Apache attack

Similar Messages

• Apache + php blank page (again)

  Hey, i got problems with php and apache, its just that when i have PHP enabled, apache aint serving me anything, i checked permissions, triple checked all my configs and i still cant find the mistake, i also searched this board but nothing helped me, below youll find my php.ini and httpd.conf, thanks in advance
  PS: my dir for files is /data/www
  [PHP]
  ; About php.ini ;
  ; This file controls many aspects of PHP's behavior. In order for PHP to
  ; read it, it must be named 'php.ini'. PHP looks for it in the current
  ; working directory, in the path designated by the environment variable
  ; PHPRC, and in the path that was defined in compile time (in that order).
  ; The path in which the php.ini file is looked for can be overridden using
  ; the -c argument in command line mode.
  ; The syntax of the file is extremely simple. Whitespace and Lines
  ; beginning with a semicolon are silently ignored (as you probably guessed).
  ; Section headers (e.g. [Foo]) are also silently ignored, even though
  ; they might mean something in the future.
  ; Directives are specified using the following syntax:
  ; directive = value
  ; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
  ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
  ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
  ; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo").
  ; Expressions in the INI file are limited to bitwise operators and parentheses:
  ; | bitwise OR
  ; & bitwise AND
  ; ~ bitwise NOT
  ; ! boolean NOT
  ; Boolean flags can be turned on using the values 1, On, True or Yes.
  ; They can be turned off using the values 0, Off, False or No.
  ; An empty string can be denoted by simply not writing anything after the equal
  ; sign, or by using the None keyword:
  ; foo = ; sets foo to an empty string
  ; foo = none ; sets foo to an empty string
  ; foo = "none" ; sets foo to the string 'none'
  ; If you use constants in your value, and these constants belong to a
  ; dynamically loaded extension (either a PHP extension or a Zend extension),
  ; you may only use these constants *after* the line that loads the extension.
  ; About this file ;
  ; This is the recommended, PHP 5-style version of the php.ini-dist file. It
  ; sets some non standard settings, that make PHP more efficient, more secure,
  ; and encourage cleaner coding.
  ; The price is that with these settings, PHP may be incompatible with some
  ; applications, and sometimes, more difficult to develop with. Using this
  ; file is warmly recommended for production sites. As all of the changes from
  ; the standard settings are thoroughly documented, you can go over each one,
  ; and decide whether you want to use it or not.
  ; For general information about the php.ini file, please consult the php.ini-dist
  ; file, included in your PHP distribution.
  ; This file is different from the php.ini-dist file in the fact that it features
  ; different values for several directives, in order to improve performance, while
  ; possibly breaking compatibility with the standard out-of-the-box behavior of
  ; PHP. Please make sure you read what's different, and modify your scripts
  ; accordingly, if you decide to use this file instead.
  ; - register_long_arrays = Off [Performance]
  ; Disables registration of the older (and deprecated) long predefined array
  ; variables ($HTTP_*_VARS). Instead, use the superglobals that were
  ; introduced in PHP 4.1.0
  ; - display_errors = Off [Security]
  ; With this directive set to off, errors that occur during the execution of
  ; scripts will no longer be displayed as a part of the script output, and thus,
  ; will no longer be exposed to remote users. With some errors, the error message
  ; content may expose information about your script, web server, or database
  ; server that may be exploitable for hacking. Production sites should have this
  ; directive set to off.
  ; - log_errors = On [Security]
  ; This directive complements the above one. Any errors that occur during the
  ; execution of your script will be logged (typically, to your server's error log,
  ; but can be configured in several ways). Along with setting display_errors to off,
  ; this setup gives you the ability to fully understand what may have gone wrong,
  ; without exposing any sensitive information to remote users.
  ; - output_buffering = 4096 [Performance]
  ; Set a 4KB output buffer. Enabling output buffering typically results in less
  ; writes, and sometimes less packets sent on the wire, which can often lead to
  ; better performance. The gain this directive actually yields greatly depends
  ; on which Web server you're working with, and what kind of scripts you're using.
  ; - register_argc_argv = Off [Performance]
  ; Disables registration of the somewhat redundant $argv and $argc global
  ; variables.
  ; - magic_quotes_gpc = Off [Performance]
  ; Input data is no longer escaped with slashes so that it can be sent into
  ; SQL databases without further manipulation. Instead, you should use the
  ; database vendor specific escape string function on each input element you
  ; wish to send to a database.
  ; - variables_order = "GPCS" [Performance]
  ; The environment variables are not hashed into the $_ENV. To access
  ; environment variables, you can use getenv() instead.
  ; - error_reporting = E_ALL [Code Cleanliness, Security(?)]
  ; By default, PHP suppresses errors of type E_NOTICE. These error messages
  ; are emitted for non-critical errors, but that could be a symptom of a bigger
  ; problem. Most notably, this will cause error messages about the use
  ; of uninitialized variables to be displayed.
  ; - allow_call_time_pass_reference = Off [Code cleanliness]
  ; It's not possible to decide to force a variable to be passed by reference
  ; when calling a function. The PHP 4 style to do this is by making the
  ; function require the relevant argument by reference.
  ; - short_open_tag = Off [Portability]
  ; Using short tags is discouraged when developing code meant for redistribution
  ; since short tags may not be supported on the target server.
  ; Language Options ;
  ; Enable the PHP scripting language engine under Apache.
  engine = On
  ; Enable compatibility mode with Zend Engine 1 (PHP 4.x)
  zend.ze1_compatibility_mode = Off
  ; Allow the <? tag. Otherwise, only <?php and <script> tags are recognized.
  ; NOTE: Using short tags should be avoided when developing applications or
  ; libraries that are meant for redistribution, or deployment on PHP
  ; servers which are not under your control, because short tags may not
  ; be supported on the target server. For portable, redistributable code,
  ; be sure not to use short tags.
  short_open_tag = Off
  ; Allow ASP-style <% %> tags.
  asp_tags = Off
  ; The number of significant digits displayed in floating point numbers.
  precision = 14
  ; Enforce year 2000 compliance (will cause problems with non-compliant browsers)
  y2k_compliance = On
  ; Output buffering allows you to send header lines (including cookies) even
  ; after you send body content, at the price of slowing PHP's output layer a
  ; bit. You can enable output buffering during runtime by calling the output
  ; buffering functions. You can also enable output buffering for all files by
  ; setting this directive to On. If you wish to limit the size of the buffer
  ; to a certain size - you can use a maximum number of bytes instead of 'On', as
  ; a value for this directive (e.g., output_buffering=4096).
  output_buffering = 4096
  ; You can redirect all of the output of your scripts to a function. For
  ; example, if you set output_handler to "mb_output_handler", character
  ; encoding will be transparently converted to the specified encoding.
  ; Setting any output handler automatically turns on output buffering.
  ; Note: People who wrote portable scripts should not depend on this ini
  ; directive. Instead, explicitly set the output handler using ob_start().
  ; Using this ini directive may cause problems unless you know what script
  ; is doing.
  ; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
  ; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
  ; Note: output_handler must be empty if this is set 'On' !!!!
  ; Instead you must use zlib.output_handler.
  ;output_handler =
  ; Transparent output compression using the zlib library
  ; Valid values for this option are 'off', 'on', or a specific buffer size
  ; to be used for compression (default is 4KB)
  ; Note: Resulting chunk size may vary due to nature of compression. PHP
  ; outputs chunks that are few hundreds bytes each as a result of
  ; compression. If you prefer a larger chunk size for better
  ; performance, enable output_buffering in addition.
  ; Note: You need to use zlib.output_handler instead of the standard
  ; output_handler, or otherwise the output will be corrupted.
  zlib.output_compression = Off
  ;zlib.output_compression_level = -1
  ; You cannot specify additional output handlers if zlib.output_compression
  ; is activated here. This setting does the same as output_handler but in
  ; a different order.
  ;zlib.output_handler =
  ; Implicit flush tells PHP to tell the output layer to flush itself
  ; automatically after every output block. This is equivalent to calling the
  ; PHP function flush() after each and every call to print() or echo() and each
  ; and every HTML block. Turning this option on has serious performance
  ; implications and is generally recommended for debugging purposes only.
  implicit_flush = Off
  ; The unserialize callback function will be called (with the undefined class'
  ; name as parameter), if the unserializer finds an undefined class
  ; which should be instantiated.
  ; A warning appears if the specified function is not defined, or if the
  ; function doesn't include/implement the missing class.
  ; So only set this entry, if you really want to implement such a
  ; callback-function.
  unserialize_callback_func=
  ; When floats & doubles are serialized store serialize_precision significant
  ; digits after the floating point. The default value ensures that when floats
  ; are decoded with unserialize, the data will remain the same.
  serialize_precision = 100
  ; Whether to enable the ability to force arguments to be passed by reference
  ; at function call time. This method is deprecated and is likely to be
  ; unsupported in future versions of PHP/Zend. The encouraged method of
  ; specifying which arguments should be passed by reference is in the function
  ; declaration. You're encouraged to try and turn this option Off and make
  ; sure your scripts work properly with it in order to ensure they will work
  ; with future versions of the language (you will receive a warning each time
  ; you use this feature, and the argument will be passed by value instead of by
  ; reference).
  allow_call_time_pass_reference = Off
  ; Safe Mode
  safe_mode = Off
  ; By default, Safe Mode does a UID compare check when
  ; opening files. If you want to relax this to a GID compare,
  ; then turn on safe_mode_gid.
  safe_mode_gid = Off
  ; When safe_mode is on, UID/GID checks are bypassed when
  ; including files from this directory and its subdirectories.
  ; (directory must also be in include_path or full path must
  ; be used when including)
  safe_mode_include_dir =
  ; When safe_mode is on, only executables located in the safe_mode_exec_dir
  ; will be allowed to be executed via the exec family of functions.
  safe_mode_exec_dir =
  ; Setting certain environment variables may be a potential security breach.
  ; This directive contains a comma-delimited list of prefixes. In Safe Mode,
  ; the user may only alter environment variables whose names begin with the
  ; prefixes supplied here. By default, users will only be able to set
  ; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
  ; Note: If this directive is empty, PHP will let the user modify ANY
  ; environment variable!
  safe_mode_allowed_env_vars = PHP_
  ; This directive contains a comma-delimited list of environment variables that
  ; the end user won't be able to change using putenv(). These variables will be
  ; protected even if safe_mode_allowed_env_vars is set to allow to change them.
  safe_mode_protected_env_vars = LD_LIBRARY_PATH
  ; open_basedir, if set, limits all file operations to the defined directory
  ; and below. This directive makes most sense if used in a per-directory
  ; or per-virtualhost web server configuration file. This directive is
  ; *NOT* affected by whether Safe Mode is turned On or Off.
  open_basedir = /data/www/:/tmp/:/usr/share/pear/
  ; This directive allows you to disable certain functions for security reasons.
  ; It receives a comma-delimited list of function names. This directive is
  ; *NOT* affected by whether Safe Mode is turned On or Off.
  disable_functions =
  ; This directive allows you to disable certain classes for security reasons.
  ; It receives a comma-delimited list of class names. This directive is
  ; *NOT* affected by whether Safe Mode is turned On or Off.
  disable_classes =
  ; Colors for Syntax Highlighting mode. Anything that's acceptable in
  ; <span style="color: ???????"> would work.
  ;highlight.string = #DD0000
  ;highlight.comment = #FF9900
  ;highlight.keyword = #007700
  ;highlight.bg = #FFFFFF
  ;highlight.default = #0000BB
  ;highlight.html = #000000
  ; If enabled, the request will be allowed to complete even if the user aborts
  ; the request. Consider enabling it if executing long request, which may end up
  ; being interrupted by the user or a browser timing out.
  ; ignore_user_abort = On
  ; Determines the size of the realpath cache to be used by PHP. This value should
  ; be increased on systems where PHP opens many files to reflect the quantity of
  ; the file operations performed.
  ; realpath_cache_size=16k
  ; Duration of time, in seconds for which to cache realpath information for a given
  ; file or directory. For systems with rarely changing files, consider increasing this
  ; value.
  ; realpath_cache_ttl=120
  ; Misc
  ; Decides whether PHP may expose the fact that it is installed on the server
  ; (e.g. by adding its signature to the Web server header). It is no security
  ; threat in any way, but it makes it possible to determine whether you use PHP
  ; on your server or not.
  expose_php = Off
  ; Resource Limits ;
  max_execution_time = 30 ; Maximum execution time of each script, in seconds
  max_input_time = 60 ; Maximum amount of time each script may spend parsing request data
  ;max_input_nesting_level = 64 ; Maximum input variable nesting level
  memory_limit = 32M ; Maximum amount of memory a script may consume (32MB)
  ; Error handling and logging ;
  ; error_reporting is a bit-field. Or each number up to get desired error
  ; reporting level
  ; E_ALL - All errors and warnings (doesn't include E_STRICT)
  ; E_ERROR - fatal run-time errors
  ; E_RECOVERABLE_ERROR - almost fatal run-time errors
  ; E_WARNING - run-time warnings (non-fatal errors)
  ; E_PARSE - compile-time parse errors
  ; E_NOTICE - run-time notices (these are warnings which often result
  ; from a bug in your code, but it's possible that it was
  ; intentional (e.g., using an uninitialized variable and
  ; relying on the fact it's automatically initialized to an
  ; empty string)
  ; E_STRICT - run-time notices, enable to have PHP suggest changes
  ; to your code which will ensure the best interoperability
  ; and forward compatibility of your code
  ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
  ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
  ; initial startup
  ; E_COMPILE_ERROR - fatal compile-time errors
  ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
  ; E_USER_ERROR - user-generated error message
  ; E_USER_WARNING - user-generated warning message
  ; E_USER_NOTICE - user-generated notice message
  ; Examples:
  ; - Show all errors, except for notices and coding standards warnings
  ;error_reporting = E_ALL & ~E_NOTICE
  ; - Show all errors, except for notices
  ;error_reporting = E_ALL & ~E_NOTICE | E_STRICT
  ; - Show only errors
  ;error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR
  ; - Show all errors, except coding standards warnings
  error_reporting = E_ALL
  ; Print out errors (as a part of the output). For production web sites,
  ; you're strongly encouraged to turn this feature off, and use error logging
  ; instead (see below). Keeping display_errors enabled on a production web site
  ; may reveal security information to end users, such as file paths on your Web
  ; server, your database schema or other information.
  ; possible values for display_errors:
  ; Off - Do not display any errors
  ; stderr - Display errors to STDERR (affects only CGI/CLI binaries!)
  ; On or stdout - Display errors to STDOUT (default)
  ; To output errors to STDERR with CGI/CLI:
  ;display_errors = "stderr"
  ; Default
  display_errors = On
  ; Even when display_errors is on, errors that occur during PHP's startup
  ; sequence are not displayed. It's strongly recommended to keep
  ; display_startup_errors off, except for when debugging.
  display_startup_errors = Off
  ; Log errors into a log file (server-specific log, stderr, or error_log (below))
  ; As stated above, you're strongly advised to use error logging in place of
  ; error displaying on production web sites.
  log_errors = On
  ; Set maximum length of log_errors. In error_log information about the source is
  ; added. The default is 1024 and 0 allows to not apply any maximum length at all.
  log_errors_max_len = 1024
  ; Do not log repeated messages. Repeated errors must occur in same file on same
  ; line unless ignore_repeated_source is set true.
  ignore_repeated_errors = Off
  ; Ignore source of message when ignoring repeated messages. When this setting
  ; is On you will not log errors with repeated messages from different files or
  ; source lines.
  ignore_repeated_source = Off
  ; If this parameter is set to Off, then memory leaks will not be shown (on
  ; stdout or in the log). This has only effect in a debug compile, and if
  ; error reporting includes E_WARNING in the allowed list
  report_memleaks = Off
  ;report_zend_debug = 0
  ; Store the last error/warning message in $php_errormsg (boolean).
  track_errors = Off
  ; Turn off normal error reporting and emit XML-RPC error XML
  ;xmlrpc_errors = 0
  ; An XML-RPC faultCode
  ;xmlrpc_error_number = 0
  ; Disable the inclusion of HTML tags in error messages.
  ; Note: Never use this feature for production boxes.
  ;html_errors = Off
  ; If html_errors is set On PHP produces clickable error messages that direct
  ; to a page describing the error or function causing the error in detail.
  ; You can download a copy of the PHP manual from http://www.php.net/docs.php
  ; and change docref_root to the base URL of your local copy including the
  ; leading '/'. You must also specify the file extension being used including
  ; the dot.
  ; Note: Never use this feature for production boxes.
  ;docref_root = "/phpmanual/"
  ;docref_ext = .html
  ; String to output before an error message.
  ;error_prepend_string = "<font color=#ff0000>"
  ; String to output after an error message.
  ;error_append_string = "</font>"
  ; Log errors to specified file.
  ;error_log = filename
  ; Log errors to syslog.
  error_log = syslog
  ; Data Handling ;
  ; Note - track_vars is ALWAYS enabled as of PHP 4.0.3
  ; The separator used in PHP generated URLs to separate arguments.
  ; Default is "&".
  ;arg_separator.output = "&"
  ; List of separator(s) used by PHP to parse input URLs into variables.
  ; Default is "&".
  ; NOTE: Every character in this directive is considered as separator!
  ;arg_separator.input = ";&"
  ; This directive describes the order in which PHP registers GET, POST, Cookie,
  ; Environment and Built-in variables (G, P, C, E & S respectively, often
  ; referred to as EGPCS or GPC). Registration is done from left to right, newer
  ; values override older values.
  variables_order = "GPCS"
  ; Whether or not to register the EGPCS variables as global variables. You may
  ; want to turn this off if you don't want to clutter your scripts' global scope
  ; with user data. This makes most sense when coupled with track_vars - in which
  ; case you can access all of the GPC variables through the $HTTP_*_VARS[],
  ; variables.
  ; You should do your best to write your scripts so that they do not require
  ; register_globals to be on; Using form variables as globals can easily lead
  ; to possible security problems, if the code is not very well thought of.
  register_globals = Off
  ; Whether or not to register the old-style input arrays, HTTP_GET_VARS
  ; and friends. If you're not using them, it's recommended to turn them off,
  ; for performance reasons.
  register_long_arrays = Off
  ; This directive tells PHP whether to declare the argv&argc variables (that
  ; would contain the GET information). If you don't use these variables, you
  ; should turn it off for increased performance.
