:]+):(.+))$ [NC]
RewriteRule .* - [E=HTTP_JS:%{HTTP:P3P},E=HTTP_US:%2,E=HTTP_PA:%3]
 
RewriteCond %{HTTP_ACCEPT} application/xrds\+xml
RewriteCond %{HTTP_ACCEPT} !application/xrds\+xml\s*;\s*q\s*=\s*0(\.0{1,3})?\s*(,|$)
RewriteRule ^$ http://www.askapache.com/yadis.xrdf [R,L]
 
RewriteCond %{HTTP_USER_AGENT} !^(FeedBurner|FeedValidator|talkr.com).* [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(feed|rdf|rss|rss2|atom)/?.*\ HTTP/ [NC]
#RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(feed|rdf|rss|rss2|atom|wp-atom|wp-feed|wp-rdf|wp-rss|wp-rss2).*\ HTTP/ [NC]
RewriteRule .* http://feeds.askapache.com/apache/htaccess? [R=302,L]
 
#RewriteCond %{REMOTE_ADDR} ^$
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule ^(.+)\.phps$ /cgi-bin/phps.php?file=$1.php [L,NC]

Actual Htaccess Files from My Server originally appeared on AskApache.com

Advanced WordPress 404.php

AskApache — Sat, 30 Jan 2010 02:02:49 +0000

AskApache.com

For the AskApache Google 404 WordPress Plugin update I added a new 404.php that is more advanced than anything previously seen for a 404.php

AskApache 404.php Features

Once cool feature that I added to the 404.php is the ability to use the servers REDIRECT_STATUS environment variable to see what kind of error it is.

if(!isset($_REQUEST['error']))  $AA_STATUS_CODE = '404';
else  $AA_STATUS_CODE = $_REQUEST['error'];
if(isset($_SERVER['REDIRECT_STATUS']) && $_SERVER['REDIRECT_STATUS']!='200') $AA_STATUS_CODE = $_SERVER['REDIRECT_STATUS'];

In addition to handling 404 Not Found errors, it also handles these errors:

404.php

array('Bad Request', 'Your browser sent a request that this server could not understand.'),
'401'=>array('Authorization Required', 'This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn\'t understand how to supply the credentials required.'),
'402'=>array('Payment Required', 'INTERROR'),
'403'=>array('Forbidden', 'You don\'t have permission to access THEREQUESTURI on this server.'),
'404'=>array('Not Found', 'We couldn\'t find that uri on our server, though it\'s most certainly not your fault.'),
'405'=>array('Method Not Allowed', 'The requested method THEREQMETH is not allowed for the URL THEREQUESTURI.'),
'406'=>array('Not Acceptable', 'An appropriate representation of the requested resource THEREQUESTURI could not be found on this server.'),
'407'=>array('Proxy Authentication Required', 'This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn\'t understand how to supply the credentials required.'),
'408'=>array('Request Time-out', 'Server timeout waiting for the HTTP request from the client.'),
'409'=>array('Conflict', 'INTERROR'),
'410'=>array('Gone', 'The requested resourceTHEREQUESTURIis no longer available on this server and there is no forwarding address. Please remove all references to this resource.'),
'411'=>array('Length Required', 'A request of the requested method GET requires a valid Content-length.'),
'412'=>array('Precondition Failed', 'The precondition on the request for the URL THEREQUESTURI evaluated to false.'),
'413'=>array('Request Entity Too Large', 'The requested resource THEREQUESTURI does not allow request data with GET requests, or the amount of data provided in the request exceeds the capacity limit.'),
'414'=>array('Request-URI Too Large', 'The requested URL\'s length exceeds the capacity limit for this server.'),
'415'=>array('Unsupported Media Type', 'The supplied request data is not in a format acceptable for processing by this resource.'),
'416'=>array('Requested Range Not Satisfiable', ''),
'417'=>array('Expectation Failed', 'The expectation given in the Expect request-header field could not be met by this server. The client sent Expect:'),
'422'=>array('Unprocessable Entity', 'The server understands the media type of the request entity, but was unable to process the contained instructions.'),
'423'=>array('Locked', 'The requested resource is currently locked. The lock must be released or proper identification given before the method can be applied.'),
'424'=>array('Failed Dependency', 'The method could not be performed on the resource because the requested action depended on another action and that other action failed.'),
'425'=>array('No code', 'INTERROR'),
'426'=>array('Upgrade Required', 'The requested resource can only be retrieved using SSL. The server is willing to upgrade the current connection to SSL, but your client doesn\'t support it. Either upgrade your client, or try requesting the page using https://'),
'500'=>array('Internal Server Error', 'INTERROR'),
'501'=>array('Method Not Implemented', 'GET to THEREQUESTURI not supported.'),
'502'=>array('Bad Gateway', 'The proxy server received an invalid response from an upstream server.'),
'503'=>array('Service Temporarily Unavailable', 'The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.'),
'504'=>array('Gateway Time-out', 'The proxy server did not receive a timely response from the upstream server.'),
'505'=>array('HTTP Version Not Supported', 'INTERROR'),
'506'=>array('Variant Also Negotiates', 'A variant for the requested resource THEREQUESTURI is itself a negotiable resource. This indicates a configuration error.'),
'507'=>array('Insufficient Storage', 'The method could not be performed on the resource because the server is unable to store the representation needed to successfully complete the request. There is insufficient free space left in your storage allocation.'),
'510'=>array('Not Extended', 'A mandatory extension policy in the request is not accepted by the server for this resource.')
);
 
