hydra/examples/hydra.conf

# Hydra v0.0.2 configuration file
# File format has is similar but no identical to the format of Boa v0.94
# version changes are noted in the comments
#
# The Hydra configuration file is parsed with a lex/yacc or flex/bison
# generated parser.  If it reports an error, the line number will be
# provided; it should be easy to spot.  The syntax of each of these
# rules is very simple, and they can occur in any order.  Where possible
# these directives mimic those of NCSA httpd 1.3; I saw no reason to 
# introduce gratuitous differences.

# $Id: hydra.conf,v 1.13 2002/10/06 07:52:59 nmav Exp $

# The "ServerRoot" is not in this configuration file.  It can be compiled
# into the server (see defines.h) or specified on the command line with
# the -c option, for example:
#
# hydra -c /usr/local/hydra

# number of threads to spawn
# One thread might be ok for a single CPU system, but in some systems, 
# performance may be increased by using a pool of 4-5 threads.
Threads 4

# Maximum number of concurent connections. If connections arrive after
# the given limit has been reached, then they will not be served, until
# some established connections close. If you do not set it, or set it to
# 0, then the default behaviour takes effect, which is to try to serve
# as much connections as possible (depends on system limits).
#MaxConnections 0

# Port: The port Hydra runs on.  The default port for http servers is 80.
# If it is less than 1024, the server must be started as root.

Port 80

# Listen: the Internet address to bind(2) to.  If you leave it out,
# it takes the behavior before 0.93.17.2, which is to bind to all
# addresses (INADDR_ANY).  You only get one "Listen" directive,
# if you want service on multiple IP addresses, you have three choices:
#    1. Run hydra without a "Listen" directive
#       a. All addresses are treated the same; makes sense if the addresses
#          are localhost, ppp, and eth0.
#       b. Use the VirtualHost directive below to point requests to different
#          files.  Should be good for a very large number of addresses (web
#          hosting clients).
#    2. Run one copy of hydra per IP address, each has its own configuration
#       with a "Listen" directive.  No big deal up to a few tens of addresses.
#       Nice separation between clients.
# The name you provide gets run through inet_aton(3), so you have to use dotted
# quad notation.  This configuration is too important to trust some DNS.

#Listen 192.68.0.5

#  User: The name or UID the server should run as.
# Group: The group name or GID the server should run as.

User nobody
Group nogroup

# ServerAdmin: The email address where server problems should be sent.
# Note: this is not currently used, except as an environment variable
# for CGIs.

#ServerAdmin root@localhost

# ErrorLog: The location of the error log file. If this does not start
# with /, it is considered relative to the server root.
# Set to /dev/null if you don't want errors logged.
# If unset, defaults to /dev/stderr

ErrorLog /var/log/hydra/error_log
# Please NOTE: Sending the logs to a pipe ('|'), as shown below,
#  is somewhat experimental and might fail under heavy load.
# "Usual libc implementations of printf will stall the whole
#  process if the receiving end of a pipe stops reading."
#ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/hydra/error_log /var/log/hydra/error-%Y%m%d.log"

# AccessLog: The location of the access log file. If this does not
# start with /, it is considered relative to the server root.
# Comment out or set to /dev/null (less effective) to disable 
# Access logging.

AccessLog /var/log/hydra/access_log
# Please NOTE: Sending the logs to a pipe ('|'), as shown below,
#  is somewhat experimental and might fail under heavy load.
# "Usual libc implementations of printf will stall the whole
#  process if the receiving end of a pipe stops reading."
#AccessLog  "|/usr/sbin/cronolog --symlink=/var/log/hydra/access_log /var/log/hydra/access-%Y%m%d.log"

# UseLocaltime: Logical switch.  Uncomment to use localtime 
# instead of UTC time
#UseLocaltime

# VerboseCGILogs: this is just a logical switch.
#  It simply notes the start and stop times of cgis in the error log
# Comment out to disable.