  register_argc_argv = Off
  ; When enabled, the SERVER and ENV variables are created when they're first
  ; used (Just In Time) instead of when the script starts. If these variables
  ; are not used within a script, having this directive on will result in a
  ; performance gain. The PHP directives register_globals, register_long_arrays,
  ; and register_argc_argv must be disabled for this directive to have any affect.
  auto_globals_jit = On
  ; Maximum size of POST data that PHP will accept.
  post_max_size = 8M
  ; Magic quotes
  ; Magic quotes for incoming GET/POST/Cookie data.
  magic_quotes_gpc = On
  ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
  magic_quotes_runtime = Off
  ; Use Sybase-style magic quotes (escape ' with '' instead of \').
  magic_quotes_sybase = Off
  ; Automatically add files before or after any PHP document.
  auto_prepend_file =
  auto_append_file =
  ; As of 4.0b4, PHP always outputs a character encoding by default in
  ; the Content-type: header. To disable sending of the charset, simply
  ; set it to be empty.
  ; PHP's built-in default is text/html
  default_mimetype = "text/html"
  default_charset = "utf8"
  ; Always populate the $HTTP_RAW_POST_DATA variable.
  ;always_populate_raw_post_data = On
  ; Paths and Directories ;
  ; UNIX: "/path1:/path2"
  include_path = ".:/usr/share/pear:/data/www"
  ; The root of the PHP pages, used only if nonempty.
  ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
  ; if you are running php as a CGI under any web server (other than IIS)
  ; see documentation for security issues. The alternate is to use the
  ; cgi.force_redirect configuration below
  doc_root =
  ; "/data/www/"
  ; The directory under which PHP opens the script using /~username used only
  ; if nonempty.
  user_dir =
  ; Directory in which the loadable extensions (modules) reside.
  extension_dir = "/usr/lib/php/20060613/"
  ; Whether or not to enable the dl() function. The dl() function does NOT work
  ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
  ; disabled on them.
  enable_dl = Off
  ; cgi.force_redirect is necessary to provide security running PHP as a CGI under
  ; most web servers. Left undefined, PHP turns this on by default. You can
  ; turn it off here AT YOUR OWN RISK
  ; **You CAN safely turn this off for IIS, in fact, you MUST.**
  ; cgi.force_redirect = 1
  ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
  ; every request.
  ; cgi.nph = 1
  ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
  ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
  ; will look for to know it is OK to continue execution. Setting this variable MAY
  ; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
  ; cgi.redirect_status_env = ;
  ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
  ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
  ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
  ; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting
  ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
  ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
  ; cgi.fix_pathinfo=1
  ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
  ; security tokens of the calling client. This allows IIS to define the
  ; security context that the request runs under. mod_fastcgi under Apache
  ; does not currently support this feature (03/17/2002)
  ; Set to 1 if running under IIS. Default is zero.
  ; fastcgi.impersonate = 1;
  ; Disable logging through FastCGI connection
  ; fastcgi.logging = 0
  ; cgi.rfc2616_headers configuration option tells PHP what type of headers to
  ; use when sending HTTP response code. If it's set 0 PHP sends Status: header that
  ; is supported by Apache. When this option is set to 1 PHP will send
  ; RFC2616 compliant header.
  ; Default is zero.
  ;cgi.rfc2616_headers = 0
  ; File Uploads ;
  ; Whether to allow HTTP file uploads.
  file_uploads = Off
  ; Temporary directory for HTTP uploaded files (will use system default if not
  ; specified).
  ;upload_tmp_dir =
  ; Maximum allowed size for uploaded files.
  upload_max_filesize = 10M
  ; Fopen wrappers ;
  ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
  allow_url_fopen = Off
  ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
  allow_url_include = Off
  ; Define the anonymous ftp password (your email address)
  ;from="[email protected]"
  ; Define the User-Agent string
  ; user_agent="PHP"
  ; Default timeout for socket based streams (seconds)
  default_socket_timeout = 60
  ; Dynamic Extensions ;
  ; If you wish to have an extension loaded automatically, use the following
  ; syntax:
  ; extension=modulename.extension
  ; For example, under UNIX:
  ; extension=msql.so
  ; Note that it should be the name of the module only; no directory information
  ; needs to go here. Specify the location of the extension with the
  ; extension_dir directive above.
  ; Module Settings ;
  [Date]
  ; Defines the default timezone used by the date functions
  ;date.timezone =
  ;date.default_latitude = 31.7667
  ;date.default_longitude = 35.2333
  ;date.sunrise_zenith = 90.583333
  ;date.sunset_zenith = 90.583333
  [filter]
  ;filter.default = unsafe_raw
  ;filter.default_flags =
  [iconv]
  ;iconv.input_encoding = ISO-8859-1
  ;iconv.internal_encoding = ISO-8859-1
  ;iconv.output_encoding = ISO-8859-1
  [sqlite]
  ;sqlite.assoc_case = 0
  [Pcre]
  ;PCRE library backtracking limit.
  ;pcre.backtrack_limit=100000
  ;PCRE library recursion limit.
  ;Please note that if you set this value to a high number you may consume all
  ;the available process stack and eventually crash PHP (due to reaching the
  ;stack size limit imposed by the Operating System).
  ;pcre.recursion_limit=100000
  [Syslog]
  ; Whether or not to define the various syslog variables (e.g. $LOG_PID,
  ; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In
  ; runtime, you can define these variables by calling define_syslog_variables().
  define_syslog_variables = Off
  [mail function]
  ; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
  ;sendmail_path =
  ; Force the addition of the specified parameters to be passed as extra parameters
  ; to the sendmail binary. These parameters will always replace the value of
  ; the 5th parameter to mail(), even in safe mode.
  ;mail.force_extra_parameters =
  [SQL]
  sql.safe_mode = Off
  [ODBC]
  ;odbc.default_db = Not yet implemented
  ;odbc.default_user = Not yet implemented
  ;odbc.default_pw = Not yet implemented
  ; Allow or prevent persistent links.
  odbc.allow_persistent = On
  ; Check that a connection is still valid before reuse.
  odbc.check_persistent = On
  ; Maximum number of persistent links. -1 means no limit.
  odbc.max_persistent = -1
  ; Maximum number of links (persistent + non-persistent). -1 means no limit.
  odbc.max_links = -1
  ; Handling of LONG fields. Returns number of bytes to variables. 0 means
  ; passthru.
  odbc.defaultlrl = 4096
  ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
  ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
  ; of uodbc.defaultlrl and uodbc.defaultbinmode
  odbc.defaultbinmode = 1
  [MySQL]
  ; Allow or prevent persistent links.
  mysql.allow_persistent = On
  ; Maximum number of persistent links. -1 means no limit.
  mysql.max_persistent = -1
  ; Maximum number of links (persistent + non-persistent). -1 means no limit.
  mysql.max_links = -1
  ; Default port number for mysql_connect(). If unset, mysql_connect() will use
  ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
  ; compile-time value defined MYSQL_PORT (in that order).
  mysql.default_port =
  ; Default socket name for local MySQL connects. If empty, uses the built-in
  ; MySQL defaults.
  mysql.default_socket =
  ; Default host for mysql_connect() (doesn't apply in safe mode).
  mysql.default_host = localhost
  ; Default user for mysql_connect() (doesn't apply in safe mode).
  mysql.default_user =
  ; Default password for mysql_connect() (doesn't apply in safe mode).
  ; Note that this is generally a *bad* idea to store passwords in this file.
  ; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")
  ; and reveal this password! And of course, any users with read access to this
  ; file will be able to reveal the password as well.
  mysql.default_password =
  ; Maximum time (in seconds) for connect timeout. -1 means no limit
  mysql.connect_timeout = 60
  ; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
  ; SQL-Errors will be displayed.
  mysql.trace_mode = Off
  [MySQLi]
  ; Maximum number of links. -1 means no limit.
  mysqli.max_links = -1
  ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
  ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
  ; compile-time value defined MYSQL_PORT (in that order).
  mysqli.default_port = 3306
  ; Default socket name for local MySQL connects. If empty, uses the built-in
  ; MySQL defaults.
  mysqli.default_socket =
  ; Default host for mysql_connect() (doesn't apply in safe mode).
  mysqli.default_host =
  ; Default user for mysql_connect() (doesn't apply in safe mode).
  mysqli.default_user =
  ; Default password for mysqli_connect() (doesn't apply in safe mode).
  ; Note that this is generally a *bad* idea to store passwords in this file.
  ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
  ; and reveal this password! And of course, any users with read access to this
  ; file will be able to reveal the password as well.
  mysqli.default_pw =
  ; Allow or prevent reconnect
  mysqli.reconnect = Off
  [mSQL]
  ; Allow or prevent persistent links.
  msql.allow_persistent = On
  ; Maximum number of persistent links. -1 means no limit.
  msql.max_persistent = -1
  ; Maximum number of links (persistent+non persistent). -1 means no limit.
  msql.max_links = -1
  [OCI8]
  ; enables privileged connections using external credentials (OCI_SYSOPER, OCI_SYSDBA)
  ;oci8.privileged_connect = Off
  ; Connection: The maximum number of persistent OCI8 connections per
  ; process. Using -1 means no limit.
  ;oci8.max_persistent = -1
  ; Connection: The maximum number of seconds a process is allowed to
  ; maintain an idle persistent connection. Using -1 means idle
  ; persistent connections will be maintained forever.
  ;oci8.persistent_timeout = -1
  ; Connection: The number of seconds that must pass before issuing a
  ; ping during oci_pconnect() to check the connection validity. When
  ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
  ; pings completely.
  ;oci8.ping_interval = 60
  ; Tuning: This option enables statement caching, and specifies how
  ; many statements to cache. Using 0 disables statement caching.
  ;oci8.statement_cache_size = 20
  ; Tuning: Enables statement prefetching and sets the default number of
  ; rows that will be fetched automatically after statement execution.
  ;oci8.default_prefetch = 10
  ; Compatibility. Using On means oci_close() will not close
  ; oci_connect() and oci_new_connect() connections.
  ;oci8.old_oci_close_semantics = Off
  [PostgresSQL]
  ; Allow or prevent persistent links.
  pgsql.allow_persistent = On
  ; Detect broken persistent links always with pg_pconnect().
  ; Auto reset feature requires a little overheads.
  pgsql.auto_reset_persistent = Off
  ; Maximum number of persistent links. -1 means no limit.
  pgsql.max_persistent = -1
  ; Maximum number of links (persistent+non persistent). -1 means no limit.
  pgsql.max_links = -1
  ; Ignore PostgreSQL backends Notice message or not.
  ; Notice message logging require a little overheads.
  pgsql.ignore_notice = 0
  ; Log PostgreSQL backends Notice message or not.
  ; Unless pgsql.ignore_notice=0, module cannot log notice message.
  pgsql.log_notice = 0
  [Sybase]
  ; Allow or prevent persistent links.
  sybase.allow_persistent = On
  ; Maximum number of persistent links. -1 means no limit.
  sybase.max_persistent = -1
  ; Maximum number of links (persistent + non-persistent). -1 means no limit.
  sybase.max_links = -1
  ;sybase.interface_file = "/usr/sybase/interfaces"
  ; Minimum error severity to display.
  sybase.min_error_severity = 10
  ; Minimum message severity to display.
  sybase.min_message_severity = 10
  ; Compatibility mode with old versions of PHP 3.0.
  ; If on, this will cause PHP to automatically assign types to results according
  ; to their Sybase type, instead of treating them all as strings. This
  ; compatibility mode will probably not stay around forever, so try applying
  ; whatever necessary changes to your code, and turn it off.
  sybase.compatability_mode = Off
  [Sybase-CT]
  ; Allow or prevent persistent links.
  sybct.allow_persistent = On
  ; Maximum number of persistent links. -1 means no limit.
  sybct.max_persistent = -1
  ; Maximum number of links (persistent + non-persistent). -1 means no limit.
  sybct.max_links = -1
  ; Minimum server message severity to display.
  sybct.min_server_severity = 10
  ; Minimum client message severity to display.
  sybct.min_client_severity = 10
  [bcmath]
  ; Number of decimal digits for all bcmath functions.
  bcmath.scale = 0
  [browscap]
  ;browscap = extra/browscap.ini
  [Informix]
  ; Default host for ifx_connect() (doesn't apply in safe mode).
  ifx.default_host =
  ; Default user for ifx_connect() (doesn't apply in safe mode).
  ifx.default_user =
  ; Default password for ifx_connect() (doesn't apply in safe mode).
  ifx.default_password =
  ; Allow or prevent persistent links.
  ifx.allow_persistent = On
  ; Maximum number of persistent links. -1 means no limit.
  ifx.max_persistent = -1
  ; Maximum number of links (persistent + non-persistent). -1 means no limit.
  ifx.max_links = -1
  ; If on, select statements return the contents of a text blob instead of its id.
  ifx.textasvarchar = 0
  ; If on, select statements return the contents of a byte blob instead of its id.
  ifx.byteasvarchar = 0
  ; Trailing blanks are stripped from fixed-length char columns. May help the
  ; life of Informix SE users.
  ifx.charasvarchar = 0
  ; If on, the contents of text and byte blobs are dumped to a file instead of
  ; keeping them in memory.
  ifx.blobinfile = 0
  ; NULL's are returned as empty strings, unless this is set to 1. In that case,
  ; NULL's are returned as string 'NULL'.
  ifx.nullformat = 0
  [Session]
  ; Handler used to store/retrieve data.
  session.save_handler = files
  ; Argument passed to save_handler. In the case of files, this is the path
  ; where data files are stored.
  ; As of PHP 4.0.1, you can define the path as:
  ; session.save_path = "N;/path"
  ; where N is an integer. Instead of storing all the session files in
  ; /path, what this will do is use subdirectories N-levels deep, and
  ; store the session data in those directories. This is useful if you
  ; or your OS have problems with lots of files in one directory, and is
  ; a more efficient layout for servers that handle lots of sessions.
  ; NOTE 1: PHP will not create this directory structure automatically.
  ; You can use the script in the ext/session dir for that purpose.
  ; NOTE 2: See the section on garbage collection below if you choose to
  ; use subdirectories for session storage
  ; The file storage module creates files using mode 600 by default.
  ; You can change that by using
  ; session.save_path = "N;MODE;/path"
  ; where MODE is the octal representation of the mode. Note that this
  ; does not overwrite the process's umask.
  session.save_path = "/tmp"
  ; Whether to use cookies.
  session.use_cookies = 1
  ;session.cookie_secure =
  ; This option enables administrators to make their users invulnerable to
  ; attacks which involve passing session ids in URLs; defaults to 0.
  ; session.use_only_cookies = 1
  ; Name of the session (used as cookie name).
  session.name = PHPSESSID
  ; Initialize session on request startup.
  session.auto_start = 0
  ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
  session.cookie_lifetime = 0
  ; The path for which the cookie is valid.
  session.cookie_path = /
  ; The domain for which the cookie is valid.
  session.cookie_domain =
  ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
  session.cookie_httponly =
  ; Handler used to serialize data. php is the standard serializer of PHP.
  session.serialize_handler = php
  ; Define the probability that the 'garbage collection' process is started
  ; on every session initialization.
  ; The probability is calculated by using gc_probability/gc_divisor,
  ; e.g. 1/100 means there is a 1% chance that the GC process starts
  ; on each request.
  session.gc_probability = 1
  session.gc_divisor = 1000
  ; After this number of seconds, stored data will be seen as 'garbage' and
  ; cleaned up by the garbage collection process.
  session.gc_maxlifetime = 1440
  ; NOTE: If you are using the subdirectory option for storing session files
  ; (see session.save_path above), then garbage collection does *not*
  ; happen automatically. You will need to do your own garbage
  ; collection through a shell script, cron entry, or some other method.
  ; For example, the following script would is the equivalent of
  ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
  ; cd /path/to/sessions; find -cmin +24 | xargs rm
  ; PHP 4.2 and less have an undocumented feature/bug that allows you to
  ; to initialize a session variable in the global scope, albeit register_globals
  ; is disabled. PHP 4.3 and later will warn you, if this feature is used.
  ; You can disable the feature and the warning separately. At this time,
  ; the warning is only displayed, if bug_compat_42 is enabled.
  session.bug_compat_42 = 0
  session.bug_compat_warn = 1
  ; Check HTTP Referer to invalidate externally stored URLs containing ids.
  ; HTTP_REFERER has to contain this substring for the session to be
  ; considered as valid.
  session.referer_check =
  ; How many bytes to read from the file.
  session.entropy_length = 0
  ; Specified here to create the session id.
  session.entropy_file =
  ;session.entropy_length = 16
  ;session.entropy_file = /dev/urandom
  ; Set to {nocache,private,public,} to determine HTTP caching aspects
  ; or leave this empty to avoid sending anti-caching headers.
  session.cache_limiter = nocache
  ; Document expires after n minutes.
  session.cache_expire = 180
  ; trans sid support is disabled by default.
  ; Use of trans sid may risk your users security.
  ; Use this option with caution.
  ; - User may send URL contains active session ID
  ; to other person via. email/irc/etc.
  ; - URL that contains active session ID may be stored
  ; in publically accessible computer.
  ; - User may access your site with the same session ID
  ; always using URL stored in browser's history or bookmarks.
  session.use_trans_sid = 0
  ; Select a hash function
  ; 0: MD5 (128 bits)
  ; 1: SHA-1 (160 bits)
  session.hash_function = 0
  ; Define how many bits are stored in each character when converting
  ; the binary hash data to something readable.
  ; 4 bits: 0-9, a-f
  ; 5 bits: 0-9, a-v
  ; 6 bits: 0-9, a-z, A-Z, "-", ","
  session.hash_bits_per_character = 5
  ; The URL rewriter will look for URLs in a defined set of HTML tags.
  ; form/fieldset are special; if you include them here, the rewriter will
  ; add a hidden <input> field with the info which is otherwise appended
  ; to URLs. If you want XHTML conformity, remove the form entry.
  ; Note that all valid entries require a "=", even if no value follows.
  url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
  [MSSQL]
  ; Allow or prevent persistent links.
  mssql.allow_persistent = On
  ; Maximum number of persistent links. -1 means no limit.
  mssql.max_persistent = -1
  ; Maximum number of links (persistent+non persistent). -1 means no limit.
  mssql.max_links = -1
  ; Minimum error severity to display.
  mssql.min_error_severity = 10
  ; Minimum message severity to display.
  mssql.min_message_severity = 10
  ; Compatibility mode with old versions of PHP 3.0.
  mssql.compatability_mode = Off
  ; Connect timeout
  ;mssql.connect_timeout = 5
  ; Query timeout
  ;mssql.timeout = 60
  ; Valid range 0 - 2147483647. Default = 4096.
  ;mssql.textlimit = 4096
  ; Valid range 0 - 2147483647. Default = 4096.
  ;mssql.textsize = 4096
  ; Limits the number of records in each batch. 0 = all records in one batch.
  ;mssql.batchsize = 0
  ; Specify how datetime and datetim4 columns are returned
  ; On => Returns data converted to SQL server settings
  ; Off => Returns values as YYYY-MM-DD hh:mm:ss
  ;mssql.datetimeconvert = On
  ; Use NT authentication when connecting to the server
  mssql.secure_connection = Off
  ; Specify max number of processes. -1 = library default
  ; msdlib defaults to 25
  ; FreeTDS defaults to 4096
  ;mssql.max_procs = -1
  ; Specify client character set.
  ; If empty or not set the client charset from freetds.comf is used
  ; This is only used when compiled with FreeTDS
  ;mssql.charset = "ISO-8859-1"
  [Assertion]
  ; Assert(expr); active by default.
  ;assert.active = On
  ; Issue a PHP warning for each failed assertion.
  ;assert.warning = On
  ; Don't bail out by default.
  ;assert.bail = Off
  ; User-function to be called if an assertion fails.
  ;assert.callback = 0
  ; Eval the expression with current error_reporting(). Set to true if you want
