To tune the Apache web server, it is really important that you understand the structure of its configuration files. The basic element of the configuration files is a directive. Directives group a set of options so they apply only to a specific item. For example, in Listing 22-2, you can see the directive that is created to specify the options for the directory where the web server starts looking for its documents, the so-called document root. Note that this document root is important, because all other filenames and directory names are related to this document root. This configuration comes from the default-server.conf configuration file. Note that to increase the readability, I have removed all the comment lines from the example file.
Listing 22-2. Specification of the Document Root in default-server.conf
DocumentRoot "/srv/www/htdocs" <Directory "/srv/www/htdocs"> Options None AllowOverride None Order allow,deny Allow from all </Directory>
This example first starts with the specification of DocumentRoot. Next, for this directory, a directive specifies its options. Note that the directive starts with the line <Directory "/srv/www/htdocs">, and it ends with </Directory>. This is a generic rule for creating directives; if it starts with
<Something>, it should close with </Something>. When tuning directives by hand, don't forget this closing statement! Between the start and the end of the directive, you can see its options. The first option, Options None, indicates that no specific options are applied to this directory. Next, the option AllowOverride None makes sure it is impossible to override the settings made here at a lower level in the directory structure. Without this option, a user can activate their own settings by creating a file with the name .htaccess in any subdirectory of the document root. If that file exists and AllowOverride None doesn't, the settings from that file will be applied.
Next, the Order allow,deny part indicates that allow statements must be evaluated first and only then the server should check to see whether anything is denied. This is what you would typically want for a nonsecured directory. Then the statement Allow from all confirms that this server is open to anyone; it grants access to this directory to all, which in most cases is rather reasonable for a document root. Directives for other directories look a lot like this, although some directories may have some specific options. For example, the directory cgi-bin, which refers to the location of the CGI scripts that your server can execute, may require some additional options that make sure no insecure scripts can be executed.
Was this article helpful?