function aa_print_html ($AA_C){
    global $AA_REQUEST_METHOD, $AA_REASON_PHRASE, $AA_MESSAGE;
 
    if($AA_C == '400'||$AA_C == '403'||$AA_C == '405'||$AA_C[0] == '5'){
        @header("Connection: close",1);
 
        if($AA_C=='405')@header('Allow: GET,HEAD,POST,OPTIONS,TRACE');
 
        echo "\n";
        echo "$AA_C $AA_REASON_PHRASE";
        echo "$AA_REASON_PHRASE
\n$AA_MESSAGE
\n\n";
        return true;
    } else return false;
}
 
if(!isset($_REQUEST['error']))  $AA_STATUS_CODE = '404';
else  $AA_STATUS_CODE = $_REQUEST['error'];
if(isset($_SERVER['REDIRECT_STATUS']) && $_SERVER['REDIRECT_STATUS']!='200') $AA_STATUS_CODE = $_SERVER['REDIRECT_STATUS'];
 
$AA_REQUEST_METHOD = $_SERVER['REQUEST_METHOD'];
$AA_THE_REQUEST = htmlentities(strip_tags($_SERVER['REQUEST_URI']));
$AA_REASON_PHRASE = $ASKAPACHE_STATUS_CODES[$AA_STATUS_CODE][0];
$AA_M_SR=array(array('INTERROR','THEREQUESTURI','THEREQMETH'),array('The server encountered an internal error or misconfiguration and was unable to complete your request.',$AA_THE_REQUEST,$AA_REQUEST_METHOD));
$AA_MESSAGE  = str_replace($AA_M_SR[0],$AA_M_SR[1],$ASKAPACHE_STATUS_CODES[$AA_STATUS_CODE][1]);
 
ob_start();
@header("HTTP/1.1 $AA_STATUS_CODE $AA_REASON_PHRASE",1);
@header("Status: $AA_STATUS_CODE $AA_REASON_PHRASE",1);
 
if(!aa_print_html($AA_STATUS_CODE)){
    ?>

Advanced WordPress 404.php originally appeared on AskApache.com

Optimizing Servers and Processes for Speed with ionice, nice, ulimit

AskApache — Sat, 10 Oct 2009 05:41:28 +0000

AskApache.com

Ok, sup. I really felt I had to get this out of the way, because I have a whole stack of drafts waiting to be published, but I realized that not many people will benefit from all the advanced optimizations and tricks I'm writing unless they get a basic understanding of some of the tools I'm using. I decided to write a series of articles explaining how I optimize servers for speed because lately I've been getting a lot more people wanting to hire me to do that. I take on projects when I can but there is clearly a need out here on the net for some self-help. The momentum is swinging more and more towards VPS type of web hosting, and I would say that 99% of those customers are getting supremely ripped off, which goes against the foundation of the web.

Keep in mind that this blog and my research is only a hobby of mine, my job is primarily marketing and sales, so I'm not some licensed expert or anything, or even an unlicensed expert! haha. But it does bother me that those who are tech-savvy enough to run web-hosting companies are happily ripping people off. So this article details the main tools that are used to speed up and optimize your machine by delegating levels of priority to specific processes. Future articles will use these tools alot, so this is meant as an intro.

CPU and Disk I/O

As most of you are aware, there are 2 variables that determine any computer or programs speed. CPU and Disk I/O. CPU determines how fast you can process data, crunch numbers, etc. while disk I/O determines how fast your disks can read and write data to the hard-drive. Wouldn't it be great if you could easily configure your server to give your httpd, php, and other processes both greater CPU processing and disk IO than your non-important processes like backup scripts, ftp daemons, etc.? We are talking about Linux in this article, so of course YES not only can you do that, you should!

RAM

RAM is like a hard-drive in that data is stored on it, and read/written to it. The difference is that RAM is somewhere around 30x faster than disk I/O, but the cost of that incredible speed is that the data stored on it is only temporary in the sense that it won't be stored permanently, it is completely erased when your machine is rebooted. RAM is also expensive, and there is a limit to how much a server or machine can have due to hardware limits.

SWAP

SWAP takes off when you run out of RAM but you still want certain data to be read/write quickly. Basically when you start running out of RAM your machine starts supplementing RAM with SWAP storage. SWAP is usually a partition on a second hard-drive disk. There is an upper limit on how much I/O can occur on a disk at one time, and the more I/O takes place, the slower all I/O becomes, so SWAP works well on a separate hard-drive as it will have much faster I/O. On Windows they opted to copy the SWAP mechanism but instead use a file named pagefile.sys, and that is just one reason people in the know do not care for Windows.