#VerboseCGILogs

# ServerName: the name of this server that should be sent back to 
# clients if different than that returned by gethostname + gethostbyname 

#ServerName www.your.org.here

# VirtualHost: Setup any virtual hosts (host based)
# Comment out to disable.
# It needs to specify the HostName, the IP (use '*' if all),
# the DocumentRoot and the UserDir (if any).
# UserDir ist he name of the directory which is appended onto a user's home
# directory if a ~user request is recieved.
#
# Example: 
# VirtualHost www.dot.com * /var/www public_html
# VirtualHost www.dot.com 127.0.0.1 /var/www ""
#

#VirtualHost www.dot.com * /var/www ""

# DocumentRoot: The root directory of the HTML documents.
# Comment out to disable server non user files.
#
# Note that if VirtualHost is enabled, this will be the fallback
# for the clients that did not supply any host.

DocumentRoot /var/www

# DirectoryIndex: Name of the file to use as a pre-written HTML
# directory index.  Please MAKE AND USE THESE FILES.  On the
# fly creation of directory indexes can be _slow_.
# You can use more than one directory index by adding this
# directive several times.
# Comment out to always use DirectoryMaker

DirectoryIndex index.html

# DirectoryMaker: Name of program used to create a directory listing.
# Comment out to disable directory listings.  If both this and
# DirectoryIndex are commented out, accessing a directory will give
# an error (though accessing files in the directory are still ok).

DirectoryMaker /usr/lib/hydra/boa_indexer

# DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker
# has been commented out, the the on-the-fly indexing of Hydra can be used
# to generate indexes of directories. Be warned that the output is 
# extremely minimal and can cause delays when slow disks are used.
# Note: The DirectoryCache must be writable by the same user/group that 
# Hydra runs as.

# DirectoryCache /var/spool/hydra/dircache

# MaxFilesCache: Number of files to keep in file cache memory
# Set to 0 to disable file caching.

MaxFilesCache 256

# MaxFileSizeCache: The maximum size that a file should have in order to
# be added to the file cache.
# Comment out, to use the default value.

MaxFileSizeCache 131072

# KeepAliveMax: Number of KeepAlive requests to allow per connection
# Comment out, or set to 0 to disable keepalive processing

KeepAliveMax 1000

# KeepAliveTimeout: seconds to wait before keepalive connection times out

KeepAliveTimeout 10

# MimeTypes: This is the file that is used to generate mime type pairs
# and Content-Type fields for hydra.
# Set to /dev/null if you do not want to load a mime types file.
# Do *not* comment out (better use AddType!)

MimeTypes /etc/mime.types

# DefaultType: MIME type used if the file extension is unknown, or there
# is no file extension.

DefaultType text/plain

# CGIPath: The value of the $PATH environment variable given to CGI progs.

CGIPath /bin:/usr/bin:/usr/local/bin

# SinglePostLimit: The maximum allowable number of bytes in 
# a single POST.  Default is normally 1MB.

# AddType: adds types without editing mime.types
# Example: AddType type extension [extension ...]

# Uncomment the next line if you want .cgi files to execute from anywhere
#AddType application/x-httpd-cgi cgi


# Uncomment the following lines if you want .php files to execute from 
# anywhere, using the HIC (internally handled CGI). This is much faster
# than CGIs, since it is handled internally by the server (no fork).

# Use this if you have enabled HIC support, and you have compiled
# PHP as a Hydra (HIC) module. 
#HICModule /usr/lib/libphp4.so "_php" "application/x-httpd-php"

# You may also need these:
#AddType application/x-httpd-php php
#AddType application/x-httpd-php phtml

# number of HIC threads to spawn
# One HIC thread handles requests one after the other. Having several HIC threads
# increases performance in servers that serve a lot of dynamic content.
HICThreads 3

# Redirect, Alias, and ScriptAlias all have the same semantics -- they
# match the beginning of a request and take appropriate action.  Use
# Redirect for other servers, Alias for the same server, and ScriptAlias
# to enable directories for script execution.

# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Example: Redirect www.ourhost.com /bar http://elsewhere/feh/bar

# Aliases: Aliases one path to another.
# Example: Alias www.ourhost.com /path1/bar /absolute/path2/foo

#Alias www.localhost.com /doc /usr/doc

# ScriptAlias: Maps a virtual path to a directory for serving scripts
# Example: ScriptAlias www.ourhost.com /htbin/ /www/htbin/

#ScriptAlias www.localhost.com /cgi-bin/ /usr/lib/cgi-bin/

# non zero enables SSL support
# 1: only SSL support
# 2: both SSL and non SSL ports
SSL 0

# The port where the SSL server will listen on
SSLPort 4443

# read the certificate from
SSLCertificate cert.pem

# read the private key from
SSLKey key.pem

# read the trusted CA list from
SSLCAList ca.pem

# Whether to verify client. Use 0, or comment out to disable.
# 1 means request a certificate, and verify if a certificate is sent.
# 2 means require a certificate and verify.
# 3 means request a certificate and try to verify. Do not fail if the verification
#   function failed. This is may be useful in CGIs that want to print some error message.
SSLVerifyClient 0

# Number of sessions to cache. This is to support session resuming.
# Set to 0 to disable.
SSLSessionCache 40

# After this time (in seconds) has passed, the stored SSL sessions
# will be expired, and will not be resumed.
SSLSessionTimeout 3600 #one hour

# Set the prime bits used in Diffie Hellman authentication. The parameters
# are only generated if the DHE ciphersuites are enabled.
# Value should be one of 768, 1024, 2048, 4096
SSLDHBits 768

# The period when the generated temporary RSA and DH parameters are valid. 
# After that period of time hydra will regenerate parameters.
SSLParamsRefresh 172800 #two days

# A comma separated list of the SSL ciphers. Valid selections are:
# ARCFOUR-128, ARCFOUR-40, 3DES, AES
# Note that ARCFOUR-40 is a weak algorithm.
SSLCiphers "AES, 3DES, ARCFOUR-128, ARCFOUR-40"

# A comma separated list of the SSL key exchange methods. Valid selections 
# are: RSA, DHE-RSA, DHE-DSS, RSA-EXPORT
# DHE-DSS can only be used with certificates that hold DSA parameters.
# Note that RSA-EXPORT is a weak algorithm.
SSLKeyExchangeAlgorithms "RSA, RSA-EXPORT"

