| 1 |
# Hydra v0.0.2 configuration file |
| 2 |
# File format has is similar but no identical to the format of Boa v0.94 |
| 3 |
# version changes are noted in the comments |
| 4 |
# |
| 5 |
# The Hydra configuration file is parsed with a lex/yacc or flex/bison |
| 6 |
# generated parser. If it reports an error, the line number will be |
| 7 |
# provided; it should be easy to spot. The syntax of each of these |
| 8 |
# rules is very simple, and they can occur in any order. Where possible |
| 9 |
# these directives mimic those of NCSA httpd 1.3; I saw no reason to |
| 10 |
# introduce gratuitous differences. |
| 11 |
|
| 12 |
# $Id: hydra.conf,v 1.19.2.5 2003/01/09 14:16:32 nmav Exp $ |
| 13 |
|
| 14 |
# The "ServerRoot" is not in this configuration file. It can be compiled |
| 15 |
# into the server (see defines.h) or specified on the command line with |
| 16 |
# the -c option, for example: |
| 17 |
# |
| 18 |
# hydra -c /usr/local/hydra |
| 19 |
|
| 20 |
# number of threads to spawn |
| 21 |
# One thread might be ok for a single CPU system, but in some systems, |
| 22 |
# performance may be increased by using a pool of 4-5 threads. |
| 23 |
Threads 4 |
| 24 |
|
| 25 |
# Maximum number of concurent connections. If connections arrive after |
| 26 |
# the given limit has been reached, then they will not be served, until |
| 27 |
# some established connections close. If you do not set it, or set it to |
| 28 |
# 0, then the default behaviour takes effect, which is to try to serve |
| 29 |
# as much connections as possible (depends on system limits). |
| 30 |
#MaxConnections 0 |
| 31 |
#MaxSSLConnections 0 |
| 32 |
|
| 33 |
# Port: The port Hydra runs on. The default port for http servers is 80. |
| 34 |
# If it is less than 1024, the server must be started as root. |
| 35 |
|
| 36 |
Port 80 |
| 37 |
|
| 38 |
# Listen: the Internet address to bind(2) to. If you leave it out, |
| 39 |
# it takes the behavior before 0.93.17.2, which is to bind to all |
| 40 |
# addresses (INADDR_ANY). You only get one "Listen" directive, |
| 41 |
# if you want service on multiple IP addresses, you have three choices: |
| 42 |
# 1. Run hydra without a "Listen" directive |
| 43 |
# a. All addresses are treated the same; makes sense if the addresses |
| 44 |
# are localhost, ppp, and eth0. |
| 45 |
# b. Use the VirtualHost directive below to point requests to different |
| 46 |
# files. Should be good for a very large number of addresses (web |
| 47 |
# hosting clients). |
| 48 |
# 2. Run one copy of hydra per IP address, each has its own configuration |
| 49 |
# with a "Listen" directive. No big deal up to a few tens of addresses. |
| 50 |
# Nice separation between clients. |
| 51 |
# The name you provide gets run through inet_aton(3), so you have to use dotted |
| 52 |
# quad notation. This configuration is too important to trust some DNS. |
| 53 |
|
| 54 |
#Listen 192.68.0.5 |
| 55 |
|
| 56 |
# User: The name or UID the server should run as. |
| 57 |
# Group: The group name or GID the server should run as. |
| 58 |
|
| 59 |
User nobody |
| 60 |
Group nogroup |
| 61 |
|
| 62 |
# ServerAdmin: The email address where server problems should be sent. |
| 63 |
# Note: this is not currently used, except as an environment variable |
| 64 |
# for CGIs. |
| 65 |
|
| 66 |
#ServerAdmin root@localhost |
| 67 |
|
| 68 |
# PidFile: where to put the pid of the process. |
| 69 |