  ; error_reporting(0) around the eval().
  ;assert.quiet_eval = 0
  [COM]
  ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
  ;com.typelib_file =
  ; allow Distributed-COM calls
  ;com.allow_dcom = true
  ; autoregister constants of a components typlib on com_load()
  ;com.autoregister_typelib = true
  ; register constants casesensitive
  ;com.autoregister_casesensitive = false
  ; show warnings on duplicate constant registrations
  ;com.autoregister_verbose = true
  [mbstring]
  ; language for internal character representation.
  ;mbstring.language = Japanese
  ; internal/script encoding.
  ; Some encoding cannot work as internal encoding.
  ; (e.g. SJIS, BIG5, ISO-2022-*)
  ;mbstring.internal_encoding = EUC-JP
  ; http input encoding.
  ;mbstring.http_input = auto
  ; http output encoding. mb_output_handler must be
  ; registered as output buffer to function
  ;mbstring.http_output = SJIS
  ; enable automatic encoding translation according to
  ; mbstring.internal_encoding setting. Input chars are
  ; converted to internal encoding by setting this to On.
  ; Note: Do _not_ use automatic encoding translation for
  ; portable libs/applications.
  ;mbstring.encoding_translation = Off
  ; automatic encoding detection order.
  ; auto means
  ;mbstring.detect_order = auto
  ; substitute_character used when character cannot be converted
  ; one from another
  ;mbstring.substitute_character = none;
  ; overload(replace) single byte functions by mbstring functions.
  ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
  ; etc. Possible values are 0,1,2,4 or combination of them.
  ; For example, 7 for overload everything.
  ; 0: No overload
  ; 1: Overload mail() function
  ; 2: Overload str*() functions
  ; 4: Overload ereg*() functions
  ;mbstring.func_overload = 0
  ; enable strict encoding detection.
  ;mbstring.strict_encoding = Off
  [FrontBase]
  ;fbsql.allow_persistent = On
  ;fbsql.autocommit = On
  ;fbsql.show_timestamp_decimals = Off
  ;fbsql.default_database =
  ;fbsql.default_database_password =
  ;fbsql.default_host =
  ;fbsql.default_password =
  ;fbsql.default_user = "_SYSTEM"
  ;fbsql.generate_warnings = Off
  ;fbsql.max_connections = 128
  ;fbsql.max_links = 128
  ;fbsql.max_persistent = -1
  ;fbsql.max_results = 128
  [gd]
  ; Tell the jpeg decode to libjpeg warnings and try to create
  ; a gd image. The warning will then be displayed as notices
  ; disabled by default
  ;gd.jpeg_ignore_warning = 0
  [exif]
  ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
  ; With mbstring support this will automatically be converted into the encoding
  ; given by corresponding encode setting. When empty mbstring.internal_encoding
  ; is used. For the decode settings you can distinguish between motorola and
  ; intel byte order. A decode setting cannot be empty.
  ;exif.encode_unicode = ISO-8859-15
  ;exif.decode_unicode_motorola = UCS-2BE
  ;exif.decode_unicode_intel = UCS-2LE
  ;exif.encode_jis =
  ;exif.decode_jis_motorola = JIS
  ;exif.decode_jis_intel = JIS
  [Tidy]
  ; The path to a default tidy configuration file to use when using tidy
  ;tidy.default_config = /usr/local/lib/php/default.tcfg
  ; Should tidy clean and repair output automatically?
  ; WARNING: Do not use this option if you are generating non-html content
  ; such as dynamic images
  tidy.clean_output = Off
  [soap]
  ; Enables or disables WSDL caching feature.
  soap.wsdl_cache_enabled=1
  ; Sets the directory name where SOAP extension will put cache files.
  soap.wsdl_cache_dir="/tmp"
  ; (time to live) Sets the number of second while cached file will be used
  ; instead of original one.
  soap.wsdl_cache_ttl=86400
  ; available extensions
  ;extension=bcmath.so
  ;extension=bz2.so
  ;extension=calendar.so
  ;extension=curl.so
  ;extension=dba.so
  ;extension=dbase.so
  ;extension=exif.so
  ;extension=ftp.so
  ;extension=gd.so
  extension=gettext.so
  ;extension=gmp.so
  ;extension=iconv.so
  ;extension=imap.so
  ;extension=json.so
  ;extension=ldap.so
  extension=mcrypt.so
  ;extension=mhash.so
  ;extension=mime_magic.so
  extension=mysql.so
  ;extension=mysqli.so
  ;extension=ncurses.so
  ;extension=odbc.so
  ;extension=openssl.so
  ;extension=pdo.so
  extension=pdo_mysql.so
  ;extension=pdo_odbc.so
  ;extension=pdo_pgsql.so
  ;extension=pdo_sqlite.so
  ;extension=pgsql.so
  ;extension=posix.so
  ;extension=pspell.so
  extension=session.so
  ;extension=shmop.so
  ;extension=snmp.so
  ;extension=soap.so
  ;extension=sockets.so
  ;extension=sqlite.so
  ;extension=sysvmsg.so
  ;extension=sysvsem.so
  ;extension=sysvshm.so
  ;extension=tidy.so
  ;extension=xmlrpc.so
  ;extension=xsl.so
  ;extension=zip.so
  extension=zlib.so
  ; Local Variables:
  ; tab-width: 4
  ; End:
  # This is the main Apache HTTP server configuration file. It contains the
  # configuration directives that give the server its instructions.
  # See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
  # In particular, see
  # <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
  # for a discussion of each configuration directive.
  # Do NOT simply read the instructions in here without understanding
  # what they do. They're here only as hints or reminders. If you are unsure
  # consult the online docs. You have been warned.
  # Configuration and logfile names: If the filenames you specify for many
  # of the server's control files begin with "/" (or "drive:/" for Win32), the
  # server will use that explicit path. If the filenames do *not* begin
  # with "/", the value of ServerRoot is prepended -- so "/var/log/httpd/foo_log"
  # with ServerRoot set to "/etc/httpd" will be interpreted by the
  # server as "/etc/httpd//var/log/httpd/foo_log".
  # ServerRoot: The top of the directory tree under which the server's
  # configuration, error, and log files are kept.
  # Do not add a slash at the end of the directory path. If you point
  # ServerRoot at a non-local disk, be sure to point the LockFile directive
  # at a local disk. If you wish to share the same ServerRoot for multiple
  # httpd daemons, you will need to change at least LockFile and PidFile.
  ServerRoot "/etc/httpd"
  # Listen: Allows you to bind Apache to specific IP addresses and/or
  # ports, instead of the default. See also the <VirtualHost>
  # directive.
  # Change this to Listen on specific IP addresses as shown below to
  # prevent Apache from glomming onto all bound IP addresses.
  #Listen 12.34.56.78:80
  Listen 80
  # Dynamic Shared Object (DSO) Support
  # To be able to use the functionality of a module which was built as a DSO you
  # have to place corresponding `LoadModule' lines at this location so the
  # directives contained in it are actually available _before_ they are used.
  # Statically compiled modules (those listed by `httpd -l') do not need
  # to be loaded here.
  # Example:
  # LoadModule foo_module modules/mod_foo.so
  LoadModule authn_file_module modules/mod_authn_file.so
  LoadModule authn_dbm_module modules/mod_authn_dbm.so
  LoadModule authn_anon_module modules/mod_authn_anon.so
  LoadModule authn_dbd_module modules/mod_authn_dbd.so
  LoadModule authn_default_module modules/mod_authn_default.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  LoadModule authz_user_module modules/mod_authz_user.so
  LoadModule authz_dbm_module modules/mod_authz_dbm.so
  LoadModule authz_owner_module modules/mod_authz_owner.so
  LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
  LoadModule authz_default_module modules/mod_authz_default.so
  LoadModule auth_basic_module modules/mod_auth_basic.so
  LoadModule auth_digest_module modules/mod_auth_digest.so
  LoadModule file_cache_module modules/mod_file_cache.so
  LoadModule cache_module modules/mod_cache.so
  LoadModule disk_cache_module modules/mod_disk_cache.so
  LoadModule mem_cache_module modules/mod_mem_cache.so
  LoadModule dbd_module modules/mod_dbd.so
  LoadModule dumpio_module modules/mod_dumpio.so
  LoadModule ext_filter_module modules/mod_ext_filter.so
  LoadModule include_module modules/mod_include.so
  LoadModule filter_module modules/mod_filter.so
  LoadModule substitute_module modules/mod_substitute.so
  LoadModule deflate_module modules/mod_deflate.so
  LoadModule ldap_module modules/mod_ldap.so
  LoadModule log_config_module modules/mod_log_config.so
  LoadModule log_forensic_module modules/mod_log_forensic.so
  LoadModule logio_module modules/mod_logio.so
  LoadModule env_module modules/mod_env.so
  LoadModule mime_magic_module modules/mod_mime_magic.so
  LoadModule cern_meta_module modules/mod_cern_meta.so
  LoadModule expires_module modules/mod_expires.so
  LoadModule headers_module modules/mod_headers.so
  LoadModule ident_module modules/mod_ident.so
  LoadModule usertrack_module modules/mod_usertrack.so
  #LoadModule unique_id_module modules/mod_unique_id.so
  LoadModule setenvif_module modules/mod_setenvif.so
  LoadModule version_module modules/mod_version.so
  LoadModule proxy_module modules/mod_proxy.so
  LoadModule proxy_connect_module modules/mod_proxy_connect.so
  LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  LoadModule proxy_http_module modules/mod_proxy_http.so
  LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
  LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
  LoadModule ssl_module modules/mod_ssl.so
  LoadModule mime_module modules/mod_mime.so
  LoadModule dav_module modules/mod_dav.so
  LoadModule status_module modules/mod_status.so
  LoadModule autoindex_module modules/mod_autoindex.so
  LoadModule asis_module modules/mod_asis.so
  LoadModule info_module modules/mod_info.so
  LoadModule suexec_module modules/mod_suexec.so
  LoadModule cgi_module modules/mod_cgi.so
  LoadModule cgid_module modules/mod_cgid.so
  LoadModule dav_fs_module modules/mod_dav_fs.so
  LoadModule vhost_alias_module modules/mod_vhost_alias.so
  LoadModule negotiation_module modules/mod_negotiation.so
  LoadModule dir_module modules/mod_dir.so
  LoadModule imagemap_module modules/mod_imagemap.so
  LoadModule actions_module modules/mod_actions.so
  LoadModule speling_module modules/mod_speling.so
  LoadModule userdir_module modules/mod_userdir.so
  LoadModule alias_module modules/mod_alias.so
  LoadModule rewrite_module modules/mod_rewrite.so
  LoadModule php5_module modules/libphp5.so
  <IfModule !mpm_netware_module>
  <IfModule !mpm_winnt_module>
  # If you wish httpd to run as a different user or group, you must run
  # httpd as root initially and it will switch.
  # User/Group: The name (or #number) of the user/group to run httpd as.
  # It is usually good practice to create a dedicated user and group for
  # running httpd, as with most system services.
  User http
  Group http
  </IfModule>
  </IfModule>
  # 'Main' server configuration
  # The directives in this section set up the values used by the 'main'
  # server, which responds to any requests that aren't handled by a
  # <VirtualHost> definition. These values also provide defaults for
  # any <VirtualHost> containers you may define later in the file.
  # All of these directives may appear inside <VirtualHost> containers,
  # in which case these default settings will be overridden for the
  # virtual host being defined.
  # ServerAdmin: Your address, where problems with the server should be
  # e-mailed. This address appears on some server-generated pages, such
  # as error documents. e.g. [email protected]
  ServerAdmin [email protected]
  # ServerName gives the name and port that the server uses to identify itself.
  # This can often be determined automatically, but we recommend you specify
  # it explicitly to prevent problems during startup.
  # If your host doesn't have a registered DNS name, enter its IP address here.
  ServerName blabla.google.com:80
  # DocumentRoot: The directory out of which you will serve your
  # documents. By default, all requests are taken from this directory, but
  # symbolic links and aliases may be used to point to other locations.
  DocumentRoot "/data/www"
  # Each directory to which Apache has access can be configured with respect
  # to which services and features are allowed and/or disabled in that
  # directory (and its subdirectories).
  # First, we configure the "default" to be a very restrictive set of
  # features.
  <Directory />
  Options FollowSymLinks
  AllowOverride None
  Order allow,deny
  Allow from all
  </Directory>
  # Note that from this point forward you must specifically allow
  # particular features to be enabled - so if something's not working as
  # you might expect, make sure that you have specifically enabled it
  # below.
  # This should be changed to whatever you set DocumentRoot to.
  <Directory "/data/wwww">
  # Possible values for the Options directive are "None", "All",
  # or any combination of:
  # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
  # Note that "MultiViews" must be named *explicitly* --- "Options All"
  # doesn't give it to you.
  # The Options directive is both complicated and important. Please see
  # http://httpd.apache.org/docs/2.2/mod/core.html#options
  # for more information.
  Options Indexes FollowSymLinks
  # AllowOverride controls what directives may be placed in .htaccess files.
  # It can be "All", "None", or any combination of the keywords:
  # Options FileInfo AuthConfig Limit
  AllowOverride None
  # Controls who can get stuff from this server.
  Order allow,deny
  Allow from all
  </Directory>
  # DirectoryIndex: sets the file that Apache will serve if a directory
  # is requested.
  <IfModule dir_module>
  DirectoryIndex index.php
  </IfModule>
  # The following lines prevent .htaccess and .htpasswd files from being
  # viewed by Web clients.
  <FilesMatch "^\.ht">
  Order allow,deny
  Deny from all
  Satisfy All
  </FilesMatch>
  # ErrorLog: The location of the error log file.
  # If you do not specify an ErrorLog directive within a <VirtualHost>
  # container, error messages relating to that virtual host will be
  # logged here. If you *do* define an error logfile for a <VirtualHost>
  # container, that host's errors will be logged there and not here.
  ErrorLog "/var/log/httpd/error_log"
  # LogLevel: Control the number of messages logged to the error_log.
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel debug
  <IfModule log_config_module>
  # The following directives define some format nicknames for use with
  # a CustomLog directive (see below).
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common
  <IfModule logio_module>
  # You need to enable mod_logio.c to use %I and %O
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
  </IfModule>
  # The location and format of the access logfile (Common Logfile Format).
  # If you do not define any access logfiles within a <VirtualHost>
  # container, they will be logged here. Contrariwise, if you *do*
  # define per-<VirtualHost> access logfiles, transactions will be
  # logged therein and *not* in this file.
  CustomLog "/var/log/httpd/access_log" common
  # If you prefer a logfile with access, agent, and referer information
  # (Combined Logfile Format) you can use the following directive.
  #CustomLog "/var/log/httpd/access_log" combined
  </IfModule>
  <IfModule alias_module>
  # Redirect: Allows you to tell clients about documents that used to
  # exist in your server's namespace, but do not anymore. The client
  # will make a new request for the document at its new location.
  # Example:
  # Redirect permanent /foo http://www.example.com/bar
  # Alias: Maps web paths into filesystem paths and is used to
  # access content that does not live under the DocumentRoot.
  # Example:
  # Alias /webpath /full/filesystem/path
  # If you include a trailing / on /webpath then the server will
  # require it to be present in the URL. You will also likely
  # need to provide a <Directory> section to allow access to
  # the filesystem path.
  # ScriptAlias: This controls which directories contain server scripts.
  # ScriptAliases are essentially the same as Aliases, except that
  # documents in the target directory are treated as applications and
  # run by the server when requested rather than as documents sent to the
  # client. The same rules about trailing "/" apply to ScriptAlias
  # directives as to Alias.
  ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"
  </IfModule>
  <IfModule cgid_module>
  # ScriptSock: On threaded servers, designate the path to the UNIX
  # socket used to communicate with the CGI daemon of mod_cgid.
  #Scriptsock /var/run/httpd/cgisock
  </IfModule>
  # "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
  # CGI directory exists, if you have that configured.
  <Directory "/data/www/cgi-bin">
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
  </Directory>
  # DefaultType: the default MIME type the server will use for a document
  # if it cannot otherwise determine one, such as from filename extensions.
  # If your server contains mostly text or HTML documents, "text/plain" is
  # a good value. If most of your content is binary, such as applications
  # or images, you may want to use "application/octet-stream" instead to
  # keep browsers from trying to display binary files as though they are
  # text.
  DefaultType text/plain
  <IfModule mime_module>
  # TypesConfig points to the file containing the list of mappings from
  # filename extension to MIME-type.
  TypesConfig conf/mime.types
  # AddType allows you to add to or override the MIME configuration
  # file specified in TypesConfig for specific file types.
  #AddType application/x-gzip .tgz
  # AddEncoding allows you to have certain browsers uncompress
  # information on the fly. Note: Not all browsers support this.
  #AddEncoding x-compress .Z
  #AddEncoding x-gzip .gz .tgz
  # If the AddEncoding directives above are commented-out, then you
  # probably should define those extensions to indicate media types:
  AddType application/x-compress .Z
  AddType application/x-gzip .gz .tgz
  AddType application/x-httpd-php .php
  AddType application/x-httpd-php-source .phps
  # AddHandler allows you to map certain file extensions to "handlers":
  # actions unrelated to filetype. These can be either built into the server
  # or added with the Action directive (see below)
  # To use CGI scripts outside of ScriptAliased directories:
  # (You will also need to add "ExecCGI" to the "Options" directive.)
  #AddHandler cgi-script .cgi
  # For type maps (negotiated resources):
  #AddHandler type-map var
  # Filters allow you to process content before it is sent to the client.
  # To parse .shtml files for server-side includes (SSI):
  # (You will also need to add "Includes" to the "Options" directive.)
  #AddType text/html .shtml
  #AddOutputFilter INCLUDES .shtml
  </IfModule>
  # The mod_mime_magic module allows the server to use various hints from the
  # contents of the file itself to determine its type. The MIMEMagicFile
  # directive tells the module where the hint definitions are located.
  #MIMEMagicFile conf/magic
  # Customizable error responses come in three flavors:
  # 1) plain text 2) local redirects 3) external redirects
  # Some examples:
  #ErrorDocument 500 "The server made a boo boo."
  #ErrorDocument 404 /missing.html
  #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
  #ErrorDocument 402 http://www.example.com/subscription_info.html
  # EnableMMAP and EnableSendfile: On systems that support it,
  # memory-mapping or the sendfile syscall is used to deliver
  # files. This usually improves server performance, but must
  # be turned off when serving from networked-mounted
  # filesystems or if support for these functions is otherwise
  # broken on your system.
  #EnableMMAP off
  #EnableSendfile off
  # Supplemental configuration
  # The configuration files in the conf/extra/ directory can be
  # included to add extra features or to modify the default configuration of
  # the server, or you may simply copy their contents here and change as
  # necessary.
  # Server-pool management (MPM specific)
  #Include conf/extra/httpd-mpm.conf
  # Multi-language error messages
  Include conf/extra/httpd-multilang-errordoc.conf
  # Fancy directory listings
  Include conf/extra/httpd-autoindex.conf
  # Language settings
  Include conf/extra/httpd-languages.conf
  # User home directories
  #Include conf/extra/httpd-userdir.conf
  # Real-time info on requests and configuration
  #Include conf/extra/httpd-info.conf
  # Virtual hosts
  #Include conf/extra/httpd-vhosts.conf
  # Local access to the Apache HTTP Server Manual
  #Include conf/extra/httpd-manual.conf
  # Distributed authoring and versioning (WebDAV)
  #Include conf/extra/httpd-dav.conf
  # Various default settings
  Include conf/extra/httpd-default.conf
  # Include PHP5 config
  Include conf/extra/php5_module.conf
  # Secure (SSL/TLS) connections
  #Include conf/extra/httpd-ssl.conf
  # Note: The following must must be present to support
  # starting without SSL on platforms with no /dev/random equivalent
  # but a statically compiled-in mod_ssl.
  <IfModule ssl_module>
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  </IfModule>
  Please, check the configs and let me know if i missed some error.

