1 |
# Hydra v0.0.2 configuration file |
2 |
# File format has is similar but no identical to the format of Boa v0.94 |
3 |
# version changes are noted in the comments |
4 |
# |
5 |
# The Hydra configuration file is parsed with a lex/yacc or flex/bison |
6 |
# generated parser. If it reports an error, the line number will be |
7 |
# provided; it should be easy to spot. The syntax of each of these |
8 |
# rules is very simple, and they can occur in any order. Where possible |
9 |
# these directives mimic those of NCSA httpd 1.3; I saw no reason to |
10 |
# introduce gratuitous differences. |
11 |
|
12 |
# $Id: hydra.conf,v 1.18 2002/10/27 10:06:28 nmav Exp $ |
13 |
|
14 |
# The "ServerRoot" is not in this configuration file. It can be compiled |
15 |
# into the server (see defines.h) or specified on the command line with |
16 |
# the -c option, for example: |
17 |
# |
18 |
# hydra -c /usr/local/hydra |
19 |
|
20 |
# number of threads to spawn |
21 |
# One thread might be ok for a single CPU system, but in some systems, |
22 |
# performance may be increased by using a pool of 4-5 threads. |
23 |
Threads 4 |
24 |
|
25 |
# Maximum number of concurent connections. If connections arrive after |
26 |
# the given limit has been reached, then they will not be served, until |
27 |
# some established connections close. If you do not set it, or set it to |
28 |
# 0, then the default behaviour takes effect, which is to try to serve |
29 |
# as much connections as possible (depends on system limits). |
30 |
#MaxConnections 0 |
31 |
|
32 |
# Port: The port Hydra runs on. The default port for http servers is 80. |
33 |
# If it is less than 1024, the server must be started as root. |
34 |
|
35 |
Port 80 |
36 |
|
37 |
# Listen: the Internet address to bind(2) to. If you leave it out, |
38 |
# it takes the behavior before 0.93.17.2, which is to bind to all |
39 |
# addresses (INADDR_ANY). You only get one "Listen" directive, |
40 |
# if you want service on multiple IP addresses, you have three choices: |
41 |
# 1. Run hydra without a "Listen" directive |
42 |
# a. All addresses are treated the same; makes sense if the addresses |
43 |
# are localhost, ppp, and eth0. |
44 |
# b. Use the VirtualHost directive below to point requests to different |
45 |
# files. Should be good for a very large number of addresses (web |
46 |
# hosting clients). |
47 |
# 2. Run one copy of hydra per IP address, each has its own configuration |
48 |
# with a "Listen" directive. No big deal up to a few tens of addresses. |
49 |
# Nice separation between clients. |
50 |
# The name you provide gets run through inet_aton(3), so you have to use dotted |
51 |
# quad notation. This configuration is too important to trust some DNS. |
52 |
|
53 |
#Listen 192.68.0.5 |
54 |
|
55 |
# User: The name or UID the server should run as. |
56 |
# Group: The group name or GID the server should run as. |
57 |
|
58 |
User nobody |
59 |
Group nogroup |
60 |
|
61 |
# ServerAdmin: The email address where server problems should be sent. |
62 |
# Note: this is not currently used, except as an environment variable |
63 |
# for CGIs. |
64 |
|
65 |
#ServerAdmin root@localhost |
66 |
|
67 |
# PidFile: where to put the pid of the process. |
68 |
# Comment out to write no pid file. |
69 |
# Note: Because Boa drops priviledges at startup, and the |
70 |
# pid file is written by the UID/GID before doing so, Boa |
71 |
# does not attempt removal of the pid file. |
72 |
# PidFile /var/run/hydra.pid |
73 |
|
74 |
# ErrorLog: The location of the error log file. If this does not start |
75 |
# with /, it is considered relative to the server root. |
76 |
# Set to /dev/null if you don't want errors logged. |
77 |
# If unset, defaults to /dev/stderr |
78 |
|
79 |
ErrorLog /var/log/hydra/error_log |
80 |
# Please NOTE: Sending the logs to a pipe ('|'), as shown below, |
81 |