# Comment out to write no pid file. |
| 70 |
# Note: Because Boa drops priviledges at startup, and the |
| 71 |
# pid file is written by the UID/GID before doing so, Boa |
| 72 |
# does not attempt removal of the pid file. |
| 73 |
# PidFile /var/run/hydra.pid |
| 74 |
|
| 75 |
# ErrorLog: The location of the error log file. If this does not start |
| 76 |
# with /, it is considered relative to the server root. |
| 77 |
# Set to /dev/null if you don't want errors logged. |
| 78 |
# If unset, defaults to /dev/stderr |
| 79 |
|
| 80 |
ErrorLog /var/log/hydra/error_log |
| 81 |
# Please NOTE: Sending the logs to a pipe ('|'), as shown below, |
| 82 |
# is somewhat experimental and might fail under heavy load. |
| 83 |
# "Usual libc implementations of printf will stall the whole |
| 84 |
# process if the receiving end of a pipe stops reading." |
| 85 |
#ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/hydra/error_log /var/log/hydra/error-%Y%m%d.log" |
| 86 |
|
| 87 |
# AccessLog: The location of the access log file. If this does not |
| 88 |
# start with /, it is considered relative to the server root. |
| 89 |
# Comment out or set to /dev/null (less effective) to disable |
| 90 |
# Access logging. |
| 91 |
|
| 92 |
AccessLog /var/log/hydra/access_log |
| 93 |
# Please NOTE: Sending the logs to a pipe ('|'), as shown below, |
| 94 |
# is somewhat experimental and might fail under heavy load. |
| 95 |
# "Usual libc implementations of printf will stall the whole |
| 96 |
# process if the receiving end of a pipe stops reading." |
| 97 |
#AccessLog "|/usr/sbin/cronolog --symlink=/var/log/hydra/access_log /var/log/hydra/access-%Y%m%d.log" |
| 98 |
|
| 99 |
# CGILog /var/log/hydra/cgi_log |
| 100 |
# CGILog: The location of the CGI stderr log file. If this does not |
| 101 |
# start with /, it is considered relative to the server root. |
| 102 |
# The log file would contain any contents send to /dev/stderr |
| 103 |
# by the CGI. If this is commented out, it defaults to whatever |
| 104 |
# ErrorLog points. Set to /dev/null to disable CGI stderr logging. |
| 105 |
# Please NOTE: Sending the logs to a pipe ('|'), as shown below, |
| 106 |
# is somewhat experimental and might fail under heavy load. |
| 107 |
# "Usual libc implementations of printf will stall the whole |
| 108 |
# process if the receiving end of a pipe stops reading." |
| 109 |
#CGILog "|/usr/sbin/cronolog --symlink=/var/log/hydra/cgi_log /var/log/hydra/cgi-%Y%m%d.log" |
| 110 |
|
| 111 |
# CGIumask 027 (no mask for user, read-only for group, and nothing for user) |
| 112 |
# CGIumask 027 |
| 113 |
# The CGIumask is set immediately before execution of the CGI. |
| 114 |
|
| 115 |
# UseLocaltime: Logical switch. Uncomment to use localtime |
| 116 |
# instead of UTC time |
| 117 |
#UseLocaltime |
| 118 |
|
| 119 |
# VerboseCGILogs: this is just a logical switch. |
| 120 |
# It simply notes the start and stop times of cgis in the error log |
| 121 |
# Comment out to disable. |
| 122 |
|
| 123 |
#VerboseCGILogs |
| 124 |
|
| 125 |
# ServerName: the name of this server that should be sent back to |
| 126 |
# clients if different than that returned by gethostname + gethostbyname |
| 127 |
|
| 128 |
#ServerName www.your.org.here |
| 129 |
|
| 130 |
# VirtualHost: Setup any virtual hosts (host based) |
| 131 |
# Comment out to disable. |
| 132 |