# A comma separated list of the SSL MAC algorithms. Valid selections 
# are: MD5, SHA1
SSLMACAlgorithms "SHA1, MD5"

# A comma separated list of the SSL compression methods. Valid selections 
# are: NULL
SSLCompressionMethods "NULL"

# A comma separated list of the SSL protocol versions. Valid selections 
# are: TLS1.0 and SSL3.0
SSLProtocols "TLS1.0, SSL3.0"
1	nmav	1.1	# Hydra v0.0.2 configuration file
2			# File format has is similar but no identical to the format of Boa v0.94
3			# version changes are noted in the comments
4			#
5			# The Hydra configuration file is parsed with a lex/yacc or flex/bison
6			# generated parser. If it reports an error, the line number will be
7			# provided; it should be easy to spot. The syntax of each of these
8			# rules is very simple, and they can occur in any order. Where possible
9			# these directives mimic those of NCSA httpd 1.3; I saw no reason to
10			# introduce gratuitous differences.
11
12	nmav	1.14	# $Id: hydra.conf,v 1.13 2002/10/06 07:52:59 nmav Exp $
13	nmav	1.1
14			# The "ServerRoot" is not in this configuration file. It can be compiled
15			# into the server (see defines.h) or specified on the command line with
16			# the -c option, for example:
17			#
18			# hydra -c /usr/local/hydra
19
20			# number of threads to spawn
21	nmav	1.6	# One thread might be ok for a single CPU system, but in some systems,
22			# performance may be increased by using a pool of 4-5 threads.
23			Threads 4
24	nmav	1.1
25	nmav	1.10	# Maximum number of concurent connections. If connections arrive after
26			# the given limit has been reached, then they will not be served, until
27			# some established connections close. If you do not set it, or set it to
28			# 0, then the default behaviour takes effect, which is to try to serve
29			# as much connections as possible (depends on system limits).
30	nmav	1.1	#MaxConnections 0
31
32			# Port: The port Hydra runs on. The default port for http servers is 80.
33			# If it is less than 1024, the server must be started as root.
34
35			Port 80
36
37			# Listen: the Internet address to bind(2) to. If you leave it out,
38			# it takes the behavior before 0.93.17.2, which is to bind to all
39			# addresses (INADDR_ANY). You only get one "Listen" directive,
40			# if you want service on multiple IP addresses, you have three choices:
41			# 1. Run hydra without a "Listen" directive
42			# a. All addresses are treated the same; makes sense if the addresses
43			# are localhost, ppp, and eth0.
44			# b. Use the VirtualHost directive below to point requests to different
45			# files. Should be good for a very large number of addresses (web
46			# hosting clients).
47			# 2. Run one copy of hydra per IP address, each has its own configuration
48			# with a "Listen" directive. No big deal up to a few tens of addresses.
49			# Nice separation between clients.
50			# The name you provide gets run through inet_aton(3), so you have to use dotted
51			# quad notation. This configuration is too important to trust some DNS.
52
53			#Listen 192.68.0.5
54
55			# User: The name or UID the server should run as.
56			# Group: The group name or GID the server should run as.
57
58			User nobody
59			Group nogroup
60
61			# ServerAdmin: The email address where server problems should be sent.
62			# Note: this is not currently used, except as an environment variable
63			# for CGIs.
64
65			#ServerAdmin root@localhost
66
67			# ErrorLog: The location of the error log file. If this does not start
68			# with /, it is considered relative to the server root.
69			# Set to /dev/null if you don't want errors logged.
70			# If unset, defaults to /dev/stderr
71
72			ErrorLog /var/log/hydra/error_log
73			# Please NOTE: Sending the logs to a pipe ('\|'), as shown below,
74			# is somewhat experimental and might fail under heavy load.
75			# "Usual libc implementations of printf will stall the whole
76			# process if the receiving end of a pipe stops reading."
77			#ErrorLog "\|/usr/sbin/cronolog --symlink=/var/log/hydra/error_log /var/log/hydra/error-%Y%m%d.log"
78
79			# AccessLog: The location of the access log file. If this does not
80			# start with /, it is considered relative to the server root.
81			# Comment out or set to /dev/null (less effective) to disable
82			# Access logging.
83
84			AccessLog /var/log/hydra/access_log