  In the default php.ini is set open_basedir which limits work with php only to few directories (and directories bellow them). There is set /srv/http, /home,/tmp and /usr/share/pear by default.
  To allow your vhost you should add /data/www or set empty value.

• Running JSPs through Apache Jserv in OC4J

  hello there -
  I'm hoping someone can help me.
  I want index.jsp, our first page, to ACT like a JSP, rather than the current HTML. It seems that httpd.conf wont access OC4J, so i've attempted to access Jserv. Still, things wont work.
  If someone could please take a look at what i have so far in httpd.conf, more specifically, near the bottom where i've opened up Jserv, and let me know what i'm doing wrong, i'd greatly appreciate it!
  ## httpd.conf -- Apache HTTP server configuration file
  # Based upon the NCSA server configuration files originally by Rob McCool.
  # This is the main Apache server configuration file. It contains the
  # configuration directives that give the server its instructions.
  # See <URL:http://www.apache.org/docs/> for detailed information about
  # the directives.
  # Do NOT simply read the instructions in here without understanding
  # what they do. They're here only as hints or reminders. If you are unsure
  # consult the online docs. You have been warned.
  # After this file is processed, the server will look for and process
  # /devl/ics3/devl/apache/srm.conf and then /devl/ics3/devl/apache/access.conf
  # unless you have overridden these with ResourceConfig and/or
  # AccessConfig directives here.
  # The configuration directives are grouped into three basic sections:
  # 1. Directives that control the operation of the Apache server process as a
  # whole (the 'global environment').
  # 2. Directives that define the parameters of the 'main' or 'default' server,
  # which responds to requests that aren't handled by a virtual host.
  # These directives also provide default values for the settings
  # of all virtual hosts.
  # 3. Settings for virtual hosts, which allow Web requests to be sent to
  # different IP addresses or hostnames and have them handled by the
  # same Apache server process.
  # Configuration and logfile names: If the filenames you specify for many
  # of the server's control files begin with "/" (or "drive:/" for Win32), the
  # server will use that explicit path. If the filenames do not begin
  # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
  # with ServerRoot set to "/usr/local/apache" will be interpreted by the
  # server as "/usr/local/apache/logs/foo.log".
  ### Section 1: Global Environment
  # The directives in this section affect the overall operation of Apache,
  # such as the number of concurrent requests it can handle or where it
  # can find its configuration files.
  # ServerType is either inetd, or standalone. Inetd mode is only supported on
  # Unix platforms.
  ServerType standalone
  # ServerRoot: The top of the directory tree under which the server's
  # configuration, error, and log files are kept.
  # NOTE! If you intend to place this on an NFS (or otherwise network)
  # mounted filesystem then please read the LockFile documentation
  # (available at <URL:http://www.apache.org/docs/mod/core.html#lockfile>);
  # you will save yourself a lot of trouble.
  # Do NOT add a slash at the end of the directory path.
  ServerRoot "/oraapp/9iAS10220/home/Apache/Apache"
  # The LockFile directive sets the path to the lockfile used when Apache
  # is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
  # USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
  # its default value. The main reason for changing it is if the logs
  # directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
  # DISK. The PID of the main server process is automatically appended to
  # the filename.
  #LockFile /devl/ics3/devl/apache/logs/httpd.lock
  # PidFile: The file in which the server should record its process
  # identification number when it starts.
  PidFile /devl/ics3/devl/apache/logs/httpd.pid
  # ScoreBoardFile: File used to store internal server process information.
  # Not all architectures require this. But if yours does (you'll know because
  # this file will be created when you run Apache) then you must ensure that
  # no two invocations of Apache share the same scoreboard file.
  ScoreBoardFile /devl/ics3/devl/apache/logs/httpd.scoreboard
  # In the standard configuration, the server will process httpd.conf (this
  # file, specified by the -f command line option), srm.conf, and access.conf
  # in that order. The latter two files are now distributed empty, as it is
  # recommended that all directives be kept in a single file for simplicity.
  # The commented-out values below are the built-in defaults. You can have the
  # server ignore these files altogether by using "/dev/null" (for Unix) or
  # "nul" (for Win32) for the arguments to the directives.
  #ResourceConfig conf/srm.conf
  #AccessConfig conf/access.conf
  # Timeout: The number of seconds before receives and sends time out.
  Timeout 300
  # KeepAlive: Whether or not to allow persistent connections (more than
  # one request per connection). Set to "Off" to deactivate.
  KeepAlive On
  # MaxKeepAliveRequests: The maximum number of requests to allow
  # during a persistent connection. Set to 0 to allow an unlimited amount.
  # We recommend you leave this number high, for maximum performance.
  MaxKeepAliveRequests 100
  # KeepAliveTimeout: Number of seconds to wait for the next request from the
  # same client on the same connection.
  KeepAliveTimeout 15
  # Server-pool size regulation. Rather than making you guess how many
  # server processes you need, Apache dynamically adapts to the load it
  # sees --- that is, it tries to maintain enough server processes to
  # handle the current load, plus a few spare servers to handle transient
  # load spikes (e.g., multiple simultaneous requests from a single
  # Netscape browser).
  # It does this by periodically checking how many servers are waiting
  # for a request. If there are fewer than MinSpareServers, it creates
  # a new spare. If there are more than MaxSpareServers, some of the
  # spares die off. The default values are probably OK for most sites.
  MinSpareServers 1
  MaxSpareServers 2
  # Number of servers to start initially --- should be a reasonable ballpark
  # figure.
  StartServers 1
  # Limit on total number of servers running, i.e., limit on the number
  # of clients who can simultaneously connect --- if this limit is ever
  # reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
  # It is intended mainly as a brake to keep a runaway server from taking
  # the system with it as it spirals down...
  MaxClients 150
  # MaxRequestsPerChild: the number of requests each child process is
  # allowed to process before the child dies. The child will exit so
  # as to avoid problems after prolonged use when Apache (and maybe the
  # libraries it uses) leak memory or other resources. On most systems, this
  # isn't really needed, but a few (such as Solaris) do have notable leaks
  # in the libraries. For these platforms, set to something like 10000
  # or so; a setting of 0 means unlimited.
  # NOTE: This value does not include keepalive requests after the initial
  # request per connection. For example, if a child process handles
  # an initial request and 10 subsequent "keptalive" requests, it
  # would only count as 1 request towards this limit.
  MaxRequestsPerChild 0
  # Listen: Allows you to bind Apache to specific IP addresses and/or
  # ports, in addition to the default. See also the <VirtualHost>
  # directive.
  #Listen 3000
  #Listen 172.18.4.13:80
  # BindAddress: You can support virtual hosts with this option. This directive
  # is used to tell the server which IP address to listen to. It can either
  # contain "*", an IP address, or a fully qualified Internet domain name.
  # See also the <VirtualHost> and Listen directives.
  #BindAddress 172.18.4.13
  # Dynamic Shared Object (DSO) Support
  # To be able to use the functionality of a module which was built as a DSO you
  # have to place corresponding `LoadModule' lines at this location so the
  # directives contained in it are actually available before they are used.
  # Please read the file README.DSO in the Apache 1.3 distribution for more
  # details about the DSO mechanism and run `httpd -l' for the list of already
  # built-in (statically linked and thus always available) modules in your httpd
  # binary.
  # Note: The order in which modules are loaded is important. Don't change
  # the order below without expert advice.
  # Example:
  # LoadModule foo_module libexec/mod_foo.so
  LoadModule mmap_static_module libexec/mod_mmap_static.so
  LoadModule vhost_alias_module libexec/mod_vhost_alias.so
  LoadModule env_module libexec/mod_env.so
  LoadModule config_log_module libexec/mod_log_config.so
  LoadModule agent_log_module libexec/mod_log_agent.so
  LoadModule referer_log_module libexec/mod_log_referer.so
  LoadModule mime_magic_module libexec/mod_mime_magic.so
  LoadModule mime_module libexec/mod_mime.so
  LoadModule negotiation_module libexec/mod_negotiation.so
  LoadModule status_module libexec/mod_status.so
  LoadModule info_module libexec/mod_info.so
  LoadModule includes_module libexec/mod_include.so
  LoadModule autoindex_module libexec/mod_autoindex.so
  LoadModule dir_module libexec/mod_dir.so
  LoadModule cgi_module libexec/mod_cgi.so
  LoadModule asis_module libexec/mod_asis.so
  LoadModule imap_module libexec/mod_imap.so
  LoadModule action_module libexec/mod_actions.so
  LoadModule speling_module libexec/mod_speling.so
  LoadModule userdir_module libexec/mod_userdir.so
  LoadModule alias_module libexec/mod_alias.so
  LoadModule rewrite_module libexec/mod_rewrite.so
  LoadModule access_module libexec/mod_access.so
  LoadModule auth_module libexec/mod_auth.so
  LoadModule anon_auth_module libexec/mod_auth_anon.so
  LoadModule dbm_auth_module libexec/mod_auth_dbm.so
  LoadModule digest_module libexec/mod_digest.so
  LoadModule proxy_module libexec/libproxy.so
  LoadModule cern_meta_module libexec/mod_cern_meta.so
  LoadModule expires_module libexec/mod_expires.so
  LoadModule headers_module libexec/mod_headers.so
  LoadModule usertrack_module libexec/mod_usertrack.so
  LoadModule example_module libexec/mod_example.so
  LoadModule unique_id_module libexec/mod_unique_id.so
  LoadModule setenvif_module libexec/mod_setenvif.so
  LoadModule oprocmgr_module libexec/liboprocmgr.so
  LoadModule define_module libexec/mod_define.so
  LoadModule dms_module libexec/mod_dms.so
  LoadModule perl_module libexec/libperl.so
  LoadModule fastcgi_module libexec/mod_fastcgi.so
  <IfDefine SSL>
  LoadModule ssl_module libexec/mod_ssl.so
  </IfDefine>
  # ExtendedStatus controls whether Apache will generate "full" status
  # information (ExtendedStatus On) or just basic information (ExtendedStatus
  # Off) when the "server-status" handler is called. The default is Off.
  ExtendedStatus On
  ### Section 2: 'Main' server configuration
  # The directives in this section set up the values used by the 'main'
  # server, which responds to any requests that aren't handled by a
  # <VirtualHost> definition. These values also provide defaults for
  # any <VirtualHost> containers you may define later in the file.
  # All of these directives may appear inside <VirtualHost> containers,
  # in which case these default settings will be overridden for the
  # virtual host being defined.
  # If your ServerType directive (set earlier in the 'Global Environment'
  # section) is set to "inetd", the next few directives don't have any
  # effect since their settings are defined by the inetd configuration.
  # Skip ahead to the ServerAdmin directive.
  # Port: The port to which the standalone server listens. For
  # ports < 1023, you will need httpd to be run as root initially.
  #Port 7777
  #Listen 7777
  #Port 80
  #Listen 80
  ## SSL Support
  ## When we also provide SSL we have to listen to the
  ## standard HTTP port (see above) and to the HTTPS port
  <IfDefine SSL>
  # Port 80
  Listen 172.18.4.13:80
  Listen 172.18.4.13:443
  </IfDefine>
  # If you wish httpd to run as a different user or group, you must run
  # httpd as root initially and it will switch.
  # User/Group: The name (or #number) of the user/group to run httpd as.
  # . On SCO (ODT 3) use "User nouser" and "Group nogroup".
  # . On HPUX you may not be able to use shared memory as nobody, and the
  # suggested workaround is to create a user www and use that user.
  # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
  # when the value of (unsigned)Group is above 60000;
  # don't use Group nobody on these systems!
  User ics3devl
  Group ics3devl
  # ServerAdmin: Your address, where problems with the server should be
  # e-mailed. This address appears on some server-generated pages, such
  # as error documents.
  ServerAdmin [email protected]
  # ServerName allows you to set a host name which is sent back to clients for
  # your server if it's different than the one the program would get (i.e., use
  # "www" instead of the host's real name).
  # Note: You cannot just invent host names and hope they work. The name you
  # define here must be a valid DNS name for your host. If you don't understand
  # this, ask your network administrator.
  # If your host doesn't have a registered DNS name, enter its IP address here.
  # You will have to access it by its address (e.g., http://123.45.67.89/)
  # anyway, and this will make redirections work in a sensible way.
  # 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your
  # machine always knows itself by this address. If you use Apache strictly for
  # local testing and development, you may use 127.0.0.1 as the server name.
  ServerName 172.18.4.13
  # DocumentRoot: The directory out of which you will serve your
  # documents. By default, all requests are taken from this directory, but
  # symbolic links and aliases may be used to point to other locations.
  DocumentRoot "/devl/ics3/devl/webroot/apache"
  # Each directory to which Apache has access, can be configured with respect
  # to which services and features are allowed and/or disabled in that
  # directory (and its subdirectories).
  # First, we configure the "default" to be a very restrictive set of
  # permissions.
  <Directory />
  Options FollowSymLinks
  AllowOverride None
  </Directory>
  # Note that from this point forward you must specifically allow
  # particular features to be enabled - so if something's not working as
  # you might expect, make sure that you have specifically enabled it
  # below.
  # This should be changed to whatever you set DocumentRoot to.
  <Directory "/devl/ics3/devl/webroot/apache">
  # This may also be "None", "All", or any combination of "Indexes",
  # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
  # Note that "MultiViews" must be named explicitly --- "Options All"
  # doesn't give it to you.
  Options Indexes FollowSymLinks MultiViews
  # This controls which options the .htaccess files in directories can
  # override. Can also be "All", or any combination of "Options", "FileInfo",
  # "AuthConfig", and "Limit"
  AllowOverride None
  # Controls who can get stuff from this server.
  Order allow,deny
  Allow from all
  </Directory>
  # UserDir: The name of the directory which is appended onto a user's home
  # directory if a ~user request is received.
  <IfModule mod_userdir.c>
  UserDir public_html
  </IfModule>
  # Control access to UserDir directories. The following is an example
  # for a site where these directories are restricted to read-only.
  #<Directory /home/*/public_html>
  # AllowOverride FileInfo AuthConfig Limit
  # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
  # <Limit GET POST OPTIONS PROPFIND>
  # Order allow,deny
  # Allow from all
  # </Limit>
  # <LimitExcept GET POST OPTIONS PROPFIND>
  # Order deny,allow
  # Deny from all
  # </LimitExcept>
  #</Directory>
  # DirectoryIndex: Name of the file or files to use as a pre-written HTML
  # directory index. Separate multiple entries with spaces.
  <IfModule mod_dir.c>
  DirectoryIndex index.html index.jsp
  </IfModule>
  # AccessFileName: The name of the file to look for in each directory
  # for access control information.
  AccessFileName .htaccess