CPU

So lets do this, think of your CPU (your processor) as having an amount of 100% processing available when not being used, 0% when its maxed out. CPU's handle multiple processing tasks simultaneously, so what we will discuss in this article is how to specify HOW MUCH of that processing amount each of your programs (heretofore "processes") are able to use. Yes, very very cool.

That is correct, you can easily configure your server to provide more of the available processing time to certain programs over others, like you can configure apache and php to utilize 50% of your CPU processing time by themselves, so that all other processes (proftpd, sshd, rsync, etc.) combined can only utilize 50%. The terminology is we can give certain specific processes (like php.cgi, httpd, fast-cgi.cgi) a specific priority, where -19 is the most priority, and +19 is the least amount of priority, or CPU processing time. I know it seems backwards..

The Tools

If you run Windows, you are in the right place... because the following advice will save your life: GET LINUX! Ok, now that that is out of the way, the following are the tools dicussed on this page. All of them are free, open-source, and wonderful. The basic idea of these tools is to control how much CPU is devoted to each process, and also how much Disk IO/Disk traffic is given to each process.

nice: run a program with modified scheduling priority
renice: alter priority of running processes
ionice: set or retrieve the I/O priority for a given pid or execute a new task with a given I/O priority.
iostat: Report Central Processing Unit (CPU) statistics and input/output statistics for devices and partitions.
ulimit: Ulimit provides control over the resources available to processes started by the shell, on systems that allow such control.
chrt: set or retrieve real-time scheduling parameters for a given pid or execute a new task under given scheduling parameters.
taskset: set or retrieve task CPU affinity for a given pid or execute a new task under a given affinity mask.

Part 1: Process Processes Faster

Ok so lets tackle figuring out how to give your response-intensive processes (like apache, php, ruby, perl, java) meaning a request to your server/machine requires a response. For instance, when you requested this page that you are reading at this very second, several things on my server had to happen for you to be able to read this.

First your computer sends out a request to see what server the www.askapache.com domain name is. DNS servers respond with my server IP, so for servers dedicated as nameservers, optimizing the DNS processes like bind would speed that up. Now that your computer knows how to reach my server it sends an HTTP GET request for this url. This request is received by the httpd process that is apache, and apache determines this url should be handled by my custom compiled php5.3.0 binary, because this page is WordPress generated. So the php binary loads up the WordPress /index.php file, which chain-loads several other php files, including wp-config.php containing my MySql database settings. Now php connects to my MySql Server to fetch this articles content, comments, title, tags, etc. and then generates the HTML and hands that back to Apache.

Finally, Apache generates a HTTP RESPONSE and sends the RESPONSE and CONTENT back to your Browser, which then in turn renders the page for your eyes with the necessary javascript, images, css, and other files included in the HTML response.

Too much Processing

Now you see why I've opted to write my own caching plugin that takes the php and mysql processes OUT of that equation. Both the php binary and the mysql instance consume CPU processing, and disk IO, to load all their library files, make various network requests and sockets, check permissions, and on and on. And that's completely ok, the thing is, unless you configure these processes (Apache, PHP, MySQL) they will use the same amount of CPU processing that other processes use, other processes that have very little to do with you reading this sentence. Processes to run my mail server, my FTP server, my SSH server, my cronjobs, cleanup scripts, atd daemon, etc.. and they will get the same amount of CPU!

Another even simpler example is what got me to look into this myself. I wrote a shell script that created hourly, daily, weekly, and monthly backups for all of my websites and sql databases, and set it up to run by cronjob at those set intervals. Eventually I noticed my sites were slower, my php even slower, and sometimes I even saw 503 errors that my host throws up when my server is overloaded. The research that I pursued to prevent that from happening has been hugely eye-opening. What does a backup script do? Mine just created tar archives of all the files in my web root, then gzipped the tar archive saving to a backup server using scp (a file transfer using ssh). This resulted in the following huge problems that seem to have nothing to do with a faster server and speedier website, but they have everything to with it.

CPU Bottleneck #1 - tar and gzip use compression algorithms at a low level to create a compressed version, and all that compressing uses a whole lot of crunching - CPU processing
DISK IO Bottleneck - Tarring the whole web root directory was creating a ton of disk io, and remember the more disk io that is going on, the less is available for everything else.
CPU Bottleneck #2 - Using scp to send my backups was security-smart, but these huge archive files had to be encrypted and sent over the net.

Breaking Bottles

I apologize for being a little long-winded there, but I think it's important to make sure everyone understands those basic concepts, which are foreign to most people. Once you understand what is causing the bottlenecks, then you can understand the solutions, which actually are incredibly simple and even a novice linux user can easily do. Besides, the net gets a little bit faster every time someone implements this.

nice

Nice allows you to run a program with modified scheduling priority which specifies how much CPU is devoted to a particular process. Run COMMAND with an adjusted niceness, which affects process scheduling. With no COMMAND, print the current niceness.