85			# Please NOTE: Sending the logs to a pipe ('\|'), as shown below,
86			# is somewhat experimental and might fail under heavy load.
87			# "Usual libc implementations of printf will stall the whole
88			# process if the receiving end of a pipe stops reading."
89			#AccessLog "\|/usr/sbin/cronolog --symlink=/var/log/hydra/access_log /var/log/hydra/access-%Y%m%d.log"
90
91			# UseLocaltime: Logical switch. Uncomment to use localtime
92			# instead of UTC time
93			#UseLocaltime
94
95			# VerboseCGILogs: this is just a logical switch.
96			# It simply notes the start and stop times of cgis in the error log
97			# Comment out to disable.
98
99			#VerboseCGILogs
100
101			# ServerName: the name of this server that should be sent back to
102			# clients if different than that returned by gethostname + gethostbyname
103
104			#ServerName www.your.org.here
105
106			# VirtualHost: Setup any virtual hosts (host based)
107			# Comment out to disable.
108			# It needs to specify the HostName, the IP (use '*' if all),
109			# the DocumentRoot and the UserDir (if any).
110			# UserDir ist he name of the directory which is appended onto a user's home
111			# directory if a ~user request is recieved.
112			#
113			# Example:
114			# VirtualHost www.dot.com * /var/www public_html
115			# VirtualHost www.dot.com 127.0.0.1 /var/www ""
116			#
117
118			#VirtualHost www.dot.com * /var/www ""
119
120			# DocumentRoot: The root directory of the HTML documents.
121			# Comment out to disable server non user files.
122			#
123			# Note that if VirtualHost is enabled, this will be the fallback
124			# for the clients that did not supply any host.
125
126			DocumentRoot /var/www
127
128			# DirectoryIndex: Name of the file to use as a pre-written HTML
129			# directory index. Please MAKE AND USE THESE FILES. On the
130			# fly creation of directory indexes can be _slow_.
131			# You can use more than one directory index by adding this
132			# directive several times.
133			# Comment out to always use DirectoryMaker
134
135			DirectoryIndex index.html
136
137			# DirectoryMaker: Name of program used to create a directory listing.
138			# Comment out to disable directory listings. If both this and
139			# DirectoryIndex are commented out, accessing a directory will give
140			# an error (though accessing files in the directory are still ok).
141
142			DirectoryMaker /usr/lib/hydra/boa_indexer
143
144			# DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker
145			# has been commented out, the the on-the-fly indexing of Hydra can be used
146			# to generate indexes of directories. Be warned that the output is
147			# extremely minimal and can cause delays when slow disks are used.
148			# Note: The DirectoryCache must be writable by the same user/group that
149			# Hydra runs as.
150
151			# DirectoryCache /var/spool/hydra/dircache
152
153			# MaxFilesCache: Number of files to keep in file cache memory
154			# Set to 0 to disable file caching.
155
156			MaxFilesCache 256
157
158			# MaxFileSizeCache: The maximum size that a file should have in order to
159			# be added to the file cache.
160			# Comment out, to use the default value.
161
162			MaxFileSizeCache 131072
163
164			# KeepAliveMax: Number of KeepAlive requests to allow per connection
165			# Comment out, or set to 0 to disable keepalive processing
166
167			KeepAliveMax 1000
168
169			# KeepAliveTimeout: seconds to wait before keepalive connection times out
170
171			KeepAliveTimeout 10
172
173			# MimeTypes: This is the file that is used to generate mime type pairs
174			# and Content-Type fields for hydra.
175			# Set to /dev/null if you do not want to load a mime types file.
176			# Do not comment out (better use AddType!)
177
178			MimeTypes /etc/mime.types
179
180			# DefaultType: MIME type used if the file extension is unknown, or there
181			# is no file extension.
182
183			DefaultType text/plain
184
185			# CGIPath: The value of the $PATH environment variable given to CGI progs.
186
187			CGIPath /bin:/usr/bin:/usr/local/bin
188
189			# SinglePostLimit: The maximum allowable number of bytes in
190			# a single POST. Default is normally 1MB.
191
192			# AddType: adds types without editing mime.types
193			# Example: AddType type extension [extension ...]
194
195			# Uncomment the next line if you want .cgi files to execute from anywhere