# is somewhat experimental and might fail under heavy load. |
82 |
# "Usual libc implementations of printf will stall the whole |
83 |
# process if the receiving end of a pipe stops reading." |
84 |
#ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/hydra/error_log /var/log/hydra/error-%Y%m%d.log" |
85 |
|
86 |
# AccessLog: The location of the access log file. If this does not |
87 |
# start with /, it is considered relative to the server root. |
88 |
# Comment out or set to /dev/null (less effective) to disable |
89 |
# Access logging. |
90 |
|
91 |
AccessLog /var/log/hydra/access_log |
92 |
# Please NOTE: Sending the logs to a pipe ('|'), as shown below, |
93 |
# is somewhat experimental and might fail under heavy load. |
94 |
# "Usual libc implementations of printf will stall the whole |
95 |
# process if the receiving end of a pipe stops reading." |
96 |
#AccessLog "|/usr/sbin/cronolog --symlink=/var/log/hydra/access_log /var/log/hydra/access-%Y%m%d.log" |
97 |
|
98 |
# CGILog /var/log/hydra/cgi_log |
99 |
# CGILog: The location of the CGI stderr log file. If this does not |
100 |
# start with /, it is considered relative to the server root. |
101 |
# The log file would contain any contents send to /dev/stderr |
102 |
# by the CGI. If this is commented out, it defaults to whatever |
103 |
# ErrorLog points. Set to /dev/null to disable CGI stderr logging. |
104 |
# Please NOTE: Sending the logs to a pipe ('|'), as shown below, |
105 |
# is somewhat experimental and might fail under heavy load. |
106 |
# "Usual libc implementations of printf will stall the whole |
107 |
# process if the receiving end of a pipe stops reading." |
108 |
#CGILog "|/usr/sbin/cronolog --symlink=/var/log/hydra/cgi_log /var/log/hydra/cgi-%Y%m%d.log" |
109 |
|
110 |
# CGIumask 027 (no mask for user, read-only for group, and nothing for user) |
111 |
# CGIumask 027 |
112 |
# The CGIumask is set immediately before execution of the CGI. |
113 |
|
114 |
# UseLocaltime: Logical switch. Uncomment to use localtime |
115 |
# instead of UTC time |
116 |
#UseLocaltime |
117 |
|
118 |
# VerboseCGILogs: this is just a logical switch. |
119 |
# It simply notes the start and stop times of cgis in the error log |
120 |
# Comment out to disable. |
121 |
|
122 |
#VerboseCGILogs |
123 |
|
124 |
# ServerName: the name of this server that should be sent back to |
125 |
# clients if different than that returned by gethostname + gethostbyname |
126 |
|
127 |
#ServerName www.your.org.here |
128 |
|
129 |
# VirtualHost: Setup any virtual hosts (host based) |
130 |
# Comment out to disable. |
131 |
# It needs to specify the HostName, the IP (use '*' if all), |
132 |
# the DocumentRoot and the UserDir (if any). |
133 |
# UserDir ist he name of the directory which is appended onto a user's home |
134 |
# directory if a ~user request is recieved. |
135 |
# |
136 |
# Example: |
137 |
# VirtualHost www.dot.com * /var/www public_html |
138 |
# VirtualHost www.dot.com 127.0.0.1 /var/www "" |
139 |
# |
140 |
|
141 |
#VirtualHost www.dot.com * /var/www "" |
142 |
|
143 |
# DocumentRoot: The root directory of the HTML documents. |
144 |
# Comment out to disable server non user files. |
145 |
# |
146 |
# Note that if VirtualHost is enabled, this will be the fallback |
147 |
# for the clients that did not supply any host. |
148 |
|
149 |
DocumentRoot /var/www |
150 |
|
151 |
# DirectoryIndex: Name of the file to use as a pre-written HTML |
152 |
# directory index. Please MAKE AND USE THESE FILES. On the |
153 |
# fly creation of directory indexes can be _slow_. |
154 |
# You can use more than one directory index by adding this |
155 |
# directive several times. |
156 |
# Comment out to always use DirectoryMaker |
157 |
|
158 |
DirectoryIndex index.html |
159 |
|
160 |
# DirectoryMaker: Name of program used to create a directory listing. |
161 |