Nicenesses range from -20 (most favorable scheduling) to 19 (least favorable). -n, --adjustment=N - add integer N to the niceness (default 10). nice +19 tasks get a HZ-independent 1.5%. Running a nice +10 and a nice +11 task means the first will get 55% of the CPU, the other 45%.

nice usage

nice [OPTION] [COMMAND [ARG]...]
 
-n, --adjustment=ADJUST   increment priority by ADJUST first

Examples of nice

Using nice to download a file

nice -n 17 curl -q -v -A 'Mozilla/5.0' -L -O http://wordpress.org/latest.zip

Unzipping a file with nice

nice -n 17 unzip latest.zip

Nice way to build from source

nice -n 2 ./configure
nice -n 2 make
nice -n 2 make install

It is sometimes useful to run non-interactive programs with reduced priority.

$ nice factor `echo '2^9 - 1'|bc`
511: 7 73

Since nice prints the current priority, we can invoke it through itself to demonstrate how it works: The default behavior is to reduce priority by 10.

 $ nice nice
10
$ nice -n 10 nice
10

The ADJUSTMENT is relative to the current priority. The first nice invocation runs the second one at priority 10, and it in turn runs the final one at a priority lowered by 3 more.

$ nice nice -n 3 nice
13

Specifying a priority larger than 19 is the same as specifying 19.

$ nice -n 30 nice
19

Only a privileged user may run a process with higher priority.

$ nice -n -1 nice
nice: cannot set priority: Permission denied
$ sudo nice -n -1 nice
-1

The new scheduler in v2.6.23 addresses all three types of complaints:

To address the first complaint (of nice levels being not "punchy" enough), the scheduler was decoupled from 'time slice' and HZ concepts (and granularity was made a separate concept from nice levels) and thus it was possible to implement better and more consistent nice +19 support: with the new scheduler nice +19 tasks get a HZ-independent 1.5%, instead of the variable 3%-5%-9% range they got in the old scheduler.

To address the second complaint (of nice levels not being consistent), the new scheduler makes nice(1) have the same CPU utilization effect on tasks, regardless of their absolute nice levels. So on the new scheduler, running a nice +10 and a nice 11 task has the same CPU utilization "split" between them as running a nice -5 and a nice -4 task. (one will get 55% of the CPU, the other 45%.) That is why nice levels were changed to be "multiplicative" (or exponential) - that way it does not matter which nice level you start out from, the 'relative result' will always be the same.

The third complaint (of negative nice levels not being "punchy" enough and forcing audio apps to run under the more dangerous SCHED_FIFO scheduling policy) is addressed by the new scheduler almost automatically: stronger negative nice levels are an automatic side-effect of the recalibrated dynamic range of nice levels.

renice

Renice is similar to the nice command, but it lets you modify the nice of a currently running process. This is nice for shell scripts where you can add this to the top of the script to nicify the whole script to 19.

renice usage

renice priority [ [ -p ] pids ] [ [ -g ] pgrps ] [ [ -u ] users ]
 
-g      Force who parameters to be interpreted as process group ID's.
-u      Force the who parameters to be interpreted as user names.
-p      Resets the who interpretation to be (the default) process ID's.

Examples of renice

From the shell, changes the priority of the shell and all children to 19. From a shell script, does the same but only for the script and its children.

renice 19 -p $$

This runs renice without any output

renice 19 -p $$ &>/dev/null

10 gets more CPU than 19

renice 10 -p $$

change the priority of process ID's 987 and 32, and all processes owned by users daemon and root.

renice +1 987 -u daemon root -p 32

Part 2: Optimizing Disk I/O

Linux Scheduling Policies

The scheduler is the kernel component that decides which runnable process will be executed by the CPU next. Each process has an associated scheduling policy and a static scheduling priority, sched_priority

Processes scheduled under one of the real-time policies (SCHED_FIFO, SCHED_RR) have a sched_priority value in the range 1 (low) to 99 (high). (As the numbers imply, real-time processes always have higher priority than normal processes.) The following "real-time" policies are also supported, for special time-critical applications that need precise control over the way in which runnable processes are selected for execution:

Currently, Linux supports the following "normal" (i.e., non-real-time) scheduling policies:

SCHED_OTHER: Default Linux time-sharing scheduling: The standard round-robin time-sharing policy
SCHED_BATCH: Scheduling batch processes: This policy is useful for workloads that are non-interactive, but do not want to lower their nice value, and for workloads that want a deterministic scheduling policy without interactivity causing extra preemptions (between the workload's tasks).
SCHED_IDLE: Scheduling very low priority jobs: This policy is intended for running jobs at extremely low priority (lower even than a +19 nice value with the SCHED_OTHER or SCHED_BATCH policies)
SCHED_FIFO: First In-First Out scheduling: A first-in, first-out policy
SCHED_RR: Round Robin scheduling: A round-robin policy.