196			#AddType application/x-httpd-cgi cgi
197	nmav	1.2
198	nmav	1.4
199			# Uncomment the following lines if you want .php files to execute from
200			# anywhere, using the HIC (internally handled CGI). This is much faster
201	nmav	1.7	# than CGIs, since it is handled internally by the server (no fork).
202	nmav	1.3
203			# Use this if you have enabled HIC support, and you have compiled
204	nmav	1.5	# PHP as a Hydra (HIC) module.
205	nmav	1.4	#HICModule /usr/lib/libphp4.so "_php" "application/x-httpd-php"
206
207			# You may also need these:
208			#AddType application/x-httpd-php php
209			#AddType application/x-httpd-php phtml
210
211	nmav	1.6	# number of HIC threads to spawn
212			# One HIC thread handles requests one after the other. Having several HIC threads
213			# increases performance in servers that serve a lot of dynamic content.
214	nmav	1.8	HICThreads 3
215	nmav	1.1
216			# Redirect, Alias, and ScriptAlias all have the same semantics -- they
217			# match the beginning of a request and take appropriate action. Use
218			# Redirect for other servers, Alias for the same server, and ScriptAlias
219			# to enable directories for script execution.
220
221			# Redirect allows you to tell clients about documents which used to exist in
222			# your server's namespace, but do not anymore. This allows you to tell the
223			# clients where to look for the relocated document.
224			# Example: Redirect www.ourhost.com /bar http://elsewhere/feh/bar
225
226			# Aliases: Aliases one path to another.
227			# Example: Alias www.ourhost.com /path1/bar /absolute/path2/foo
228
229			#Alias www.localhost.com /doc /usr/doc
230
231			# ScriptAlias: Maps a virtual path to a directory for serving scripts
232			# Example: ScriptAlias www.ourhost.com /htbin/ /www/htbin/
233
234			#ScriptAlias www.localhost.com /cgi-bin/ /usr/lib/cgi-bin/
235
236			# non zero enables SSL support
237			# 1: only SSL support
238			# 2: both SSL and non SSL ports
239			SSL 0
240
241			# The port where the SSL server will listen on
242			SSLPort 4443
243
244			# read the certificate from
245			SSLCertificate cert.pem
246
247			# read the private key from
248			SSLKey key.pem
249	nmav	1.11
250			# read the trusted CA list from
251			SSLCAList ca.pem
252
253			# Whether to verify client. Use 0, or comment out to disable.
254			# 1 means request a certificate, and verify if a certificate is sent.
255			# 2 means require a certificate and verify.
256	nmav	1.12	# 3 means request a certificate and try to verify. Do not fail if the verification
257			# function failed. This is may be useful in CGIs that want to print some error message.
258	nmav	1.11	SSLVerifyClient 0
259	nmav	1.1
260			# Number of sessions to cache. This is to support session resuming.
261			# Set to 0 to disable.
262			SSLSessionCache 40
263
264			# After this time (in seconds) has passed, the stored SSL sessions
265			# will be expired, and will not be resumed.
266			SSLSessionTimeout 3600 #one hour
267
268			# Set the prime bits used in Diffie Hellman authentication. The parameters
269			# are only generated if the DHE ciphersuites are enabled.
270			# Value should be one of 768, 1024, 2048, 4096
271			SSLDHBits 768
272
273	nmav	1.13	# The period when the generated temporary RSA and DH parameters are valid.
274			# After that period of time hydra will regenerate parameters.
275	nmav	1.1	SSLParamsRefresh 172800 #two days
276
277			# A comma separated list of the SSL ciphers. Valid selections are:
278			# ARCFOUR-128, ARCFOUR-40, 3DES, AES
279			# Note that ARCFOUR-40 is a weak algorithm.
280			SSLCiphers "AES, 3DES, ARCFOUR-128, ARCFOUR-40"
281
282			# A comma separated list of the SSL key exchange methods. Valid selections
283			# are: RSA, DHE-RSA, DHE-DSS, RSA-EXPORT
284	nmav	1.13	# DHE-DSS can only be used with certificates that hold DSA parameters.
285	nmav	1.1	# Note that RSA-EXPORT is a weak algorithm.
286			SSLKeyExchangeAlgorithms "RSA, RSA-EXPORT"
287
288			# A comma separated list of the SSL MAC algorithms. Valid selections
289			# are: MD5, SHA1
290			SSLMACAlgorithms "SHA1, MD5"
291
292			# A comma separated list of the SSL compression methods. Valid selections
293			# are: NULL
294			SSLCompressionMethods "NULL"
295
296			# A comma separated list of the SSL protocol versions. Valid selections
297			# are: TLS1.0 and SSL3.0
298			SSLProtocols "TLS1.0, SSL3.0"