httpd.site.conf(4) (Sun WebServer Command Reference)

Sun WebServer Command Reference

httpd.site.conf(4)

NAME

httpd.site.conf- Site instance configuration file.

SYNOPSIS

site-path/conf/site_name.site.conf

DESCRIPTION

The site instance configuration file contains directives that define the site's runtime behavior, and defines the identity and server resources used by a web site hosted by the server instance. This file defines properties such as the web site's canonical host name and aliases, the location of the configuration file, and the network connections available to the web site. It also defines the servlet engine settings for the web site. The location of httpd.site.conf is determined by the site_config directive in httpd.conf.

Syntax

The following syntax rules apply to the httpd.site.conf file:

The pound sign (#) is a comment character. All characters from a # to the end of a line are ignored
White space is ignored in directive definitions.
Some directives accept a list of values. Separate multiple values by white space. If more than one line is required to list all values, escape all but the last newline with a backslash (\) at the end of the line.
Any value may optionally be enclosed in double quotes (").
All directives are grouped in blocks surrounded by curly braces ({ and }). Any amount of white space, newlines, or directive definitions may appear between an opening curly brace and its matching close, including directive blocks that also use matched curly braces to contain a definition.

The overall format of the file is a list of directives.

See the Extended Description for the syntax of all valid directives in each division.

EXTENDED DESCRIPTION

Directives

access_file

Specifies the file in which the server will look for ACLs for each web site hosted by the server instance. The default is site_path/conf/access.conf.

afp_enable yes | no

Enables Microsoft FrontPage support.

cache_control public | private | no_cache

Sets the caching policy used by intermediate caching proxies. The "public" setting allows the cache to be shared with other proxies. The "private" setting allows the files to be cached, but the cache can not be shared with other proxies. The "no_cache" setting does not allow the cache to be shared with other proxies. The default is "public."

cgi_dns_enable yes | no

Enables or disables the REMOTE_HOST CGI environment variable to be set and to be available to CGI scripts. REMOTE_HOST requires a DNS lookup of the IP address (REMOTE_ADDR) of the resource making the CGI request. Since DNS lookups can be resource consuming, allowing such DNS lookups can slow performance, especially on a server that uses extensive CGI. The default is no.

cgi_enable yes | no

Enables or disables the authority to execute CGI scripts for the host defined by the url {} block. If enabled, resources in the CGI directory can be accessed through URLs of the form http://hostname/cgi-bin/ and executed as CGI scripts. If enabled and cgi_suffix_enable is also enabled, then any file with .cgi extension can be executed as a CGI script. Individual sites can override this server setting. The default is no.

cgi_error_log_cycle_time minutes

Sets the maximum age, in minutes, for CGI error log files for the current host. If a CGI error log is older than the number of cgi_error_log_cycle_time minutes, then a new request log file is started with an incremented sequence number. If a log file contains no entries, then no new log file will be generated regardless of how much time has passed. Default is 1440 minutes (1 day).

cgi_error_log_enable yes | no

Enables or disables CGI script error logging. The default is no.

cgi_error_log_max_files integer

Sets the maximum number of CGI error log files that Sun^TM WebServer^TM will keep for this host. Log files end with a sequence number suffix which is incremented when a new log file is created. If the sequence goes beyond cgi_error_log_max_files, it is reset to 1 and the first CGI error log file is overwritten. This prevents the number of log files from growing without limit. Set cgi_error_log_max_files to "-1" to have no limit on the number of log files. Default is 7 files.

cgi_error_log_max_file_size bytes

Sets the maximum file size, in bytes, for CGI error log files for the current host. If a CGI error log exceeds cgi_error_log_max_file_size, a new log file is started with an incremented sequence number. Default is 1048576 bytes (1 MB).

cgi_error_log_prefix prefix

Sets the directory and log file name prefix for CGI script error logs for a given host. The string must have an absolute path name followed by the prefix that will be used for this host's log files. Separate virtual hosts must have different prefix names so that there is no conflict in writing to the logs. Each host's log files will have a name in the form:

<absolute pathname>/prefix.<sequence>

For example, /var/http/logs/http.2. Sequence is incremented and a new file created whenever cgi_error_log_cycle_time or cgi_error_log_max_file_size is reached. If a log file contains no entries, then no new log file will be generated regardless of how much time has passed. Default is "error_log".