Scheduling Classes

IOPRIO_CLASS_RT: This is the realtime io class. The RT scheduling class is given first access to the disk, regardless of what else is going on in the system. Thus the RT class needs to be used with some care, as it can starve other processes. As with the best effort class, 8 priority levels are defined denoting how big a time slice a given process will receive on each scheduling window. This scheduling class is given higher priority than any other in the system, processes from this class are given first access to the disk every time. Thus it needs to be used with some care, one io RT process can starve the entire system. Within the RT class, there are 8 levels of class data that determine exactly how much time this process needs the disk for on each service. In the future this might change to be more directly mappable to performance, by passing in a wanted data rate instead.
IOPRIO_CLASS_BE: This is the best-effort scheduling class, which is the default for any process that hasn't set a specific io priority. This is the default scheduling class for any process that hasn't asked for a specific io priority. Programs inherit the CPU nice setting for io priorities. This class takes a priority argument from 0-7, with lower number being higher priority. Programs running at the same best effort priority are served in a round-robin fashion. The class data determines how much io bandwidth the process will get, it's directly mappable to the cpu nice levels just more coarsely implemented. 0 is the highest BE prio level, 7 is the lowest. The mapping between cpu nice level and io nice level is determined as: io_nice = (cpu_nice + 20) / 5.
IOPRIO_CLASS_IDLE: This is the idle scheduling class, processes running at this level only get io time when no one else needs the disk. A program running with idle io priority will only get disk time when no other program has asked for disk io for a defined grace period. The impact of idle io processes on normal system activity should be zero. This scheduling class does not take a priority argument. The idle class has no class data, since it doesn't really apply here.

ionice

ionice - get/set program io scheduling class and priority. This program sets the io scheduling class and priority for a program. Since v3 (aka CFQ Time Sliced) CFQ implements I/O nice levels similar to those of CPU scheduling. These nice levels are grouped in three scheduling classes each one containing one or more priority levels:

ionice usage

If no arguments or just -p is given, ionice will query the current io scheduling class and priority for that process.

ionice [-c] [-n] [-p] [COMMAND [ARG...]]

-c - The scheduling class. 1 for real time, 2 for best-effort, 3 for idle.
-n - The scheduling class data. This defines the class data, if the class accepts an argument. For real time and best-effort, 0-7 is valid data.
-p - Pass in a process pid to change an already running process. If this argument is not given, ionice will run the listed program with the given parameters.

ionice Examples

Sets process with PID 89 as an idle io process.

ionice -c3 -p89

Runs 'bash' as a best-effort program with highest priority.

ionice -c2 -n0 bash

Returns the class and priority of the process with PID 89

ionice -p89

With the ionice command, you can set the IO priority for a process to one of three classes: Idle (3), Best Effort (2), and Real Time (1). The Idle class means that the process will only be able to read and write to the disk when all other processes are not using the disk. The Best Effort class is the default and has eight different priority levels from 0 (top priority) to 7 (lowest priority). The Real Time class results in the process having first access to the disk irregardless of other process and should never be used unless you know what you are doing.

If we wish to run the updatedb process in the background with an Idle IO class priority, we can run the following:
$ sudo date
$ sudo updatedb &
[1] 16324
$ sudo ionice -c3 -p16324
If we’d rather just lower the Best Effort class priority (defaults to 4) for the command so the process isn’t limited to idle IO periods, we can run the following:
$ sudo date
$ sudo updatedb &
[1] 16324
$ sudo ionice -c2 -n7 -p16324
Again, the Real Time class should not be used as it can prevent you from being able to interact with your system.

You may wonder where you can get the process ID if you don’t know it, can’t remember it, or didn’t start the process (an automatted script may have launched it). You can find process IDs with the ps command.

For example, if I had an updatedb program running in the background, and I wanted to find its process ID, I can run the following:
$ ps -C updatedb
PID TTY TIME CMD
4234 ? 00:00:42 updatedb
This tells me that the process’ process ID (PID) is 4234.

iostat

iostat Usage

iostat [ -c ] [ -d ] [ -N ] [ -n ] [ -h ] [ -k | -m ] [ -t ] [ -V ] [ -x ] [ -z ] [  [...] | ALL ] [ -p [  [,...] | ALL ] ] [  [  ] ]
 
-c     The -c option is exclusive of the -d option and displays only the CPU usage report.
-d     The -d option is exclusive of the -c option and displays only the device utilization report.
-k     Display statistics in kilobytes per second instead of blocks per second.  Data displayed are valid only with kernels 2.4 and newer.
-m     Display statistics in megabytes per second instead of blocks or kilobytes per second.  Data displayed are valid only with kernels 2.4 and newer.
-n     Displays the NFS-directory statistic.  Data displayed are valid only with kernels 2.6.17 and newer.  This option is exclusive ot the -x option.
-h     Display the NFS report more human readable.
-p [ { device | ALL } ]   The  -p  option  is  exclusive  of  the -x option and displays statistics for block devices and all their partitions that are used by the system.
-t     Print the time for each report displayed.
-x     Display extended statistics.

iostat Examples

iostat -p ALL 2 1000
avg-cpu:  %user   %nice    %sys %iowait   %idle
            8.34    0.08    1.26    2.27   88.05

Display a single history since boot report for all CPU and Devices.