# Comment out to disable directory listings. If both this and |
162 |
# DirectoryIndex are commented out, accessing a directory will give |
163 |
# an error (though accessing files in the directory are still ok). |
164 |
|
165 |
DirectoryMaker /usr/lib/hydra/boa_indexer |
166 |
|
167 |
# DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker |
168 |
# has been commented out, the the on-the-fly indexing of Hydra can be used |
169 |
# to generate indexes of directories. Be warned that the output is |
170 |
# extremely minimal and can cause delays when slow disks are used. |
171 |
# Note: The DirectoryCache must be writable by the same user/group that |
172 |
# Hydra runs as. |
173 |
|
174 |
# DirectoryCache /var/spool/hydra/dircache |
175 |
|
176 |
# MaxFilesCache: Number of files to keep in file cache memory |
177 |
# Set to 0 to disable file caching. |
178 |
|
179 |
MaxFilesCache 256 |
180 |
|
181 |
# MaxFileSizeCache: The maximum size that a file should have in order to |
182 |
# be added to the file cache. |
183 |
# Comment out, to use the default value. |
184 |
|
185 |
MaxFileSizeCache 131072 |
186 |
|
187 |
# KeepAliveMax: Number of KeepAlive requests to allow per connection |
188 |
# Comment out, or set to 0 to disable keepalive processing |
189 |
|
190 |
KeepAliveMax 1000 |
191 |
|
192 |
# KeepAliveTimeout: seconds to wait before keepalive connection times out |
193 |
|
194 |
KeepAliveTimeout 10 |
195 |
|
196 |
# MimeTypes: This is the file that is used to generate mime type pairs |
197 |
# and Content-Type fields for hydra. |
198 |
# Set to /dev/null if you do not want to load a mime types file. |
199 |
# Do *not* comment out (better use AddType!) |
200 |
|
201 |
MimeTypes /etc/mime.types |
202 |
|
203 |
# DefaultType: MIME type used if the file extension is unknown, or there |
204 |
# is no file extension. |
205 |
|
206 |
DefaultType text/plain |
207 |
|
208 |
# CGIPath: The value of the $PATH environment variable given to CGI progs. |
209 |
|
210 |
CGIPath /bin:/usr/bin:/usr/local/bin |
211 |
|
212 |
# SinglePostLimit: The maximum allowable number of bytes in |
213 |
# a single POST. Default is normally 1MB. |
214 |
|
215 |
# AddType: adds types without editing mime.types |
216 |
# Example: AddType type extension [extension ...] |
217 |
|
218 |
# Uncomment the next line if you want .cgi files to execute from anywhere |
219 |
#AddType application/x-httpd-cgi cgi |
220 |
|
221 |
|
222 |
# Uncomment the following lines if you want .php files to execute from |
223 |
# anywhere, using the HIC (internally handled CGI). This is much faster |
224 |
# than CGIs, since it is handled internally by the server (no fork). |
225 |
|
226 |
# Use this if you have enabled HIC support, and you have compiled |
227 |
# PHP as a Hydra (HIC) module. |
228 |
#HICModule /usr/lib/libphp4.so "_php" "application/x-httpd-php" |
229 |
|
230 |
# You may also need these: |
231 |
#AddType application/x-httpd-php php |
232 |
#AddType application/x-httpd-php phtml |
233 |
|
234 |
# number of HIC threads to spawn |
235 |
# One HIC thread handles requests one after the other. Having several HIC threads |
236 |
# increases performance in servers that serve a lot of dynamic content. |
237 |
HICThreads 3 |
238 |
|
239 |
# Redirect, Alias, and ScriptAlias all have the same semantics -- they |
240 |
# match the beginning of a request and take appropriate action. Use |
241 |
# Redirect for other servers, Alias for the same server, and ScriptAlias |
242 |
# to enable directories for script execution. |
243 |
|
244 |
# The first argument of Redirect and friends is the virtual server hostname, |
245 |
# and the directive only applies to the given virtual server. If the directive |
246 |
# equals "" then the default server is assumed. |
247 |
|
248 |
# Redirect allows you to tell clients about documents which used to exist in |
249 |