cgi_suffix_enable yes | no

Allows or disallows any file with a .cgi extension to be executed as a CGI script. This can allow users to create CGI without having access to /cgi-bin, and the Sun WebServer administrator has no control over what CGI the server is executing. This is a potential security risk, so consider what potential .cgi files may be put on your system before enabling this feature. Enabling both user_doc_enable and cgi_suffix_enable is generally risky since it allows any user to execute arbitrary .cgi files through Sun WebServer. Default is "no".

cgi_user username

Sets the user name that will be used to run CGI scripts. By setting the cgi_user, you can control which files and services CGI scripts can affect. The cgi_user must have execute permission for scripts in a host's /cgi-bin directory. Default is "nobody".

content_file relative_path

Specifies the path to the file containing the content for meta data. Path is relative to site_path. Default is "content.conf".

content_digest yes | no

Allows or disallows MD5 checksum to be sent with the response entity. Default is "no".

default_file file [[file]]...

Sets the name of the file Sun WebServer will look for in a directory when a URL request does not name a specific file. For example, if the URL request is for http://hostname/, Sun WebServer will look at the top directory of hostname's doc_root for a file named default_file.

If default_file does not appear in the configuration file, then "index.html" is used. If default_file is " ", then no default file is used. If multiple files are specified, then the files are used in the specified order.

If no file matching the values for default_file is found, the directory contents will be listed, subject to the value of directory_listing.

The built in server-wide default is "index.html". The listings are in order of preference.

directory_listing fancy | simple | off

Specifies how the contents of directories will be listed if no file matching default_file is found in the directory.

fancy: Displays directory contents with each name as a hyperlink to the file, icons matching each file's type, and file size and date information. The icons used and the association of icons to file suffixes is configurable.
simple: Displays only each file name as a hyperlink to the file itself.
off: Disables displaying directory contents; a HTTP "404 Not Found" error is returned to the client instead.

The built-in server-wide default is "fancy".

doc_root relative_path

Sets the top-level directory available to the host for serving WWW documents. Except for special cases (such as /cgi-bin and users' personal directories), Sun WebServer will only have access to the file system at the doc_root and its subdirectories. This must be set for every host, but it does not have to be unique. You should create a new doc_root for your site. The default is "/var/http/demo/public". Path is relative to site_path.

error_document <http error code< <url>

Allows customized error messages to be returned to the client. Any valid URL, including CGI scripts, may be returned, so you have flexibility in what information you want to give clients when an error occurs. When an HTTP error code is returned, Sun WebServer will return an HTTP "302: Document Moved" header with a Location: header indicating the file to which the error has been remapped. Most clients will automatically fetch the URL named by the Location: header. You can redirect the following HTTP error codes:

400 - Bad Request (Remapped by default host only)
403 - Forbidden
404 - Not Found
412 - Precondition Failed
500 - Server Error
501 - Not Implemented
503 - Service Unavailable

The destination URL can be relative to the current or default host if it begins with a (/). Otherwise, an absolute URL must be specified. The following examples show a relative and absolute URL, respectively:

error_document "503"
"/cgi-bin/error.pl?503"
error_document "500"
"http://www2.A.com/mirror/"

Note -

The path to which you remap 404 errors must be available in the document root. You can not redirect 404 errors to aliased directories.

icon_add alt_text bitmap_URI file_type[[ file_type]]...

special cases of alt_text = UP | DIR and file_type = ".." or "/"

Allows association of a file extension with an icon file. The icon will be used to represent all files with the extension in fancy directory listings. icon_add can also change a default association or assign icons to file types not covered in the default set; for example, you may want to use your own icons to represent basic types.

alt text: Specifies a string that will be used instead of an icon in text-only browsers. For example, "GIF".
URI path to bitmap: Specifies a URI path relative to the default host (in the server {} block) or the host named by the current url {} block. For example, "/icons/binary.xbm".
file suffix(es) | content type(s): Specifies a string of one or more file extensions or content type definitions that will use the icon in "fancy" directory listings. For example, "jpg jpeg JPG image/jpeg" assigns the icon to all files ending in .jpg, .jpeg, and .JPG or files with a MIME type of image/jpeg.