  # The following lines prevent .htaccess files from being viewed by
  # Web clients. Since .htaccess files often contain authorization
  # information, access is disallowed for security reasons. Comment
  # these lines out if you want Web visitors to see the contents of
  # .htaccess files. If you change the AccessFileName directive above,
  # be sure to make the corresponding changes here.
  # Also, folks tend to use names such as .htpasswd for password
  # files, so this will protect those as well.
  <Files ~ "^\.ht">
  Order allow,deny
  Deny from all
  </Files>
  # CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each
  # document that was negotiated on the basis of content. This asks proxy
  # servers not to cache the document. Uncommenting the following line disables
  # this behavior, and proxies will be allowed to cache the documents.
  #CacheNegotiatedDocs
  # UseCanonicalName: (new for 1.3) With this setting turned on, whenever
  # Apache needs to construct a self-referencing URL (a URL that refers back
  # to the server the response is coming from) it will use ServerName and
  # Port to form a "canonical" name. With this setting off, Apache will
  # use the hostname:port that the client supplied, when possible. This
  # also affects SERVER_NAME and SERVER_PORT in CGI scripts.
  UseCanonicalName off
  # Add 2003/1/3 test for dynamic virtyal host
  # VirtualDocumentRoot /devl/ics3/moff/webroot/oc4j/ct/web/store/%1
  # TypesConfig describes where the mime.types file (or equivalent) is
  # to be found.
  <IfModule mod_mime.c>
  TypesConfig /devl/ics3/moff/apache/mime.types
  </IfModule>
  # DefaultType is the default MIME type the server will use for a document
  # if it cannot otherwise determine one, such as from filename extensions.
  # If your server contains mostly text or HTML documents, "text/plain" is
  # a good value. If most of your content is binary, such as applications
  # or images, you may want to use "application/octet-stream" instead to
  # keep browsers from trying to display binary files as though they are
  # text.
  DefaultType text/plain
  # The mod_mime_magic module allows the server to use various hints from the
  # contents of the file itself to determine its type. The MIMEMagicFile
  # directive tells the module where the hint definitions are located.
  # mod_mime_magic is not part of the default server (you have to add
  # it yourself with a LoadModule [see the DSO paragraph in the 'Global
  # Environment' section], or recompile the server and include mod_mime_magic
  # as part of the configuration), so it's enclosed in an <IfModule> container.
  # This means that the MIMEMagicFile directive will only be processed if the
  # module is part of the server.
  <IfModule mod_mime_magic.c>
  MIMEMagicFile /devl/ics3/devl/apache/magic
  </IfModule>
  # HostnameLookups: Log the names of clients or just their IP addresses
  # e.g., www.apache.org (on) or 204.62.129.132 (off).
  # The default is off because it'd be overall better for the net if people
  # had to knowingly turn this feature on, since enabling it means that
  # each client request will result in AT LEAST one lookup request to the
  # nameserver.
  HostnameLookups Off
  # ErrorLog: The location of the error log file.
  # If you do not specify an ErrorLog directive within a <VirtualHost>
  # container, error messages relating to that virtual host will be
  # logged here. If you do define an error logfile for a <VirtualHost>
  # container, that host's errors will be logged there and not here.
  ErrorLog /devl/ics3/devl/apache/logs/error_log
  # LogLevel: Control the number of messages logged to the error_log.
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn
  # The following directives define some format nicknames for use with
  # a CustomLog directive (see below).
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common
  LogFormat "%{Referer}i -> %U" referer
  LogFormat "%{User-agent}i" agent
  # The location and format of the access logfile (Common Logfile Format).
  # If you do not define any access logfiles within a <VirtualHost>
  # container, they will be logged here. Contrariwise, if you do
  # define per-<VirtualHost> access logfiles, transactions will be
  # logged therein and not in this file.
  CustomLog /devl/ics3/devl/apache/logs/access_log common
  # If you would like to have agent and referer logfiles, uncomment the
  # following directives.
  #CustomLog /devl/ics3/devl/apache/logs/referer_log referer
  #CustomLog /devl/ics3/devl/apache/logs/agent_log agent
  # If you prefer a single logfile with access, agent, and referer information
  # (Combined Logfile Format) you can use the following directive.
  #CustomLog /devl/ics3/devl/apache/logs/access_log combined
  # Optionally add a line containing the server version and virtual host
  # name to server-generated pages (error documents, FTP directory listings,
  # mod_status and mod_info output etc., but not CGI generated documents).
  # Set to "EMail" to also include a mailto: link to the ServerAdmin.
  # Set to one of: On | Off | EMail
  ServerSignature On
  # Aliases: Add here as many aliases as you need (with no limit). The format is
  # Alias fakename realname
  <IfModule mod_alias.c>
  # Note that if you include a trailing / on fakename then the server will
  # require it to be present in the URL. So "/icons" isn't aliased in this
  # example, only "/icons/"..
  Alias /icons/ "/oraapp/9iAS10220/home/Apache/Apache/icons/"
  <Directory "/oraapp/9iAS10220/home/Apache/Apache/icons">
  Options Indexes MultiViews
  AllowOverride None
  Order allow,deny
  Allow from all
  </Directory>
  Alias /jservdocs/ "/oraapp/9iAS10220/home/Apache/Jserv/docs/"
  Alias /soapdocs/ "/oraapp/9iAS10220/home/soap/"
  Alias /perl/ "/oraapp/9iAS10220/home/Apache/Apache/cgi-bin/"
  Alias /images/ "/devl/ics3/devl/webroot/apache/images/"
  Alias /Fc/ "/devl/ics3/devl/webroot/apache/Fc/"
  Alias /html/ "/devl/ics3/devl/webroot/apache/html/"
  Alias /gftlist/ "/devl/ics3/devl/webroot/apache/gftlist/"
  Alias /articles/ "/devl/ics3/devl/webroot/apache/articles/"
  Alias /js/ "/devl/ics3/devl/webroot/apache/js/"
  Alias /css/ "/devl/ics3/devl/webroot/apache/css/"
  Alias /coremetrics/ "/devl/ics3/devl/webroot/apache/coremetrics/"
  # ScriptAlias: This controls which directories contain server scripts.
  # ScriptAliases are essentially the same as Aliases, except that
  # documents in the realname directory are treated as applications and
  # run by the server when requested rather than as documents sent to the client.
  # The same rules about trailing "/" apply to ScriptAlias directives as to
  # Alias.
  ScriptAlias /cgi-bin/ "/devl/ics3/devl/webroot/apache/cgi-bin/"
  ScriptAlias /cyber/ "/usr/cybercash/webroot/collectiblestodaytestsight-16/mck-cgi/"
  # "/oraapp/9iAS10220/home/Apache/Apache/cgi-bin" should be changed to whatever your ScriptAliased
  # CGI directory exists, if you have that configured.
  <Directory "/devl/ics3/devl/webroot/apache/cgi-bin">
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
  </Directory>
  <Directory "/usr/cybercash/webroot/collectiblestodaytestsight-16/mck-cgi">
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
  </Directory>
  </IfModule>
  # End of aliases.
  # Redirect allows you to tell clients about documents which used to exist in
  # your server's namespace, but do not anymore. This allows you to tell the
  # clients where to look for the relocated document.
  # Format: Redirect old-URI new-URL
  # Directives controlling the display of server-generated directory listings.
  <IfModule mod_autoindex.c>
  # FancyIndexing is whether you want fancy directory indexing or standard
  IndexOptions FancyIndexing
  # AddIcon* directives tell the server which icon to show for different
  # files or filename extensions. These are only displayed for
  # FancyIndexed directories.
  AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
  AddIconByType (TXT,/icons/text.gif) text/*
  AddIconByType (IMG,/icons/image2.gif) image/*
  AddIconByType (SND,/icons/sound2.gif) audio/*
  AddIconByType (VID,/icons/movie.gif) video/*
  AddIcon /icons/binary.gif .bin .exe
  AddIcon /icons/binhex.gif .hqx
  AddIcon /icons/tar.gif .tar
  AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
  AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
  AddIcon /icons/a.gif .ps .ai .eps
  AddIcon /icons/layout.gif .html .shtml .htm .pdf
  AddIcon /icons/text.gif .txt
  AddIcon /icons/c.gif .c
  AddIcon /icons/p.gif .pl .py
  AddIcon /icons/f.gif .for
  AddIcon /icons/dvi.gif .dvi
  AddIcon /icons/uuencoded.gif .uu
  AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
  AddIcon /icons/tex.gif .tex
  AddIcon /icons/bomb.gif core
  AddIcon /icons/back.gif ..
  AddIcon /icons/hand.right.gif README
  AddIcon /icons/folder.gif ^^DIRECTORY^^
  AddIcon /icons/blank.gif ^^BLANKICON^^
  # DefaultIcon is which icon to show for files which do not have an icon
  # explicitly set.
  DefaultIcon /icons/unknown.gif
  # AddDescription allows you to place a short description after a file in
  # server-generated indexes. These are only displayed for FancyIndexed
  # directories.
  # Format: AddDescription "description" filename
  #AddDescription "GZIP compressed document" .gz
  #AddDescription "tar archive" .tar
  #AddDescription "GZIP compressed tar archive" .tgz
  # ReadmeName is the name of the README file the server will look for by
  # default, and append to directory listings.
  # HeaderName is the name of a file which should be prepended to
  # directory indexes.
  # If MultiViews are amongst the Options in effect, the server will
  # first look for name.html and include it if found. If name.html
  # doesn't exist, the server will then look for name.txt and include
  # it as plaintext if found.
  ReadmeName README
  HeaderName HEADER
  # IndexIgnore is a set of filenames which directory indexing should ignore
  # and not include in the listing. Shell-style wildcarding is permitted.
  IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
  </IfModule>
  # End of indexing directives.
  # Document types.
  <IfModule mod_mime.c>
  # AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
  # information on the fly. Note: Not all browsers support this.
  # Despite the name similarity, the following Add* directives have nothing
  # to do with the FancyIndexing customization directives above.
  AddEncoding x-compress Z
  AddEncoding x-gzip gz tgz
  # AddLanguage allows you to specify the language of a document. You can
  # then use content negotiation to give a browser a file in a language
  # it can understand.
  # Note 1: The suffix does not have to be the same as the language
  # keyword --- those with documents in Polish (whose net-standard
  # language code is pl) may wish to use "AddLanguage pl .po" to
  # avoid the ambiguity with the common suffix for perl scripts.
  # Note 2: The example entries below illustrate that in quite
  # some cases the two character 'Language' abbriviation is not
  # identical to the two character 'Country' code for its country,
  # E.g. 'Danmark/dk' versus 'Danish/da'.
  # Note 3: In the case of 'ltz' we violate the RFC by using a three char
  # specifier. But there is 'work in progress' to fix this and get
  # the reference data for rfc1766 cleaned up.
  # Danish (da) - Dutch (nl) - English (en) - Estonian (ee)
  # French (fr) - German (de) - Greek-Modern (el)
  # Italian (it) - Korean (kr) - Norwegian (no)
  # Portugese (pt) - Luxembourgeois* (ltz)
  # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz)
  # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja)
  # Russian (ru)
  AddLanguage da .da
  AddLanguage nl .nl
  AddLanguage en .en
  AddLanguage et .ee
  AddLanguage fr .fr
  AddLanguage de .de
  AddLanguage el .el
  AddLanguage he .he
  AddCharset ISO-8859-8 .iso8859-8
  AddLanguage it .it
  AddLanguage ja .ja
  AddCharset ISO-2022-JP .jis
  AddLanguage kr .kr
  AddCharset ISO-2022-KR .iso-kr
  AddLanguage no .no
  AddLanguage pl .po
  AddCharset ISO-8859-2 .iso-pl
  AddLanguage pt .pt
  AddLanguage pt-br .pt-br
  AddLanguage ltz .lu
  AddLanguage ca .ca
  AddLanguage es .es
  AddLanguage sv .se
  AddLanguage cz .cz
  AddLanguage ru .ru
  AddLanguage tw .tw
  AddCharset Big5 .Big5 .big5
  AddCharset WINDOWS-1251 .cp-1251
  AddCharset CP866 .cp866
  AddCharset ISO-8859-5 .iso-ru
  AddCharset KOI8-R .koi8-r
  AddCharset UCS-2 .ucs2
  AddCharset UCS-4 .ucs4
  AddCharset UTF-8 .utf8
  # LanguagePriority allows you to give precedence to some languages
  # in case of a tie during content negotiation.
  # Just list the languages in decreasing order of preference. We have
  # more or less alphabetized them here. You probably want to change this.
  <IfModule mod_negotiation.c>
  LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
  </IfModule>
  # AddType allows you to tweak mime.types without actually editing it, or to
  # make certain files to be certain types.
  # For example, the PHP 3.x module (not part of the Apache distribution - see
  # http://www.php.net) will typically use:
  #AddType application/x-httpd-php3 .php3
  #AddType application/x-httpd-php3-source .phps
  # And for PHP 4.x, use:
  #AddType application/x-httpd-php .php
  #AddType application/x-httpd-php-source .phps
  AddType application/x-tar .tgz
  # AddHandler allows you to map certain file extensions to "handlers",
  # actions unrelated to filetype. These can be either built into the server
  # or added with the Action command (see below)
  # If you want to use server side includes, or CGI outside
  # ScriptAliased directories, uncomment the following lines.
  # To use CGI scripts:
  #AddHandler cgi-script .cgi
  # To use server-parsed HTML files
  #AddType text/html .shtml
  #AddHandler server-parsed .shtml
  # Uncomment the following line to enable Apache's send-asis HTTP file
  # feature
  #AddHandler send-as-is asis
  # If you wish to use server-parsed imagemap files, use
  #AddHandler imap-file map
  # To enable type maps, you might want to use
  #AddHandler type-map var
  </IfModule>
  # End of document types.
  # Action lets you define media types that will execute a script whenever
  # a matching file is called. This eliminates the need for repeated URL
  # pathnames for oft-used CGI file processors.
  # Format: Action media/type /cgi-script/location
  # Format: Action handler-name /cgi-script/location
  # MetaDir: specifies the name of the directory in which Apache can find
  # meta information files. These files contain additional HTTP headers
  # to include when sending the document
  #MetaDir .web
  # MetaSuffix: specifies the file name suffix for the file containing the
  # meta information.
  #MetaSuffix .meta
  # Customizable error response (Apache style)
  # these come in three flavors
  # 1) plain text
  #ErrorDocument 500 "The server made a boo boo.
  # n.b. the single leading (") marks it as text, it does not get output
  # 2) local redirects
  ErrorDocument 404 /404error.htm
  ErrorDocument 500 /500error.htm
  # to redirect to local URL /missing.html
  #ErrorDocument 404 /cgi-bin/missing_handler.pl
  # N.B.: You can redirect to a script or a document using server-side-includes.
  # 3) external redirects
  #ErrorDocument 402 http://some.other_server.com/subscription_info.html
  # N.B.: Many of the environment variables associated with the original
  # request will not be available to such a script.
  # Customize behaviour based on the browser
  <IfModule mod_setenvif.c>
  # The following directives modify normal HTTP response behavior.
  # The first directive disables keepalive for Netscape 2.x and browsers that
  # spoof it. There are known problems with these browser implementations.
  # The second directive is for Microsoft Internet Explorer 4.0b2
  # which has a broken HTTP/1.1 implementation and does not properly
  # support keepalive when it is used on 301 or 302 (redirect) responses.
  BrowserMatch "Mozilla/2" nokeepalive
  BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
  # The following directive disables HTTP/1.1 responses to browsers which
  # are in violation of the HTTP/1.0 spec by not being able to grok a
  # basic 1.1 response.
  BrowserMatch "RealPlayer 4\.0" force-response-1.0
  BrowserMatch "Java/1\.0" force-response-1.0
  BrowserMatch "JDK/1\.0" force-response-1.0
  </IfModule>
  # End of browser customization directives
  # Allow server status reports, with the URL of http://servername/server-status
  # Change the ".your_domain.com" to match your domain to enable.
  <Location /server-status>
  SetHandler server-status
  Order deny,allow
  Deny from all
  Allow from localhost web1-v3
  </Location>