# It needs to specify the HostName, the IP (use '*' if all), |
| 133 |
# the DocumentRoot and the UserDir (if any). |
| 134 |
# UserDir is the name of the directory which is appended onto a user's home |
| 135 |
# directory if a ~user request is received. |
| 136 |
# |
| 137 |
# Example: |
| 138 |
# VirtualHost www.dot.com * /var/www public_html |
| 139 |
# VirtualHost www.dot.com 127.0.0.1 /var/www "" |
| 140 |
# |
| 141 |
|
| 142 |
#VirtualHost www.dot.com * /var/www "" |
| 143 |
|
| 144 |
# DocumentRoot: The root directory of the HTML documents. |
| 145 |
# Comment out to disable server non user files. |
| 146 |
# |
| 147 |
# Note that if VirtualHost is enabled, this will be the fallback |
| 148 |
# for the clients that did not supply any host. |
| 149 |
|
| 150 |
DocumentRoot /var/www |
| 151 |
|
| 152 |
# DirectoryIndex: Name of the file to use as a pre-written HTML |
| 153 |
# directory index. Please MAKE AND USE THESE FILES. On the |
| 154 |
# fly creation of directory indexes can be _slow_. |
| 155 |
# You can use more than one directory index by adding this |
| 156 |
# directive several times. |
| 157 |
# Comment out to always use DirectoryMaker |
| 158 |
|
| 159 |
DirectoryIndex index.html |
| 160 |
|
| 161 |
# DirectoryMaker: Name of program used to create a directory listing. |
| 162 |
# Comment out to disable directory listings. If both this and |
| 163 |
# DirectoryIndex are commented out, accessing a directory will give |
| 164 |
# an error (though accessing files in the directory are still ok). |
| 165 |
|
| 166 |
DirectoryMaker /usr/lib/hydra/boa_indexer |
| 167 |
|
| 168 |
# DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker |
| 169 |
# has been commented out, the the on-the-fly indexing of Hydra can be used |
| 170 |
# to generate indexes of directories. Be warned that the output is |
| 171 |
# extremely minimal and can cause delays when slow disks are used. |
| 172 |
# Note: The DirectoryCache must be writable by the same user/group that |
| 173 |
# Hydra runs as. |
| 174 |
|
| 175 |
# DirectoryCache /var/spool/hydra/dircache |
| 176 |
|
| 177 |
# MaxFilesCache: Number of files to keep in file cache memory |
| 178 |
# Set to 0 to disable file caching. |
| 179 |
|
| 180 |
MaxFilesCache 256 |
| 181 |
|
| 182 |
# MaxFileSizeCache: The maximum size that a file should have in order to |
| 183 |
# be added to the file cache. |
| 184 |
# Comment out, to use the default value. |
| 185 |
|
| 186 |
MaxFileSizeCache 131072 |
| 187 |
|
| 188 |
# KeepAliveMax: Number of KeepAlive requests to allow per connection |
| 189 |
# Comment out, or set to 0 to disable keepalive processing |
| 190 |
|
| 191 |
KeepAliveMax 1000 |
| 192 |
|
| 193 |
# KeepAliveTimeout: seconds to wait before keepalive connection times out |
| 194 |
|
| 195 |
KeepAliveTimeout 10 |
| 196 |
|
| 197 |
# MimeTypes: This is the file that is used to generate mime type pairs |
| 198 |
# and Content-Type fields for hydra. |
| 199 |
# Set to /dev/null if you do not want to load a mime types file. |
| 200 |
# Do *not* comment out (better use AddType!) |
| 201 |
|
| 202 |
MimeTypes /etc/mime.types |
| 203 |
|
| 204 |
# DefaultType: MIME type used if the file extension is unknown, or there |
| 205 |
# is no file extension. |
| 206 |
|
| 207 |
DefaultType text/plain |
| 208 |
|
| 209 |
# DefaultCharset: The default character set used in text MIME types. |
| 210 |