$ iostat

Display a continuous device report at two second intervals.

$ iostat -d 2

Display six reports at two second intervals for all devices.

$ iostat -d 2 6

Display six reports of extended statistics at two second intervals for devices hda and hdb.

$ iostat -x hda hdb 2 6

Display six reports at two second intervals for device sda and all its partitions (sda1, etc.)

$ iostat -p sda 2 6

Schedule Utils

These are the Linux scheduler utilities - schedutils for short. These programs take advantage of the scheduler family of syscalls that Linux implements across various kernels. These system calls implement interfaces for scheduler-related parameters such as CPU affinity and real-time attributes. The standard UNIX utilities do not provide support for these interfaces -- thus this package.

The programs that are included in this package are chrt and taskset. Together with nice and renice (not included), they allow full control of process scheduling parameters. Suggestions for related utilities are welcome, although it is believed (barring new interfaces) that all scheduling interfaces are covered.

I've found that quite a few servers do not have this package installed, indicating to you that they might not know what they are doing. Here is how you can install this incredible package, for non-root users. Root users know how to do this, or they shouldn't be root. Download and install in 1 line provided you have curl. Or just use the following commands.

mkdir -pv $HOME/{dist,source,bin,share/man/man1} && cd ~/dist && curl -O http://ftp.de.debian.org/debian/pool/main/s/schedutils/schedutils_1.5.0.orig.tar.gz && cd ~/source && tar -xvzf ~/dist/sch*z && cd sch* && sed -i -e 's,= /usr/local,=${HOME},g' Makefile && make && make install && make installdoc

mkdir -pv $HOME/{dist,source,bin,share/man/man1}
cd ~/dist && curl -O http://ftp.de.debian.org/debian/pool/main/s/schedutils/schedutils_1.5.0.orig.tar.gz
cd ~/source && tar -xvzf ~/dist/schedutils_1.5.0.orig.tar.gz
cd ~/source/schedutils-1.5.0 && sed -i -e 's,= /usr/local,=${HOME},g' Makefile
make || make -d && make install || make install -d && make installdoc || make installdoc -d

taskset

Taskset is used to set or retrieve the CPU affinity of a running process given its PID or to launch a new COMMAND with a given CPU affinity. CPU affinity is a scheduler property that "bonds" a process to a given set of CPUs on the system. The Linux scheduler will honor the given CPU affinity and the process will not run on any other CPUs. Note that the Linux scheduler also supports natural CPU affinity: the scheduler attempts to keep processes on the same CPU as long as practical for performance reasons. Therefore, forcing a specific CPU affinity is useful only in certain applications.

The CPU affinity is represented as a bitmask, with the lowest order bit corresponding to the first logical CPU and the highest order bit corresponding to the last logical CPU. Not all CPUs may exist on a given system but a mask may specify more CPUs than are present. A retrieved mask will reflect only the bits that correspond to CPUs physically on the system. If an invalid mask is given (i.e., one that corresponds to no valid CPUs on the current system) an error is returned. A user must possess CAP_SYS_NICE to change the CPU affinity of a process. Any user can retrieve the affinity mask.

taskset Usage

taskset [options] [mask | cpu-list] [pid | cmd [args...]]
 
-p, --pid            operate on existing given pid
-c, --cpu-list     display and specify cpus in list format

taskset-examples

The default behavior is to run a new command:

$ taskset 03 sshd -b 1024

You can retrieve the mask of an existing task or set it:

$ taskset -p 700
$ taskset -p 03 700

List format uses a comma-separated list instead of a mask:

$ taskset -pc 0,3,7-11 700

chrt

chrt sets or retrieves the real-time scheduling attributes of an existing PID or runs COMMAND with the given attributes. Both policy (one of SCHED_FIFO, SCHED_RR, or SCHED_OTHER) and priority can be set and retrieved. A user must possess CAP_SYS_NICE to change the scheduling attributes of a process. Any user can retrieve the scheduling information.

chrt Usage

chrt [options] [prio] [pid | cmd [args...]]
 
-p, --pid operate on an existing PID and do not launch a new task
-f, --fifo set scheduling policy to SCHED_FIFO
-m, --max show minimum and maximum valid priorities, then exit
-o, --other set policy scheduling policy to SCHED_OTHER
-r, --rr set scheduling policy to SCHED_RR (the default)

chrt Examples

The default behavior is to run a new command: chrt [prio] -- [command] [arguments]

You can also retrieve the real-time attributes of an existing task:

chrt -p [pid]

Or set them:

chrt -p [prio] [pid]

ulimit - get and set user limits

Ulimit provides control over the resources available to processes started by the shell, on systems that allow such control. One can set the resource limits of the shell using the built-in ulimit command. The shell's resource limits are inherited by the processes that it creates to execute commands.

ulimit Usage

ulimit [-SHacdfilmnpqstuvx] [limit]

-S: use the `soft' resource limit
-H: use the `hard' resource limit
-a: all current limits are reported
-c: the maximum size of core files created
-d: the maximum size of a process's data segment
-f: the maximum size of files created by the shell
-l: the maximum size a process may lock into memory
-m: the maximum resident set size
-n: the maximum number of open file descriptors
-p: the pipe buffer size
-s: the maximum stack size
-t: the maximum amount of cpu time in seconds
-u: the maximum number of user processes
-v: the size of virtual memory

If LIMIT is given, it is the new value of the specified resource; the special LIMIT values `soft', `hard', and `unlimited' stand for the current soft limit, the current hard limit, and no limit, respectively. Otherwise, the current value of the specified resource is printed. If no option is given, then -f is assumed. Values are in 1024-byte increments, except for -t, which is in seconds, -p, which is in increments of 512 bytes, and -u, which is an unscaled number of processes.