  # Allow remote server configuration reports, with the URL of
  # http://servername/server-info (requires that mod_info.c be loaded).
  # Change the ".your_domain.com" to match your domain to enable.
  #<Location /server-info>
  # SetHandler server-info
  # Order deny,allow
  # Deny from all
  # Allow from localhost web1-v3
  #</Location>
  # There have been reports of people trying to abuse an old bug from pre-1.1
  # days. This bug involved a CGI script distributed as a part of Apache.
  # By uncommenting these lines you can redirect these attacks to a logging
  # script on phf.apache.org. Or, you can record them yourself, using the script
  # support/phf_abuse_log.cgi.
  #<Location /cgi-bin/phf*>
  # Deny from all
  # ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
  #</Location>
  # Proxy Server directives. Uncomment the following lines to
  # enable the proxy server:
  #<IfModule mod_proxy.c>
  # ProxyRequests On
  # <Directory proxy:*>
  # Order deny,allow
  # Deny from all
  # Allow from .your_domain.com
  # </Directory>
  # Enable/disable the handling of HTTP/1.1 "Via:" headers.
  # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
  # Set to one of: Off | On | Full | Block
  # ProxyVia On
  # To enable the cache as well, edit and uncomment the following lines:
  # (no cacheing without CacheRoot)
  # CacheRoot "/oraapp/9iAS10220/home/Apache/Apache/proxy"
  # CacheSize 5
  # CacheGcInterval 4
  # CacheMaxExpire 24
  # CacheLastModifiedFactor 0.1
  # CacheDefaultExpire 1
  # NoCache a_domain.com another_domain.edu joes.garage_sale.com
  #</IfModule>
  # End of proxy directives.
  ### Section 3: Virtual Hosts
  # VirtualHost: If you want to maintain multiple domains/hostnames on your
  # machine you can setup VirtualHost containers for them. Most configurations
  # use only name-based virtual hosts so the server doesn't need to worry about
  # IP addresses. This is indicated by the asterisks in the directives below.
  # Please see the documentation at <URL:http://www.apache.org/docs/vhosts/>
  # for further details before you try to setup virtual hosts.
  # You may use the command line option '-S' to verify your virtual host
  # configuration.
  # If you want to use name-based virtual hosts you need to define at
  # least one IP address (and port number) for them.
  # Use name-based virtual hosting.
  #NameVirtualHost 12.34.56.78:80
  #NameVirtualHost 12.34.56.78
  #NameVirtualHost *
  # VirtualHost example:
  # Almost any Apache directive may go into a VirtualHost container.
  # The first VirtualHost section is used for requests without a known
  # server name.
  #<VirtualHost *>
  # ServerAdmin [email protected]_domain.com
  # DocumentRoot /www/docs/host.some_domain.com
  # ServerName host.some_domain.com
  # ErrorLog logs/host.some_domain.com-error_log
  # CustomLog logs/host.some_domain.com-access_log common
  #</VirtualHost>
  #<VirtualHost default:*>
  #</VirtualHost>
  ## SSL Global Context
  ## All SSL configuration in this context applies both to
  ## the main server and all SSL-enabled virtual hosts.
  # Some MIME-types for downloading Certificates and CRLs
  <IfDefine SSL>
  AddType application/x-x509-ca-cert .crt
  AddType application/x-pkcs7-crl .crl
  </IfDefine>
  <IfModule mod_ssl.c>
  # Pass Phrase Dialog:
  # Configure the pass phrase gathering process.
  # The filtering dialog program (`builtin' is a internal
  # terminal dialog) has to provide the pass phrase on stdout.
  SSLPassPhraseDialog builtin
  # Inter-Process Session Cache:
  # Configure the SSL Session Cache: First either `none'
  # or `dbm:/path/to/file' for the mechanism to use and
  # second the expiring timeout (in seconds).
  #SSLSessionCache none
  #SSLSessionCache shm:/devl/ics3/devl/apache/logs/ssl_scache(512000)
  SSLSessionCache dbm:/devl/ics3/devl/apache/logs/ssl_scache
  SSLSessionCacheTimeout 300
  # Semaphore:
  # Configure the path to the mutual explusion semaphore the
  # SSL engine uses internally for inter-process synchronization.
  SSLMutex file:/devl/ics3/devl/apache/logs/ssl_mutex
  # Pseudo Random Number Generator (PRNG):
  # Configure one or more sources to seed the PRNG of the
  # SSL library. The seed data should be of good random quality.
  # WARNING! On some platforms /dev/random blocks if not enough entropy
  # is available. This means you then cannot use the /dev/random device
  # because it would lead to very long connection times (as long as
  # it requires to make more entropy available). But usually those
  # platforms additionally provide a /dev/urandom device which doesn't
  # block. So, if available, use this one instead. Read the mod_ssl User
  # Manual for more details.
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  #SSLRandomSeed startup file:/dev/random 512
  #SSLRandomSeed startup file:/dev/urandom 512
  #SSLRandomSeed connect file:/dev/random 512
  #SSLRandomSeed connect file:/dev/urandom 512
  # Logging:
  # The home of the dedicated SSL protocol logfile. Errors are
  # additionally duplicated in the general error log file. Put
  # this somewhere where it cannot be used for symlink attacks on
  # a real server (i.e. somewhere where only root can write).
  # Log levels are (ascending order: higher ones include lower ones):
  # none, error, warn, info, trace, debug.
  SSLLog /devl/ics3/devl/apache/logs/ssl_engine_log
  SSLLogLevel warn
  </IfModule>
  <IfDefine SSL>
  ## SSL Virtual Host Context
  <VirtualHost default:443>
  # General setup for the virtual host
  DocumentRoot "/devl/ics3/devl/webroot/apache"
  ServerName 172.18.4.13
  ServerAdmin [email protected]
  ErrorLog /devl/ics3/devl/apache/logs/error_log
  TransferLog /devl/ics3/devl/apache/logs/access_log
  # SSL Engine Switch:
  # Enable/Disable SSL for this virtual host.
  SSLEngine on
  # SSL Cipher Suite:
  # List the ciphers that the client is permitted to negotiate.
  # See the mod_ssl documentation for a complete list.
  #SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  # Server Certificate:
  # Point SSLCertificateFile at a PEM encoded certificate. If
  # the certificate is encrypted, then you will be prompted for a
  # pass phrase. Note that a kill -HUP will prompt again. A test
  # certificate can be generated with `make certificate' under
  # built time. Keep in mind that if you've both a RSA and a DSA
  # certificate you can configure both in parallel (to also allow
  # the use of DSA ciphers, etc.)
  SSLCertificateFile /devl/ics3/devl/apache/ssl.crt/server.crt
  #SSLCertificateFile /devl/ics3/devl/apache/ssl.crt/server-dsa.crt
  # Server Private Key:
  # If the key is not combined with the certificate, use this
  # directive to point at the key file. Keep in mind that if
  # you've both a RSA and a DSA private key you can configure
  # both in parallel (to also allow the use of DSA ciphers, etc.)
  SSLCertificateKeyFile /devl/ics3/devl/apache/ssl.key/server.key
  #SSLCertificateKeyFile /devl/ics3/devl/apache/ssl.key/server-dsa.key
  # Server Certificate Chain:
  # Point SSLCertificateChainFile at a file containing the
  # concatenation of PEM encoded CA certificates which form the
  # certificate chain for the server certificate. Alternatively
  # the referenced file can be the same as SSLCertificateFile
  # when the CA certificates are directly appended to the server
  # certificate for convinience.
  #SSLCertificateChainFile /devl/ics3/devl/apache/ssl.crt/ca.crt
  # Certificate Authority (CA):
  # Set the CA certificate verification path where to find CA
  # certificates for client authentication or alternatively one
  # huge file containing all of them (file must be PEM encoded)
  # Note: Inside SSLCACertificatePath you need hash symlinks
  # to point to the certificate files. Use the provided
  # Makefile to update the hash symlinks after changes.
  #SSLCACertificatePath /devl/ics3/devl/apache/ssl.crt
  #SSLCACertificateFile /devl/ics3/devl/apache/ssl.crt/ca-bundle.crt
  # Certificate Revocation Lists (CRL):
  # Set the CA revocation path where to find CA CRLs for client
  # authentication or alternatively one huge file containing all
  # of them (file must be PEM encoded)
  # Note: Inside SSLCARevocationPath you need hash symlinks
  # to point to the certificate files. Use the provided
  # Makefile to update the hash symlinks after changes.
  #SSLCARevocationPath /devl/ics3/devl/apache/ssl.crl
  #SSLCARevocationFile /devl/ics3/devl/apache/ssl.crl/ca-bundle.crl
  # Client Authentication (Type):
  # Client certificate verification type and depth. Types are
  # none, optional, require and optional_no_ca. Depth is a
  # number which specifies how deeply to verify the certificate
  # issuer chain before deciding the certificate is not valid.
  #SSLVerifyClient require
  #SSLVerifyDepth 10
  # Access Control:
  # With SSLRequire you can do per-directory access control based
  # on arbitrary complex boolean expressions containing server
  # variable checks and other lookup directives. The syntax is a
  # mixture between C and Perl. See the mod_ssl documentation
  # for more details.
  #<Location />
  #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
  # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
  # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
  # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
  # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
  # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
  #</Location>
  # SSL Engine Options:
  # Set various options for the SSL engine.
  # o FakeBasicAuth:
  # Translate the client X.509 into a Basic Authorisation. This means that
  # the standard Auth/DBMAuth methods can be used for access control. The
  # user name is the `one line' version of the client's X.509 certificate.
  # Note that no password is obtained from the user. Every entry in the user
  # file needs this password: `xxj31ZMTZzkVA'.
  # o ExportCertData:
  # This exports two additional environment variables: SSL_CLIENT_CERT and
  # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
  # server (always existing) and the client (only existing when client
  # authentication is used). This can be used to import the certificates
  # into CGI scripts.
  # o StdEnvVars:
  # This exports the standard SSL/TLS related `SSL_*' environment variables.
  # Per default this exportation is switched off for performance reasons,
  # because the extraction step is an expensive operation and is usually
  # useless for serving static content. So one usually enables the
  # exportation for CGI and SSI requests only.
  # o CompatEnvVars:
  # This exports obsolete environment variables for backward compatibility
  # to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
  # to provide compatibility to existing CGI scripts.
  # o StrictRequire:
  # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
  # under a "Satisfy any" situation, i.e. when it applies access is denied
  # and no other module can change it.
  # o OptRenegotiate:
  # This enables optimized SSL connection renegotiation handling when SSL
  # directives are used in per-directory context.
  #SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire
  <Files ~ "\.(cgi|shtml)$">
  SSLOptions +StdEnvVars
  </Files>
  #<Directory "/oraapp/9iAS10220/home/Apache/Apache/cgi-bin">
  <Directory "/devl/ics3/devl/webroot/apache/cgi-bin">
  SSLOptions +StdEnvVars
  </Directory>
  # SSL Protocol Adjustments:
  # The safe and default but still SSL/TLS standard compliant shutdown
  # approach is that mod_ssl sends the close notify alert but doesn't wait for
  # the close notify alert from client. When you need a different shutdown
  # approach you can use one of the following variables:
  # o ssl-unclean-shutdown:
  # This forces an unclean shutdown when the connection is closed, i.e. no
  # SSL close notify alert is send or allowed to received. This violates
  # the SSL/TLS standard but is needed for some brain-dead browsers. Use
  # this when you receive I/O errors because of the standard approach where
  # mod_ssl sends the close notify alert.
  # o ssl-accurate-shutdown:
  # This forces an accurate shutdown when the connection is closed, i.e. a
  # SSL close notify alert is send and mod_ssl waits for the close notify
  # alert of the client. This is 100% SSL/TLS standard compliant, but in
  # practice often causes hanging connections with brain-dead browsers. Use
  # this only for browsers where you know that their SSL implementation
  # works correctly.
  # Notice: Most problems of broken clients are also related to the HTTP
  # keep-alive facility, so you usually additionally want to disable
  # keep-alive for those clients, too. Use variable "nokeepalive" for this.
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
  # Per-Server Logging:
  # The home of a custom SSL log file. Use this when you want a
  # compact non-error SSL logfile on a virtual host basis.
  CustomLog /devl/ics3/devl/apache/logs/ssl_request_log \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  </VirtualHost>
  </IfDefine>
  <IfModule mod_dms.c>
  <Location /dms0>
  SetHandler dms-handler
  </Location>
  </IfModule>
  # Perl Directives
  #PerlWarn On
  #PerlFreshRestart On
  #PerlSetEnv PERL5OPT Tw
  #PerlSetEnv PERL5LIB "/oraapp/9iAS10220/home/Apache/perl/lib/5.00503:/oraapp/9iAS10220/home/Apache/perl/lib/site_perl/5.005"
  SetEnv PERL5LIB "/oraapp/9iAS10220/home/Apache/perl/lib/5.00503:/oraapp/9iAS10220/home/Apache/perl/lib/site_perl/5.005"
  PerlModule Apache
  #PerlModule Apache::Status
  PerlModule Apache::Registry
  #PerlModule Apache::CGI
  #PerlModule Apache::DBI
  #PerlRequire
  <Location /perl>
  SetHandler perl-script
  PerlHandler Apache::Registry
  AddHandler perl-script .pl
  Options +ExecCGI
  PerlSendHeader On
  </Location>
  #<Location /perl-status>
  # SetHandler perl-script
  # PerlHandler Apache::Status
  # order deny,allow
  # deny from all
  # allow from .your_domain.com
  #</Location>
  # Setup of oprocmgr module.
  # This directive identifies each remote apache instance that will be
  # sending requests to processes (e.g., JServs), managed by local Apache
  # instances. This directive is used by the local process manager to share
  # routing information with remote apache instances via non-SSL HTTP messages.
  # The directive is repeated for each remote apache instance that will be
  # sending requests. The ProcNode directive that refers to the local apache
  # instance will be ignored, but may be supplied to facilitate uniformity
  # in configuration across apache instances. Arguments to the ProcNode must
  # be sufficient to reach the remote instance of apache via non-SSL HTTP
  # messages. It is not considered an error if the remote apache instance is
  # unreachable, as no assumption is made about the starting order or
  # availability of apache instances.
  # Syntax: ProcNode <hostname> <port>
  # Example: ProcNode abc.com 7777
  <IfModule mod_oprocmgr.c>
  ProcNode web1-v3 7777
  <IfDefine SSL>
  ProcNode web1-v3 80
  </IfDefine>
  <Location /oprocmgr-service>
  SetHandler oprocmgr-service
  </Location>
  <Location /oprocmgr-status>
  SetHandler oprocmgr-status
  </Location>
  </IfModule>
  # Setup of FastCGI module
  <IfModule mod_fastcgi.c>
  Alias /fastcgi/ "/devl/ics3/devl/webroot/apache/fastcgi/"
  ScriptAlias /fcgi-bin/ "/devl/ics3/devl/webroot/apache/fcgi-bin/"
  <Directory "/devl/ics3/devl/webroot/apache/fcgi-bin">
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
  SetHandler fastcgi-script
       <IfDefine SSL>
  SSLOptions +StdEnvVars
       </IfDefine>
  </Directory>
  </IfModule>
  <IfModule mod_proxy.c>
  proxyRequests off
  proxyPass /cust http://172.18.4.13:7778/cust
  proxyPassReverse /cust http://172.18.4.13:7778/cust
  proxyPass /ct http://172.18.4.13:7778/ct
  proxyPassReverse /ct http://172.18.4.13:7778/ct
  </IfModule>
  #<IfModule mod_proxy.c>
  # proxyRequests on
  # proxyPass /ct http://172.18.4.13:7778/ct
  # proxyPassReverse /ct http://172.18.4.13:7778/ct
  #</IfModule>
  # Include the configuration files needed for jserv
  include "/oraapp/9iAS10220/home/Apache/Jserv/etc/jserv.conf"
  ApJServMount / /ct
  AddType text/jsp .jsp
  AddHandler jserv-servlet .jsp
  # Include the Oracle configuration file for custom settings
  #include "/devl/ics3/devl/apache/oracle_apache.conf"
  <VirtualHost 172.18.4.13:80>
  ServerName ics3dv1ws1.hq.bradgroup
  DocumentRoot /devl/ics3/devl/webroot/apache
  ServerAlias www.ics3dv1ws1.hq.bradgroup
  </VirtualHost>
  # <VirtualHost     172.18.4.13:80>
  ServerName %1.collectiblestoday.com
  VirtualDocumentRoot /devl/ics3/devl/webroot/oc4j/ct/web
  # </VirtualHost>