# your server's namespace, but do not anymore. This allows you to tell the |
250 |
# clients where to look for the relocated document. |
251 |
# Example: Redirect www.ourhost.com /bar http://elsewhere/feh/bar |
252 |
|
253 |
# Aliases: Aliases one path to another. |
254 |
# Example: Alias www.ourhost.com /path1/bar /absolute/path2/foo |
255 |
|
256 |
#Alias www.localhost.com /doc /usr/doc |
257 |
|
258 |
# ScriptAlias: Maps a virtual path to a directory for serving scripts |
259 |
# Example: ScriptAlias www.ourhost.com /htbin/ /www/htbin/ |
260 |
|
261 |
#ScriptAlias www.localhost.com /cgi-bin/ /usr/lib/cgi-bin/ |
262 |
|
263 |
# An interval, that hydra will be entered in maintenance mode. This |
264 |
# includes an SSL parameter regeneration, and closing of unused |
265 |
# open files. This does not involve any downtime. Set to 0 to disable. |
266 |
MaintenanceInterval 172800 #two days |
267 |
|
268 |
# Access Control lists per virtual host |
269 |
# These two directives (Allow/Deny), allow you to specify file |
270 |
# patterns that will be denied or allowed access. The first argument |
271 |
# of these directives is a virtual host. |
272 |
|
273 |
# deny all files that start with a dot in the default host |
274 |
#Deny "" */.* |
275 |
|
276 |
# deny all the files that finish with '.inc' in www.localhost.com virtual |
277 |
# host, but allow access to the public.inc. |
278 |
#Deny "www.localhost.com" */*.inc |
279 |
#Allow "www.localhost.com" */public.inc |
280 |
|
281 |
# non zero enables SSL support |
282 |
# 1: only SSL support |
283 |
# 2: both SSL and non SSL ports |
284 |
SSL 0 |
285 |
|
286 |
# The port where the SSL server will listen on |
287 |
SSLPort 4443 |
288 |
|
289 |
# read the certificate from |
290 |
SSLCertificate cert.pem |
291 |
|
292 |
# read the private key from |
293 |
SSLKey key.pem |
294 |
|
295 |
# read the trusted CA list from |
296 |
SSLCAList ca.pem |
297 |
|
298 |
# Whether to verify client. Use 0, or comment out to disable. |
299 |
# 1 means request a certificate, and verify if a certificate is sent. |
300 |
# 2 means require a certificate and verify. |
301 |
# 3 means request a certificate and try to verify. Do not fail if the verification |
302 |
# function failed. This is may be useful in CGIs that want to print some error message. |
303 |
SSLVerifyClient 3 |
304 |
|
305 |
# Number of sessions to cache. This is to support session resuming. |
306 |
# Set to 0 to disable. |
307 |
SSLSessionCache 40 |
308 |
|
309 |
# After this time (in seconds) has passed, the stored SSL sessions |
310 |
# will be expired, and will not be resumed. |
311 |
SSLSessionTimeout 3600 #one hour |
312 |
|
313 |
# Set the prime bits used in Diffie Hellman authentication. The parameters |
314 |
# are only generated if the DHE ciphersuites are enabled. |
315 |
# Value should be one of 768, 1024, 2048, 4096 |
316 |
SSLDHBits 768 |
317 |
|
318 |
|
319 |
# A comma separated list of the SSL ciphers. Valid selections are: |
320 |
# ARCFOUR-128, ARCFOUR-40, 3DES, AES |
321 |
# Note that ARCFOUR-40 is a weak algorithm. |
322 |
SSLCiphers "AES, 3DES, ARCFOUR-128, ARCFOUR-40" |
323 |
|
324 |
# A comma separated list of the SSL key exchange methods. Valid selections |
325 |
# are: RSA, DHE-RSA, DHE-DSS, RSA-EXPORT |
326 |
# DHE-DSS can only be used with certificates that hold DSA parameters. |
327 |
# Note that RSA-EXPORT is a weak algorithm. |
328 |
SSLKeyExchangeAlgorithms "RSA, RSA-EXPORT" |
329 |
|
330 |
# A comma separated list of the SSL MAC algorithms. Valid selections |
331 |
# are: MD5, SHA1 |
332 |
SSLMACAlgorithms "SHA1, MD5" |
333 |
|
334 |
# A comma separated list of the SSL compression methods. Valid selections |
335 |
# are: NULL |
336 |
SSLCompressionMethods "NULL" |
337 |
|
338 |
# A comma separated list of the SSL protocol versions. Valid selections |
339 |
# are: TLS1.0 and SSL3.0 |
340 |
SSLProtocols "TLS1.0, SSL3.0" |