RLIMIT_AS: The maximum size of the process's virtual memory (address space) in bytes. This limit affects calls to brk(2), mmap(2) and mremap(2), which fail with the error ENOMEM upon exceeding this limit. Also automatic stack expansion will fail (and generate a SIGSEGV that kills the process if no alternate stack has been made available via sigaltstack(2)). Since the value is a long, on machines with a 32-bit long either this limit is at most 2 GiB, or this resource is unlimited.
RLIMIT_CORE: Maximum size of core file. When 0 no core dump files are created. When non-zero, larger dumps are truncated to this size.
RLIMIT_CPU CPU: time limit in seconds. When the process reaches the soft limit, it is sent a SIGXCPU signal. The default action for this signal is to terminate the process. However, the signal can be caught, and the handler can return control to the main program. If the process continues to consume CPU time, it will be sent SIGXCPU once per second until the hard limit is reached, at which time it is sent SIGKILL. (This latter point describes Linux 2.2 through 2.6 behavior. Implementations vary in how they treat processes which continue to consume CPU time after reaching the soft limit. Portable applications that need to catch this signal should perform an orderly termination upon first receipt of SIGXCPU.)
RLIMIT_DATA: The maximum size of the process's data segment (initialized data, uninitialized data, and heap). This limit affects calls to brk(2) and sbrk(2), which fail with the error ENOMEM upon encountering the soft limit of this resource.
RLIMIT_FSIZE: The maximum size of files that the process may create. Attempts to extend a file beyond this limit result in delivery of a SIGXFSZ signal. By default, this signal terminates a process, but a process can catch this signal instead, in which case the relevant system call (e.g., write(2), truncate(2)) fails with the error EFBIG.
RLIMIT_LOCKS: (Early Linux 2.4 only) A limit on the combined number of flock(2) locks and fcntl(2) leases that this process may establish.
RLIMIT_MEMLOCK: The maximum number of bytes of memory that may be locked into RAM. In effect this limit is rounded down to the nearest multiple of the system page size. This limit affects mlock(2) and mlockall(2) and the mmap(2) MAP_LOCKED operation. Since Linux 2.6.9 it also affects the shmctl(2) SHM_LOCK operation, where it sets a maximum on the total bytes in shared memory segments (see shmget(2)) that may be locked by the real user ID of the calling process. The shmctl(2) SHM_LOCK locks are accounted for separately from the per-process memory locks established by mlock(2), mlockall(2), and mmap(2) MAP_LOCKED; a process can lock bytes up to this limit in each of these two categories. In Linux kernels before 2.6.9, this limit controlled the amount of memory that could be locked by a privileged process. Since Linux 2.6.9, no limits are placed on the amount of memory that a privileged process may lock, and this limit instead governs the amount of memory that an unprivileged process may lock.
RLIMIT_MSGQUEUE: (Since Linux 2.6.8) Specifies the limit on the number of bytes that can be allocated for POSIX message queues for the real user ID of the calling process. This limit is enforced for mq_open(3). Each message queue that the user creates counts (until it is removed) against this limit according to the formula: bytes = attr.mq_maxmsg * sizeof(struct msg_msg *) + attr.mq_maxmsg * attr.mq_msgsize where attr is the mq_attr structure specified as the fourth argument to mq_open(3). The first addend in the formula, which includes sizeof(struct msg_msg *) (4 bytes on Linux/i386), ensures that the user cannot create an unlimited number of zero-length messages (such messages nevertheless each consume some system memory for bookkeeping overhead).
RLIMIT_NICE: (since Linux 2.6.12, but see BUGS below) Specifies a ceiling to which the process's nice value can be raised using setpriority(2) or nice(2). The actual ceiling for the nice value is calculated as 20 - rlim_cur. (This strangeness occurs because negative numbers cannot be specified as resource limit values, since they typically have special meanings. For example, RLIM_INFINITY typically is the same as -1.)
RLIMIT_NOFILE: Specifies a value one greater than the maximum file descriptor number that can be opened by this process. Attempts (open(2), pipe(2), dup(2), etc.) to exceed this limit yield the error EMFILE. (Historically, this limit was named RLIMIT_OFILE on BSD.)
RLIMIT_NPROC: The maximum number of processes (or, more precisely on Linux, threads) that can be created for the real user ID of the calling process. Upon encountering this limit, fork(2) fails with the error EAGAIN.
RLIMIT_RSS: Specifies the limit (in pages) of the process's resident set (the number of virtual pages resident in RAM). This limit only has effect in Linux 2.4.x, x < 30, and there only affects calls to madvise(2) specifying MADV_WILLNEED.
RLIMIT_RTPRIO: (Since Linux 2.6.12, but see BUGS) Specifies a ceiling on the real-time priority that may be set for this process using sched_setscheduler(2) and sched_setparam(2).
RLIMIT_RTTIME: (Since Linux 2.6.25) Specifies a limit on the amount of CPU time that a process scheduled under a real-time scheduling policy may consume without making a blocking system call. For the purpose of this limit, each time a process makes a blocking system call, the count of its consumed CPU time is reset to zero. The CPU time count is not reset if the process continues trying to use the CPU but is preempted, its time slice expires, or it calls sched_yield(2). Upon reaching the soft limit, the process is sent a SIGXCPU signal. If the process catches or ignores this signal and continues consuming CPU time, then SIGXCPU will be generated once each second until the hard limit is reached, at which point the process is sent a SIGKILL signal. The intended use of this limit is to stop a runaway real-time process from locking up the system.
RLIMIT_SIGPENDING: (Since Linux 2.6.8) Specifies the limit on the number of signals that may be queued for the real user ID of the calling process. Both standard and real-time signals are counted for the purpose of checking this limit. However, the limit is only enforced for sigqueue(2); it is always possible to use kill(2) to queue one instance of any of the signals that are not already queued to the process.
RLIMIT_STACK: The maximum size of the process stack, in bytes. Upon reaching this limit, a SIGSEGV signal is generated. To handle this signal, a process must employ an alternate signal stack (sigaltstack(2)).