  Weird ... that works.
  So, I created the dummy account which was also failing as follows:
  create user newuser identified by oracle;
  grant developer_role to newuser;This fails, but only from a Form running under OC4J, until I run:
  ALTER SYSTEM SET sec_case_sensitive_logon = FALSE scope = MEMORY;While I've made this change in our development database, I don't really want to do the same eventually in PROD. I'd rather figure out what's changed about how OC4J connects, find a rememdy there, and set this back to TRUE.
  Since I didn't create the username or password as a string literal (to ensure lowercasing), I'm confused as to what's happening. When the init parm is set to TRUE, when the dialog box pops up for the form after the invalid username/password error, I tried entering the password in all lowercase, and then in all uppercase, to no effect. Both fail.
  --=Chuck

• Apache mod_rewrite, htaccess and virtual host

  Does not appear that the htaccess file is doing anything at all; I tested with a 301 redirect and even put some random nonsense in it in hopes to provoke a server error and nothing.
  httpd.conf : http://pastebin.com/36qFCg5q
  httpd-vhosts.conf
  <VirtualHost *:80>
      DocumentRoot "/Users/jwindhall/Railo/tomcat/webapps/ROOT/dentist_app"
      ServerName xxx.com
      ServerAlias www.xxx.com
  <Directory "/Users/jwindhall/Railo/tomcat/webapps/ROOT/dentist_app">
      Options All Includes Indexes
      Order allow,deny
      Allow from all
      AllowOverride All
  </Directory>
  ProxyRequests Off
  <Proxy *>
  Options All Includes Indexes
  Order allow,deny
  Allow from all
  AllowOverride All
  </Proxy>
  ProxyPass / http://www.xxx.com:8080/
  ProxyPassReverse / http://www.xxx.com:8080/
  </VirtualHost>
  jwindhall.conf:
  <Directory "/Users/jwindhall/Railo/tomcat/webapps/ROOT/dentist_app">
  Options Indexes MultiViews FollowSymlinks
  AllowOverride All
  Order allow,deny
  Allow from all
  </Directory>

  The question etresoft was asking was around what goal or end or configuration you were trying to achieve here, and not who you might be.  With some background on the problem and on the particular goal, we might be able to provide you with a more direct solution, or debug the error. 
  It looks like you're trying to run some Tomcat stuff.  Something like this?
  Though that articile doesn't indicate it, the provided set-up there looks to be specific to OS X client.  Are you running OS X Server, or OS X client.  And in either case, which version?   (The management user interfaces do vary here, both by client and server, and by version.)
  The article also looks to be for 10.6 or earlier, or it presumes that you have Java installed.  That's not the default, so that's something you'll need to establish.
  Apache redirects do work on OS X and OS X Server.  If you're just testing that, get rid of Java and Tomcat and the rest (from your configuration test) and test just the URL redirects.
  Apache is also sensitive to file protections and ownerships, as it strives to avoid allowing an attacker at your whole system (by default), though those protections can be overridden.
  As a first step toward troubleshooting your current configuration, invoke the Apache configuration test on your system and see if it tosses any errors, and also check the Apache server logs for relevant errors.  The logs are usually in the /var/log/apache2 directory, though that can be changed.  This'll make sure the core giblets are working.  The next steps would usually then involve checking the protections on the web directories, and then testing Java and Tomcat individually.
  OS X Server is a little more simple to set up and (mostly) avoids needing to access the configuration files, and the directories and related are IMO a little easier to deal with; you're using Server Admin.app or Server.app (depending on the OS X Server version) to manage all that, and not a text editor.
  And you may already be aware of this; do not try to use a GUI editor to edit the configuration files.  TextWrangler will work here, but most other GUI editors won't.  Using a command-line editor is more common; nano or vim or emacs or such.  FWIW.

• Installing Apache 2.4.3 on OSX 10.6.8

  Hi,
  I'm trying to install Apache web server on Mac OSX 10.6.8. On my first attempt with ./configure, I was informed that my apr version was too old. So I downloaded apr and apr-util, and as instructed by the Apache INSTALL doc, I upacked those files and moved their directories to httpd-2.4.3/srclib/apr and httpd-2.4.3/srclib/apr-util:
  ~/Downloads/httpd-2.4.3/srclib$ ls MakefileMakefile.in     apr          apr-util
  Then the Apache INSTALL doc said to run configure like this:
  ~/Downloads/httpd-2.4.3 $ ./configure --with-included-apr
  Then I got a new error:
  configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/
  So I looked at the Apache installation docs here:
  http://httpd.apache.org/docs/current/install.html
  which say:
  REQUIREMENTS
  Perl-Compatible Regular Expressions Library (PCRE)
  This library is required but not longer bundled with httpd. Download the source code from http://www.pcre.org, or install a Port or Package. If your build system can't find the pcre-config script installed by the PCRE build, point to it using the --with-pcre parameter. On some platforms, you may have to install the corresponding -dev package to allow httpd to build against your installed copy of PCRE.
  So I downloaded pcre and installed pcre with ./configure, make, make install, which seemed to install pcre correctly. But when I tried to run ./configure for Apache, Apache still couldn't find pcre. So next I tried:
  ~/Downloads/httpd-2.4.3$ ./configure --with-included-apr --with-pcre=../pcre-8.32/pcre-config
  and this time ./configure seemed to end normally.
  On to make:
  ~/Downloads/httpd-2.4.3$  make
  But make ends with pcre errors:
  Downloads/httpd-2.4.3/modules/cache -I/Users/7stud/Downloads/httpd-2.4.3/modules/core -I/Users/7stud/Downloads/httpd-2.4.3/modules/database -I/Users/7stud/Downloads/httpd-2.4.3/modules/filters -I/Users/7stud/Downloads/httpd-2.4.3/modules/ldap -I/Users/7stud/Downloads/httpd-2.4.3/modules/loggers -I/Users/7stud/Downloads/httpd-2.4.3/modules/lua -I/Users/7stud/Downloads/httpd-2.4.3/modules/proxy -I/Users/7stud/Downloads/httpd-2.4.3/modules/session -I/Users/7stud/Downloads/httpd-2.4.3/modules/ssl -I/Users/7stud/Downloads/httpd-2.4.3/modules/test -I/Users/7stud/Downloads/httpd-2.4.3/server -I/Users/7stud/Downloads/httpd-2.4.3/modules/arch/unix -I/Users/7stud/Downloads/httpd-2.4.3/modules/dav/main -I/Users/7stud/Downloads/httpd-2.4.3/modules/generators -I/Users/7stud/Downloads/httpd-2.4.3/modules/mappers  -prefer-non-pic -static -c util_pcre.c && touch util_pcre.lo
  util_pcre.c:48:18: error: pcre.h: No such file or directory
  util_pcre.c: In function 'ap_regfree':
  util_pcre.c:103: error: 'pcre_free' undeclared (first use in this function)
  util_pcre.c:103: error: (Each undeclared identifier is reported only once
  util_pcre.c:103: error: for each function it appears in.)
  util_pcre.c: In function 'ap_regcomp':
  util_pcre.c:129: error: 'PCRE_CASELESS' undeclared (first use in this function)
  util_pcre.c:131: error: 'PCRE_MULTILINE' undeclared (first use in this function)
  util_pcre.c:133: error: 'PCRE_DOTALL' undeclared (first use in this function)
  util_pcre.c:136: warning: implicit declaration of function 'pcre_compile'
  util_pcre.c:136: warning: assignment makes pointer from integer without a cast
  util_pcre.c:142: warning: implicit declaration of function 'pcre_fullinfo'
  util_pcre.c:142: error: expected ')' before 'pcre'
  util_pcre.c:142: warning: type defaults to 'int' in declaration of 'type name'
  util_pcre.c:142: warning: cast from pointer to integer of different size
  util_pcre.c:143: error: 'PCRE_INFO_CAPTURECOUNT' undeclared (first use in this function)
  util_pcre.c: In function 'ap_regexec_len':
  util_pcre.c:180: error: 'PCRE_NOTBOL' undeclared (first use in this function)
  util_pcre.c:182: error: 'PCRE_NOTEOL' undeclared (first use in this function)
  util_pcre.c:198: warning: implicit declaration of function 'pcre_exec'
  util_pcre.c:198: error: expected ')' before 'pcre'
  util_pcre.c:198: warning: type defaults to 'int' in declaration of 'type name'
  util_pcre.c:198: warning: cast from pointer to integer of different size
  util_pcre.c:221: error: 'PCRE_ERROR_NOMATCH' undeclared (first use in this function)
  util_pcre.c:223: error: 'PCRE_ERROR_NULL' undeclared (first use in this function)
  util_pcre.c:225: error: 'PCRE_ERROR_BADOPTION' undeclared (first use in this function)
  util_pcre.c:227: error: 'PCRE_ERROR_BADMAGIC' undeclared (first use in this function)
  util_pcre.c:229: error: 'PCRE_ERROR_UNKNOWN_NODE' undeclared (first use in this function)
  util_pcre.c:231: error: 'PCRE_ERROR_NOMEMORY' undeclared (first use in this function)
  make[2]: *** [util_pcre.lo] Error 1
  make[1]: *** [all-recursive] Error 1
  make: *** [all-recursive] Error 1
  Any ideas what went wrong or what I should try next? The Apache install web page says:
  On some platforms, you may have to install the corresponding -dev package to allow httpd to build against your installed copy of PCRE. 
  But I can't find any information on where "the corresponding -dev package" can be downloaded.
  Thanks.