|
| 211 |
DefaultCharset ISO-8859-1 |
| 212 |
|
| 213 |
# CGIPath: The value of the $PATH environment variable given to CGI progs. |
| 214 |
|
| 215 |
CGIPath /bin:/usr/bin:/usr/local/bin |
| 216 |
|
| 217 |
# SinglePostLimit: The maximum allowable number of bytes in |
| 218 |
# a single POST. Default is normally 1MB. |
| 219 |
|
| 220 |
# AddType: adds types without editing mime.types |
| 221 |
# Example: AddType type extension [extension ...] |
| 222 |
|
| 223 |
# Uncomment the next line if you want .cgi files to execute from anywhere |
| 224 |
#AddType application/x-httpd-cgi cgi |
| 225 |
|
| 226 |
|
| 227 |
# Uncomment the following lines if you want .php files to execute from |
| 228 |
# anywhere, using the HIC (internally handled CGI). This is much faster |
| 229 |
# than CGIs, since it is handled internally by the server (no fork). |
| 230 |
|
| 231 |
# Use this if you have enabled HIC support, and you have compiled |
| 232 |
# PHP as a Hydra (HIC) module. |
| 233 |
#HICModule /usr/lib/libphp4.so "_php" "application/x-httpd-php" |
| 234 |
|
| 235 |
|
| 236 |
# Use this if you want CGIs to execute from anywhere, using the CGIAction. |
| 237 |
# This will not try to execute the given scripts, but will associate the |
| 238 |
# content type with the given executable. |
| 239 |
#CGIAction "/usr/bin/php4" "application/x-httpd-php" |
| 240 |
|
| 241 |
|
| 242 |
# You may also need these: |
| 243 |
#AddType application/x-httpd-php php |
| 244 |
#AddType application/x-httpd-php phtml |
| 245 |
|
| 246 |
# number of HIC threads to spawn |
| 247 |
# A HIC thread handles requests one after the other. Having several HIC threads |
| 248 |
# increases performance in servers that serve a lot of dynamic content. |
| 249 |
HICThreads 3 |
| 250 |
|
| 251 |
# Redirect, Alias, and ScriptAlias all have the same semantics -- they |
| 252 |
# match the beginning of a request and take appropriate action. Use |
| 253 |
# Redirect for other servers, Alias for the same server, and ScriptAlias |
| 254 |
# to enable directories for script execution. |
| 255 |
|
| 256 |
# The first argument of Redirect and friends is the virtual server hostname, |
| 257 |
# and the directive only applies to the given virtual server. If the directive |
| 258 |
# equals "" then the default server is assumed. |
| 259 |
|
| 260 |
# Redirect allows you to tell clients about documents which used to exist in |
| 261 |
# your server's namespace, but do not anymore. This allows you to tell the |
| 262 |
# clients where to look for the relocated document. |
| 263 |
# Example: Redirect www.ourhost.com /bar http://elsewhere/feh/bar |
| 264 |
|
| 265 |
# Aliases: Aliases one path to another. |
| 266 |
# Example: Alias www.ourhost.com /path1/bar /absolute/path2/foo |
| 267 |
|
| 268 |
#Alias www.localhost.com /doc /usr/doc |
| 269 |
|
| 270 |
# ScriptAlias: Maps a virtual path to a directory for serving scripts |
| 271 |
# Example: ScriptAlias www.ourhost.com /htbin/ /www/htbin/ |
| 272 |
|
| 273 |
#ScriptAlias www.localhost.com /cgi-bin/ /usr/lib/cgi-bin/ |
| 274 |
|
| 275 |
# An interval, that hydra will be entered in maintenance mode. This |
| 276 |
# includes an SSL parameter regeneration, and closing of unused |
| 277 |
# open files. This does not involve any downtime. Set to 0 to disable. |
| 278 |
MaintenanceInterval 172800 #two days |
| 279 |
|
| 280 |