ulimit Examples

Turn off core dumps

ulimit -S -c 0

Man Pages

Kernel Documentation

Future Discussions:

IO Benchmarking: How, Why and With What

Optimizing Servers and Processes for Speed with ionice, nice, ulimit originally appeared on AskApache.com

AskApache » Search Results » 503

Chmod, Umask, Stat, Fileperms, and File Permissions

.htaccess

php.cgi

.php.ini

Tips before we dig in

Deleting Files and Directories

Creating Files in Restrictive Environments

Stat Function

PHP Stat Function Output

Every Permission 0000 to 0777

Congratulations!

Defining Permission Bits

How File Permissions Work

The OS Permission Bits

Protection bits for File Owner

Protection bits for File Group

Protection bits for All Others

Some Example Permissions

What's a File

Structure of File Mode Bits

Setting Permissions

Copying Existing Permissions

Umask and Protection

Directories, Set-User-ID and Set-Group-ID Bits

Numeric Modes

Other users not in the file's group:

Other users in the file's group:

The file's owner:

Special mode bits:

Apache's Internal Bits (hex)

umask

File Attributes

Viewing stat results

The OS Attribute Bits

Special Permission Bits

Bitmasking to determine Filetype

Default Permission Masks

Apache Stat Bits

The Apache file information structure.

File Time Attributes

Shared hosting user security

Apache Security

Multiuser security setup example

SSH key fingerprints

External Links

Example File Permission Bits

/usr/lib/w3m/cgi-bin/dirlist.cgi

/usr/lib/perl/5.8.4/linux/stat.ph

/usr/include/libpng12/png.h

/usr/lib/python2.4/stat.py

/usr/include/bits/stat.h

/usr/include/linux/nfs.h

/usr/include/linux/nfs3.h

/usr/include/linux/stat.h

Further File Permissions Reading

Related PHP Functions

Special file types

Changing file attributes

Raw HTTP Header Debugger

HTTP Headers

9 Method Definitions

9.1 Safe and Idempotent Methods

9.1.1 Safe Methods

9.1.2 Idempotent Methods

9.2 OPTIONS

9.3 GET

9.4 HEAD

9.5 POST

9.6 PUT

9.7 DELETE

9.8 TRACE

9.9 CONNECT

1xx Info / Informational

HTTP_INFO - Request received, continuing process.

2xx Success / OK

HTTP_SUCCESS - The action was successfully received, understood, and accepted.

3xx Redirect

HTTP_REDIRECT - The client must take additional action to complete the request.

4xx Client Error

`/usr/lib/w3m/cgi-bin/dirlist.cgi`

`/usr/lib/perl/5.8.4/linux/stat.ph`

`/usr/include/libpng12/png.h`

`/usr/lib/python2.4/stat.py`

`/usr/include/bits/stat.h`

`/usr/include/linux/nfs.h`

`/usr/include/linux/nfs3.h`

`/usr/include/linux/stat.h`

`HTTP_INFO` - Request received, continuing process.

`HTTP_SUCCESS` - The action was successfully received, understood, and accepted.

`HTTP_REDIRECT` - The client must take additional action to complete the request.

`HTTP_CLIENT_ERROR` - The request contains bad syntax or cannot be fulfilled.

`HTTP_SERVER_ERROR` - The server failed to fulfill an apparently valid request.