In addition to file suffixes, you can customize the icon used for "parent directory" (../) and "subdirectory" by specifying "UP" or "DIR" as the alt text.

icon_default bitmap_URI

Sets the icon used for files with extensions that do not have a defined icon type. The path to the bit map file must begin with a (/), and it is relative to the default host or the host defined by the current url {} block.

log_cycle_time minutes

Sets the maximum age, in minutes, for request log files for the current host. If a request log is older than the number of log_cycle_time minutes, then a new request log file is started with an incremented sequence number. If a log file contains no entries, then no new log file will be generated regardless of how much time has passed. Default is 1440 minutes (1 day).

log_max_files integer

Sets the maximum number of request log files that Sun WebServer will keep for this host. Log files end with a sequence number suffix which is incremented when a new log file is created. If the sequence goes beyond log_max_files, it is reset to 1 and the first request log file is overwritten. This prevents the number of log files from growing without limit. Set log_max_files to "-1" to have no limit on the number of log files. Default is 7 files.

log_max_size bytes

Sets the maximum file size, in bytes, for request log files for the current host. If a request log exceeds log_max_size, a new log file is started with an incremented sequence number. Default is 1048576 bytes (1 MB).

log_prefix absolute_path/prefix

Sets the directory and log file name prefix for request logs for a given host. The string must have an absolute path name followed by the prefix that will be used for this host's log files. Separate virtual hosts must have different prefix names so that there is no conflict in writing to the logs. Each host's log files will have a name in the form:

<absolute pathname>/prefix.<log_type>.<sequence>

For example, /var/http/logs/http.elf.2. Sequence is incremented and a new file created whenever log_cycle_time or log_max_size is reached. If a log file contains no entries, then no new log file will be generated regardless of how much time has passed. Default is"var/http/logs/http".

log_translate_ip_address yes | no

Determines whether a given virtual host logs its IP address or DNS name into its log files. Default is "no" and the IP address is logged.

log_type none | clf | elf | eclf

Sets the format for a host's request logs. Valid parameters are:

none: Disallows logging performed for this host.
clf: Logs in common log file format, a format widely used by servers and analysis tools.
elf: Logs in extended log file format.
eclf: Logs in extended common log file format, provides more fields than common log format.

If log_type is not "none", then log_prefix must be set. Default is "elf".

map_file filename

Creates an alias to a path on the file system or a redirection to a remote URL from a URI on the host. The URI token that is redirected does not have to correspond to any actual resource. A directory alias can also specify "CGI" as a class token, and all files in the directory and its subdirectories will be treated as CGI scripts. Typically, each host has a map directive to define the location of /cgi-bin. An example of aliasing the /cgi-bin directory is map "/cgi-bin" "/var/http/www/cgi/" CGI If the class is "REMOTE" map assumes the second parameter is a URL. A URL can begin with a "/" to denote a URI path on the same host, or it can be a fully defined URL in the form protocol://hostname:port/URI-path. When there is a request for a redirected URL, Sun WebServer returns an HTTP "302 Moved Temporarily" with a Location: header containing the new URL. Most clients will automatically fetch the new URL instead of displaying the error message. For example, to redirect requests for a file to another server: map "/file/archive.html" "http://www.A.com/archives/" "REMOTE" If map has only one parameter, it disables any redirects or aliases for that token (for example, if you want a server-wide alias to be disabled on a particular host).

Path is relative to site_path. Default is "map.conf".

mime_default_type type/subtype

Sets the MIME type that will be used for files whose extension do not match any other MIME type. The default is "text/html".

mime_file relative_path

Contains the default MIME types definitions used for the server host. Path is relative to site_path. Default is "mime.types". The order in which Sun WebServer will attempt to match a file with a MIME type is as follows:

Check any host-specific mime_add definitions.
Check any mime_add and mime_file definitions in the server {} block.
If none of the above produces a MIME type for the file, the mime_default_type is used. Entries in the mime_file have the form:

<type>/<subtype><file suffix(es)>

For example: text/html html htm The default server-wide mime_file is /etc/http/mime.types.

publish_enable yes | no

Allows or disallows puts and deletes. The default is "no".

realm_file path

Specifies path to realm file relative to site_path. Default is "realms.conf".