# Access Control lists per virtual host |
| 281 |
# These two directives (Allow/Deny), allow you to specify file |
| 282 |
# patterns that will be denied or allowed access. The first argument |
| 283 |
# of these directives is a virtual host. |
| 284 |
|
| 285 |
# deny all files that start with a dot in the default host |
| 286 |
#Deny "" */.* |
| 287 |
|
| 288 |
# deny all the files that finish with '.inc' in www.localhost.com virtual |
| 289 |
# host, but allow access to the public.inc. |
| 290 |
#Deny "www.localhost.com" */*.inc |
| 291 |
#Allow "www.localhost.com" */public.inc |
| 292 |
|
| 293 |
# non zero enables SSL support |
| 294 |
# 0: no SSL support |
| 295 |
# 1: only SSL support |
| 296 |
# 2: both SSL and non SSL ports |
| 297 |
SSL 0 |
| 298 |
|
| 299 |
# The port where the SSL server will listen on |
| 300 |
SSLPort 4443 |
| 301 |
|
| 302 |
# read the certificate from |
| 303 |
SSLCertificate cert.pem |
| 304 |
|
| 305 |
# read the private key from |
| 306 |
SSLKey key.pem |
| 307 |
|
| 308 |
# read the trusted CA list from |
| 309 |
SSLCAList ca.pem |
| 310 |
|
| 311 |
# Whether to verify client. Use 0, or comment out to disable. |
| 312 |
# 1 means request a certificate, and verify if a certificate is sent. |
| 313 |
# 2 means require a certificate and verify. |
| 314 |
# 3 means request a certificate and try to verify. Do not fail if the verification |
| 315 |
# function failed. This is may be useful in CGIs that want to print some error message. |
| 316 |
SSLVerifyClient 3 |
| 317 |
|
| 318 |
# Number of sessions to cache. This is to support session resuming. |
| 319 |
# Set to 0 to disable. |
| 320 |
SSLSessionCache 40 |
| 321 |
|
| 322 |
# After this time (in seconds) has passed, the stored SSL sessions |
| 323 |
# will be expired, and will not be resumed. |
| 324 |
SSLSessionTimeout 3600 #one hour |
| 325 |
|
| 326 |
# Set the prime bits used in Diffie Hellman authentication. The parameters |
| 327 |
# are only generated if the DHE ciphersuites are enabled. |
| 328 |
# Value should be one of 768, 1024, 2048, 4096 |
| 329 |
SSLDHBits 768 |
| 330 |
|
| 331 |
|
| 332 |
# A comma separated list of the SSL ciphers. Valid selections are: |
| 333 |
# ARCFOUR-128, ARCFOUR-40, 3DES, AES |
| 334 |
# Note that ARCFOUR-40 is a weak algorithm. |
| 335 |
SSLCiphers "AES, 3DES, ARCFOUR-128, ARCFOUR-40" |
| 336 |
|
| 337 |
# A comma separated list of the SSL key exchange methods. Valid selections |
| 338 |
# are: RSA, DHE-RSA, DHE-DSS, RSA-EXPORT |
| 339 |
# DHE-DSS can only be used with certificates that hold DSA parameters. |
| 340 |
# Note that RSA-EXPORT is a weak algorithm. |
| 341 |
SSLKeyExchangeAlgorithms "RSA, RSA-EXPORT" |
| 342 |
|
| 343 |
# This one is by default more secure (offers forward secrecy), |
| 344 |
# but more expensive in CPU time. |
| 345 |
#SSLKeyExchangeAlgorithms "DHE-RSA, DHE-DSS, RSA, RSA-EXPORT" |
| 346 |
|
| 347 |
# A comma separated list of the SSL MAC algorithms. Valid selections |
| 348 |
# are: MD5, SHA1 |
| 349 |
SSLMACAlgorithms "SHA1, MD5" |
| 350 |
|
| 351 |
# A comma separated list of the SSL compression methods. Valid selections |
| 352 |
# are: NULL |
| 353 |
SSLCompressionMethods "NULL" |
| 354 |
|
| 355 |
# A comma separated list of the SSL protocol versions. Valid selections |
| 356 |
# are: TLS1.0 and SSL3.0 |
| 357 |
SSLProtocols "TLS1.0, SSL3.0" |
Parent Directory
| 
Revision Log