se_enable yes | no

Enables or disables the servlet engine. The default is "no".

servlet_token URI path

Specifies the token which characterizes the request as a servlet request. Default is "/servlet".

ssi_enable yes | no

Enables or disables the ability to use server-side include statements in .shtml files. May be set differently for each virtual host on the server. Default is "no".

ssi_exec yes | no

Enables or disables the ability to use #exec server-side include directive. #exec will execute shell commands or CGI scripts, which may pose security risks and/or slow performance. Default is "no".

ssi_xbithack string

Specifies SSI file suffix. Default is ".shtml".

ssi_suffix full | on | off

Allows any file in the document root with its executable bit set to be treated as a server-parsed HTML file. ssi_suffix can be "full" or "on" only if ssi_enable is "yes". If "full", Sun WebServer treats any file with the user or group executable bit set as server-parsed HTML, and it sends the file's Last-Modified time in the HTTP header if the user executable bit is set. If "on", Sun WebServer only treats files with the user's executable bit set as server-parsed HTML. Default is "off".

Note -

If cgi_suffix_enable is also enabled, Sun WebServer will check to see if an executable file is a CGI script before parsing it for server-side includes.

symlink_follow yes | no

Follows or ignores symbolic links in the filesystem. Ignoring symbolic links may cause a performance loss as the filename and each directory in the path of a requested resource must be checked to make sure there are no symbolic links. Following symbolic links may be a security risk because a symbolic link can potentially point to a file that is outside of the doc_root. A symbolic link to a sensitive file (such as /etc/passwd) can only be made by someone with write access to the file, so the security risk is often small and easily managed by controlling who has access to the document root. Default is "yes".

user_doc_enable yes | no

Allows or disallows UNIX users to create personal HTML directories in their home directories. Default is "no".

See the NOTESNOTES section for information on user directories in a Solaris for ISPs environment.

user_doc_root relative_path

Sets the directory name users can create in their home directories for personal HTML files. When a request comes in for //server/~username/, Sun WebServer will look for files in ~username/<user_doc_root>/. Enables access. Default is "public_html".

See the NOTESNOTES section for information on user directories in a Solaris for ISPs environment.

user_doc_source source

Specifies the source of user information for user document directories if user_doc_enable is "yes." In most cases, the only valid value is UNIXSYS, and users are defined through the operating system (for example, in /etc/passwd or NIS).

In Solaris for ISPs, if virtual FTP servers have been defined in Sun Directory Services, you may set this to ISP. User information will be taken from the directory server, and the value of a user's ispContentDirectory will be used.

See the NOTESNOTES section for information on user directories in a Solaris for ISPs environment.

servlet_engine{} Directives

Specifies parameters of the servlet engine

chaining_enable yes | no

Enables or disables servlet chaining. This enables the servlet engine to run a sequence of servlets in a specified order to fulfil one single servlet request. Host administrators can specify a chain of servlets to be executed sequentially. Default is "yes".

dynamic_linking_enable all | local | remote | none

Allows the specified servlets access to dynamic libraries. Default is "local".

file_access_enable all | local | remote | none relative_path

Allows specified servlets to have access to file resources. e.g. read/write a file on local disk. Default is "local".

network_access_enable all | local | remote | none

Allows specified servlets to have access to network resources e.g. open a socket. Default is "local".

reload_enable yes | no

Allows or disallows the servlets to reload. If the servlet classfile changes, a servlet instance (reflecting the changes) can be reloaded. Reloading can be performed by either the server or the host administrator, depending on whether the hosts are sharing a servlet engine instance. The default is "yes".

remote_enable yes | no

Enables or disables remote servlets. Enabling remote servlets allows the servlets from remote sites to be loaded by the server. The default is "yes".

properties_file relative_path

Path to "servlets.properties". Each servlet engine instance can have a list of preloaded servlets that it wishes to load and initialize as soon as the server starts. This list is specified in a servlet properties file. Path can be either absolute or relative to site_path.

servlets_path absolute_path

Specifies the path to all loadable local servlets. This is a colon separated list of directories and jar files where the servlet engine will look for servlets (e.g. /directory/directory:/directory/directory). Default is "site_path/servlets".

se_log_enable yes | no

Enables or disables the servlet error logging. The default is "no".

se_log_cycle_time minutes

Sets the maximum age, in minutes, for servlet error log files for the current host. If a servlet error log is older than the number of se_log_cycle_time minutes, then a new servlet error log file is started with an incremented sequence number. If a log file contains no entries, then no new log file will be generated regardless of how much time has passed. Default is 1440 minutes (1 day).

se_log_max_files integer

Sets the maximum number of servlet error log files that Sun WebServer will keep for this host. Log files end with a sequence number suffix which is incremented when a new log file is created. If the sequence goes beyond se_log_max_files, it is reset to 1 and the first servlet error log file is overwritten. This prevents the number of log files from growing without limit. Set se_log_max_files to "-1" to have no limit on the number of log files. Default is 7 files.

se_log_max_file_size bytes

Sets the maximum file size, in bytes, for servlet error log files for the current host. If a servlet error log exceeds se_log_max_size, a new log file is started with an incremented sequence number. Default is 1048576 bytes (1 MB).

se_log_prefix absolute_path/prefix

Sets the directory and log file name prefix for servlet error logs for a given host. The string must have an absolute pathname followed by the prefix that will be used for this host's log files. Separate virtual hosts must have different prefix names so that there is no conflict in writing to the logs. Each of a hosts log files will have a name in the form:

<absolute pathname>/prefix.<sequence>

For example, site_path/logs/se_logs/http.2. Sequence is incremented and a new file created whenever se_log_cycle_time or se_log_max_file_size is reached. If a log file contains no entries, then no new log file will be generated regardless of how much time has passed. Default is "/var/http/logs/se_logs".

security_access_enable all | local | remote | none absolute_path/prefix

Allows the specified servlets to have access to security resources, e.g. classLoaders. Default is "none".

system_access_enable all | local | remote | none

Allows or disallows the specified servlets to have access to system resources, e.g. call System.Exec(). Default is "local".

EXAMPLES

Example 1

A sample web site configuration file with an enabled servlet engine:

#
# Copyright (c) 1998, by Sun Microsystems, Inc.
# All rights reserved.
#
# Sun WebServer Site Configuration 

url  {
    doc_root    /var/http/sws_server/websites/www.A.com/public
    log_type    eclf
    user_doc_enable     yes

    map_file            conf/map.conf
    realm_file          conf/realms.conf
    access_file         conf/access.conf
    content_file        conf/content.conf

    # If you need more than the global mime types in 
    # /etc/http/mime.types, create this file:
    #
    # mime_file         conf/mime.types

    se_enable                     yes 
    servlet_token                 "/servlet/"
    servlet_engine {
        properties_file        /var/http/sws_server/websites/www.A.com/conf/servlets.properties
        servlets_path          //var/http/sws_server/websites/www.A.com/servlets/
        se_log_prefix          "/var/http/logs/A.com_se_log"
        se_log_enable          yes
        se_log_max_files       7
        se_log_max_file_size   1048576
        se_log_cycle_time      1440 

        reload_enable          yes
        remote_enable          yes
        chaining_enable        yes
        network_access_enable         local
        file_access_enable            local
        dynamic_linking_enable        local
        system_access_enable          local 
        security_access_enable        local
    }
}

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWhttp
Interface Stability	Evolving

NOTES

In a Solaris for ISPs environment, user information (including user content directories) can be accessed through LDAP and Sun Directory Services.

To use LDAP for user content directories, a virtual FTP site matching the Sun WebServer web site (virtual host) must exist in the Directory Services. Refer to the Sun^TM Internet FTP Server 1.0 online help for information on creating virtual FTP sites.

If user_doc_source is set to "ISP," Sun WebServer will attempt to map ~user URLs to the value of ispContentDirectory in Sun Directory Services.

The ispContentDirectory is relative to the ispRootDirectory defined in the ispService entry for a virtual FTP site. The file system directory must be readable and writeable by either the uidNumber or gidNumber defined in a subscriber's entry in the directory service.

Sun WebServer 2.0 Last Revised 17 July 1998

httpd.site.conf(4)

NAME

SYNOPSIS

DESCRIPTION

Syntax

EXTENDED DESCRIPTION

Directives

servlet_engine{} Directives

EXAMPLES

Example 1

ATTRIBUTES

SEE ALSO

NOTES