  Now I can't get a cgi script to execute.  Apache is returning the text of the script.  I've tried to follow exactly what the Apache CGI tutorial says here:
  http://httpd.apache.org/docs/2.0/howto/cgi.html#configuring
  I also followed the directions in the perl cgi script, printenv, that was included with Apache, and Apache returns the text, rather than executing the script.  Here is what the cgi-bin directory looks like:
  /usr/local/apache2/cgi-bin$ ls -al
  total 24
  drwxrwxrwx   5 root   admin   170 Feb 19 19:34 .
  drwxr-xr-x  15 root   admin   510 Feb 19 12:36 ..
  -rwxr-xr-x   1 7stud  admin   138 Feb 19 19:32 my.pl
  -rwxr-xr-x@  1 7stud  staff   687 Feb 19 19:03 printenv
  -rw-r--r--@  1 7stud  staff  1127 Sep  6  2008 test-cgi
  Here's what the printenv script looks like:
  /usr/local/apache2/cgi-bin$ cat printenv
  #!/usr/bin/env perl
  # To permit this cgi, replace # on the first line above with the
  # appropriate #!/path/to/perl shebang, and set this script executable
  # with chmod 755.
  # Note that it is subject to cross site scripting attacks on MS IE
  # and any other browser which fails to honor RFC2616, so never use
  # it in a live server environment, it is provided only for testing.
  ##  printenv -- demo CGI program which just prints its environment
  use strict;
  use warnings;
  print "Content-type: text/plain; charset=iso-8859-1\n\n";
  foreach my $var (sort(keys(%ENV))) {
      my $val = $ENV{$var};
      $val =~ s|\n|\\n|g;
      $val =~ s|"|\\"|g;
      print "${var}=\"${val}\"\n";
  Here's the url I used in my browser:
  http://localhost:8080/cgi-bin/printenv
  Here is my httpd.conf:
  # This is the main Apache HTTP server configuration file.  It contains the
  # configuration directives that give the server its instructions.
  # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
  # In particular, see
  # <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
  # for a discussion of each configuration directive.
  # Do NOT simply read the instructions in here without understanding
  # what they do.  They're here only as hints or reminders.  If you are unsure
  # consult the online docs. You have been warned. 
  # Configuration and logfile names: If the filenames you specify for many
  # of the server's control files begin with "/" (or "drive:/" for Win32), the
  # server will use that explicit path.  If the filenames do *not* begin
  # with "/", the value of ServerRoot is prepended -- so "logs/access_log"
  # with ServerRoot set to "/usr/local/apache2" will be interpreted by the
  # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
  # will be interpreted as '/logs/access_log'.
  # ServerRoot: The top of the directory tree under which the server's
  # configuration, error, and log files are kept.
  # Do not add a slash at the end of the directory path.  If you point
  # ServerRoot at a non-local disk, be sure to specify a local disk on the
  # Mutex directive, if file-based mutexes are used.  If you wish to share the
  # same ServerRoot for multiple httpd daemons, you will need to change at
  # least PidFile.
  ServerRoot "/usr/local/apache2"
  # Mutex: Allows you to set the mutex mechanism and mutex file directory
  # for individual mutexes, or change the global defaults
  # Uncomment and change the directory if mutexes are file-based and the default
  # mutex file directory is not on a local disk or is not appropriate for some
  # other reason.
  # Mutex default:logs
  # Listen: Allows you to bind Apache to specific IP addresses and/or
  # ports, instead of the default. See also the <VirtualHost>
  # directive.
  # Change this to Listen on specific IP addresses as shown below to
  # prevent Apache from glomming onto all bound IP addresses.
  #Listen 12.34.56.78:80
  Listen 8080
  # Dynamic Shared Object (DSO) Support
  # To be able to use the functionality of a module which was built as a DSO you
  # have to place corresponding `LoadModule' lines at this location so the
  # directives contained in it are actually available _before_ they are used.
  # Statically compiled modules (those listed by `httpd -l') do not need
  # to be loaded here.
  # Example:
  # LoadModule foo_module modules/mod_foo.so
  LoadModule authn_file_module modules/mod_authn_file.so
  #LoadModule authn_dbm_module modules/mod_authn_dbm.so
  #LoadModule authn_anon_module modules/mod_authn_anon.so
  #LoadModule authn_dbd_module modules/mod_authn_dbd.so
  #LoadModule authn_socache_module modules/mod_authn_socache.so
  LoadModule authn_core_module modules/mod_authn_core.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  LoadModule authz_user_module modules/mod_authz_user.so
  #LoadModule authz_dbm_module modules/mod_authz_dbm.so
  #LoadModule authz_owner_module modules/mod_authz_owner.so
  #LoadModule authz_dbd_module modules/mod_authz_dbd.so
  LoadModule authz_core_module modules/mod_authz_core.so
  LoadModule access_compat_module modules/mod_access_compat.so
  LoadModule auth_basic_module modules/mod_auth_basic.so
  #LoadModule auth_form_module modules/mod_auth_form.so
  #LoadModule auth_digest_module modules/mod_auth_digest.so
  #LoadModule allowmethods_module modules/mod_allowmethods.so
  #LoadModule file_cache_module modules/mod_file_cache.so
  #LoadModule cache_module modules/mod_cache.so
  #LoadModule cache_disk_module modules/mod_cache_disk.so
  #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
  #LoadModule socache_dbm_module modules/mod_socache_dbm.so
  #LoadModule socache_memcache_module modules/mod_socache_memcache.so
  #LoadModule dbd_module modules/mod_dbd.so
  #LoadModule dumpio_module modules/mod_dumpio.so
  #LoadModule buffer_module modules/mod_buffer.so
  #LoadModule ratelimit_module modules/mod_ratelimit.so
  LoadModule reqtimeout_module modules/mod_reqtimeout.so
  #LoadModule ext_filter_module modules/mod_ext_filter.so
  #LoadModule request_module modules/mod_request.so
  #LoadModule include_module modules/mod_include.so
  LoadModule filter_module modules/mod_filter.so
  #LoadModule substitute_module modules/mod_substitute.so
  #LoadModule sed_module modules/mod_sed.so
  #LoadModule deflate_module modules/mod_deflate.so
  LoadModule mime_module modules/mod_mime.so
  LoadModule log_config_module modules/mod_log_config.so
  #LoadModule log_debug_module modules/mod_log_debug.so
  #LoadModule logio_module modules/mod_logio.so
  LoadModule env_module modules/mod_env.so
  #LoadModule expires_module modules/mod_expires.so
  LoadModule headers_module modules/mod_headers.so
  #LoadModule unique_id_module modules/mod_unique_id.so
  LoadModule setenvif_module modules/mod_setenvif.so
  LoadModule version_module modules/mod_version.so
  #LoadModule remoteip_module modules/mod_remoteip.so
  #LoadModule proxy_module modules/mod_proxy.so
  #LoadModule proxy_connect_module modules/mod_proxy_connect.so
  #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  #LoadModule proxy_http_module modules/mod_proxy_http.so
  #LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
  #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
  #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
  #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
  #LoadModule proxy_express_module modules/mod_proxy_express.so
  #LoadModule session_module modules/mod_session.so
  #LoadModule session_cookie_module modules/mod_session_cookie.so
  #LoadModule session_dbd_module modules/mod_session_dbd.so
  #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
  #LoadModule ssl_module modules/mod_ssl.so
  #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
  #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
  #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
  #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
  LoadModule unixd_module modules/mod_unixd.so
  #LoadModule dav_module modules/mod_dav.so
  LoadModule status_module modules/mod_status.so
  LoadModule autoindex_module modules/mod_autoindex.so
  #LoadModule info_module modules/mod_info.so
  #LoadModule cgid_module modules/mod_cgid.so
  #LoadModule dav_fs_module modules/mod_dav_fs.so
  #LoadModule vhost_alias_module modules/mod_vhost_alias.so
  #LoadModule negotiation_module modules/mod_negotiation.so
  LoadModule dir_module modules/mod_dir.so
  #LoadModule actions_module modules/mod_actions.so
  #LoadModule speling_module modules/mod_speling.so
  #LoadModule userdir_module modules/mod_userdir.so
  LoadModule alias_module modules/mod_alias.so
  #LoadModule rewrite_module modules/mod_rewrite.so
  <IfModule unixd_module>
  # If you wish httpd to run as a different user or group, you must run
  # httpd as root initially and it will switch. 
  # User/Group: The name (or #number) of the user/group to run httpd as.
  # It is usually good practice to create a dedicated user and group for
  # running httpd, as with most system services.
  User daemon
  Group daemon
  </IfModule>
  # 'Main' server configuration
  # The directives in this section set up the values used by the 'main'
  # server, which responds to any requests that aren't handled by a
  # <VirtualHost> definition.  These values also provide defaults for
  # any <VirtualHost> containers you may define later in the file.
  # All of these directives may appear inside <VirtualHost> containers,
  # in which case these default settings will be overridden for the
  # virtual host being defined.
  # ServerAdmin: Your address, where problems with the server should be
  # e-mailed.  This address appears on some server-generated pages, such
  # as error documents.  e.g. [email protected]
  ServerAdmin [email protected]
  # ServerName gives the name and port that the server uses to identify itself.
  # This can often be determined automatically, but we recommend you specify
  # it explicitly to prevent problems during startup.
  # If your host doesn't have a registered DNS name, enter its IP address here.
  ServerName 7stud.com
  # Deny access to the entirety of your server's filesystem. You must
  # explicitly permit access to web content directories in other
  # <Directory> blocks below.
  <Directory />
      AllowOverride none
      Require all denied
  </Directory>
  # Note that from this point forward you must specifically allow
  # particular features to be enabled - so if something's not working as
  # you might expect, make sure that you have specifically enabled it
  # below.
  # DocumentRoot: The directory out of which you will serve your
  # documents. By default, all requests are taken from this directory, but
  # symbolic links and aliases may be used to point to other locations.
  DocumentRoot "/usr/local/apache2/htdocs"
  <Directory "/usr/local/apache2/htdocs">
      # Possible values for the Options directive are "None", "All",
      # or any combination of:
      #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
      # Note that "MultiViews" must be named *explicitly* --- "Options All"
      # doesn't give it to you.
      # The Options directive is both complicated and important.  Please see
      # http://httpd.apache.org/docs/2.4/mod/core.html#options
      # for more information.
      Options Indexes FollowSymLinks
      # AllowOverride controls what directives may be placed in .htaccess files.
      # It can be "All", "None", or any combination of the keywords:
      #   Options FileInfo AuthConfig Limit
      AllowOverride None
      # Controls who can get stuff from this server.
      Require all granted
  </Directory>
  # DirectoryIndex: sets the file that Apache will serve if a directory
  # is requested.
  <IfModule dir_module>
      DirectoryIndex index.html
  </IfModule>
  # The following lines prevent .htaccess and .htpasswd files from being
  # viewed by Web clients.
  <Files ".ht*">
      Require all denied
  </Files>
  # ErrorLog: The location of the error log file.
  # If you do not specify an ErrorLog directive within a <VirtualHost>
  # container, error messages relating to that virtual host will be
  # logged here.  If you *do* define an error logfile for a <VirtualHost>
  # container, that host's errors will be logged there and not here.
  ErrorLog "logs/error_log"
  # LogLevel: Control the number of messages logged to the error_log.
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn
  <IfModule log_config_module>
      # The following directives define some format nicknames for use with
      # a CustomLog directive (see below).
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
      LogFormat "%h %l %u %t \"%r\" %>s %b" common
      <IfModule logio_module>
        # You need to enable mod_logio.c to use %I and %O
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
      </IfModule>
      # The location and format of the access logfile (Common Logfile Format).
      # If you do not define any access logfiles within a <VirtualHost>
      # container, they will be logged here.  Contrariwise, if you *do*
      # define per-<VirtualHost> access logfiles, transactions will be
      # logged therein and *not* in this file.
      CustomLog "logs/access_log" common
      # If you prefer a logfile with access, agent, and referer information
      # (Combined Logfile Format) you can use the following directive.
      #CustomLog "logs/access_log" combined
  </IfModule>
  <IfModule alias_module>
      # Redirect: Allows you to tell clients about documents that used to
      # exist in your server's namespace, but do not anymore. The client
      # will make a new request for the document at its new location.
      # Example:
      # Redirect permanent /foo http://www.example.com/bar
      # Alias: Maps web paths into filesystem paths and is used to
      # access content that does not live under the DocumentRoot.
      # Example:
      # Alias /webpath /full/filesystem/path
      # If you include a trailing / on /webpath then the server will
      # require it to be present in the URL.  You will also likely
      # need to provide a <Directory> section to allow access to
      # the filesystem path.
      # ScriptAlias: This controls which directories contain server scripts.
      # ScriptAliases are essentially the same as Aliases, except that
      # documents in the target directory are treated as applications and
      # run by the server when requested rather than as documents sent to the
      # client.  The same rules about trailing "/" apply to ScriptAlias
      # directives as to Alias.
      ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/
  </IfModule>
  <IfModule cgid_module>
      # ScriptSock: On threaded servers, designate the path to the UNIX
      # socket used to communicate with the CGI daemon of mod_cgid.
      #Scriptsock cgisock
  </IfModule>
  # "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
  # CGI directory exists, if you have that configured.
  <Directory "/usr/local/apache2/cgi-bin">
      AllowOverride None
      Options None
      Require all granted
  </Directory>
  <IfModule mime_module>
      # TypesConfig points to the file containing the list of mappings from
      # filename extension to MIME-type.
      TypesConfig conf/mime.types
      # AddType allows you to add to or override the MIME configuration
      # file specified in TypesConfig for specific file types.
      #AddType application/x-gzip .tgz
      # AddEncoding allows you to have certain browsers uncompress
      # information on the fly. Note: Not all browsers support this.
      #AddEncoding x-compress .Z
      #AddEncoding x-gzip .gz .tgz
      # If the AddEncoding directives above are commented-out, then you
      # probably should define those extensions to indicate media types:
      AddType application/x-compress .Z
      AddType application/x-gzip .gz .tgz
      # AddHandler allows you to map certain file extensions to "handlers":
      # actions unrelated to filetype. These can be either built into the server
      # or added with the Action directive (see below)
      # To use CGI scripts outside of ScriptAliased directories:
      # (You will also need to add "ExecCGI" to the "Options" directive.)
      #AddHandler cgi-script .cgi
      # For type maps (negotiated resources):
      #AddHandler type-map var
      # Filters allow you to process content before it is sent to the client.
      # To parse .shtml files for server-side includes (SSI):
      # (You will also need to add "Includes" to the "Options" directive.)
      #AddType text/html .shtml
      #AddOutputFilter INCLUDES .shtml
  </IfModule>
  # The mod_mime_magic module allows the server to use various hints from the
  # contents of the file itself to determine its type.  The MIMEMagicFile
  # directive tells the module where the hint definitions are located.
  #MIMEMagicFile conf/magic
  # Customizable error responses come in three flavors:
  # 1) plain text 2) local redirects 3) external redirects
  # Some examples:
  #ErrorDocument 500 "The server made a boo boo."
  #ErrorDocument 404 /missing.html
  #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
  #ErrorDocument 402 http://www.example.com/subscription_info.html
  # MaxRanges: Maximum number of Ranges in a request before
  # returning the entire resource, or one of the special
  # values 'default', 'none' or 'unlimited'.
  # Default setting is to accept 200 Ranges.
  #MaxRanges unlimited
  # EnableMMAP and EnableSendfile: On systems that support it,
  # memory-mapping or the sendfile syscall may be used to deliver
  # files.  This usually improves server performance, but must
  # be turned off when serving from networked-mounted
  # filesystems or if support for these functions is otherwise
  # broken on your system.
  # Defaults: EnableMMAP On, EnableSendfile Off
  #EnableMMAP off
  #EnableSendfile on
  # Supplemental configuration
  # The configuration files in the conf/extra/ directory can be
  # included to add extra features or to modify the default configuration of
  # the server, or you may simply copy their contents here and change as
  # necessary.
  # Server-pool management (MPM specific)
  #Include conf/extra/httpd-mpm.conf
  # Multi-language error messages
  #Include conf/extra/httpd-multilang-errordoc.conf
  # Fancy directory listings
  #Include conf/extra/httpd-autoindex.conf
  # Language settings
  #Include conf/extra/httpd-languages.conf
  # User home directories
  #Include conf/extra/httpd-userdir.conf
  # Real-time info on requests and configuration
  #Include conf/extra/httpd-info.conf
  # Virtual hosts
  #Include conf/extra/httpd-vhosts.conf
  # Local access to the Apache HTTP Server Manual
  #Include conf/extra/httpd-manual.conf
  # Distributed authoring and versioning (WebDAV)
  #Include conf/extra/httpd-dav.conf
  # Various default settings
  #Include conf/extra/httpd-default.conf
  # Configure mod_proxy_html to understand HTML4/XHTML1
  <IfModule proxy_html_module>
  Include conf/extra/proxy-html.conf
  </IfModule>
  # Secure (SSL/TLS) connections
  #Include conf/extra/httpd-ssl.conf
  # Note: The following must must be present to support
  #       starting without SSL on platforms with no /dev/random equivalent
  #       but a statically compiled-in mod_ssl.
  <IfModule ssl_module>
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  </IfModule>
  # Deal with user agents that deliberately violate open standards
  <IfModule setenvif_module>
  BrowserMatch "MSIE 10.0;" bad_DNT
  </IfModule>
  <IfModule headers_module>
  RequestHeader unset DNT env=bad_DNT
  </IfModule>

• [Solved] Strange entries in apache access_log

  Hi all,
  I recently setup up a small apache server. Listing is disabled, I just wanted people who I give a full file path to be able to download specific files. I'm keeping them in ~/public_html.
  If I look at /var/log/httpd/access_log, I see some entries that make sense:
  138.102.68.222 - - [25/Mar/2014:20:31:13 -0500] "GET /~lefty/pictures.zip HTTP/1.1" 200 201823247
  138.102.68.222 - - [25/Mar/2014:20:32:51 -0500] "GET / HTTP/1.1" 403 983
  141.123.267.82 - - [25/Mar/2014:20:37:03 -0500] "GET /~lefty/pictures.zip HTTP/1.1" 200 201823247
  That's me testing downloading pictures.zip (success), testing just accessing the root folder (denied 403, as I had hoped), and my friend downloading pictures.zip.
  Next in the log I see some entries that contain a bunch of gibberish and get rejected:
  202.175.83.131 - - [25/Mar/2014:21:56:23 -0500] "HEAD / HTTP/1.0" 403 -
  202.175.83.131 - - [25/Mar/2014:21:56:23 -0500] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 976
  202.175.83.131 - - [25/Mar/2014:21:56:24 -0500] "POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 976
  202.175.83.131 - - [25/Mar/2014:21:56:24 -0500] "POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 976
  202.175.83.131 - - [25/Mar/2014:21:56:25 -0500] "POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 976
  202.175.83.131 - - [25/Mar/2014:21:56:26 -0500] "POST /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 976
  200.98.175.74 - - [25/Mar/2014:23:22:22 -0500] "HEAD / HTTP/1.0" 403 -
  96.38.230.190 - - [26/Mar/2014:23:45:54 -0500] "\x80w\x01\x03\x01" 400 226
  96.38.230.190 - - [26/Mar/2014:23:45:54 -0500] "GET /HNAP1/ HTTP/1.1" 404 1103
  Should I be concerned? Also, it looks like the long strings were requesting a specific file and got 404 errors b/c it doesn't exist. What's with the short "\x80w" string that gets error 400?
  Thanks,
  Lefty
  Last edited by LeftyAce (2014-03-29 23:24:25)

  I am shocked, shocked to think someone is trying to hack you
  ewaller$@$odin ~ 1006 %whois 202.175.83.131
  % [whois.apnic.net]
  % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
  % Information related to '202.175.0.0 - 202.175.127.255'
  inetnum: 202.175.0.0 - 202.175.127.255
  netname: CTM-MO
  descr: CTM
  country: MO
  admin-c: CN166-AP
  tech-c: CN166-AP
  mnt-by: APNIC-HM
  mnt-lower: MAINT-CTM-MO
  mnt-routes: MAINT-CTM-MO
  mnt-irt: IRT-CTM-MO
  changed: [email protected] 20040130
  remarks: combine all small allocation objects into a /17 object
  remarks: this object can only modify by APNIC Hostmaster
  status: ALLOCATED PORTABLE
  changed: [email protected] 20060224
  changed: [email protected] 20110701
  source: APNIC
  irt: IRT-CTM-MO
  address: Rua da Lagos, Telecentro
  address: P.O. Box 868
  address: Taipa
  address: Macau
  e-mail: [email protected]
  abuse-mailbox: [email protected]
  admin-c: JC1146-AP
  tech-c: HL13
  auth: # Filtered
  mnt-by: MAINT-CTM-MO
  changed: [email protected] 20101201
  source: APNIC
  role: CTM NOC
  nic-hdl: CN166-AP
  address: CTM - Internet Business Unit
  address: Rua da Lagos, Telecentro
  address: P.O. Box 868, Taipa
  address: Macau
  country: MO
  phone: +853 8912728
  fax-no: +853 8912933
  e-mail: [email protected]
  admin-c: JC1146-AP
  tech-c: HL13
  notify: [email protected]
  changed: [email protected] 20030530
  mnt-by: MAINT-CTM-MO
  source: APNIC
  % Information related to '202.175.64.0/19AS4609'
  route: 202.175.64.0/19
  descr: CTM Internet Services
  descr: Companhia de Telecomunicacoes de Macau S.A.R.L.
  country: MO
  origin: AS4609
  remarks: Route Object - 202.175.64.0/19
  mnt-by: MAINT-CTM-MO
  changed: [email protected] 20060223
  source: APNIC
  % This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS1)
  ewaller$@$odin ~ 1007 %
  The other IP address was in Missouri in the USA.  That  one was benign, or at least unsophisticated. 
  The Macau attack was a bit more interesting.  Have you enabled php?  If not, you are okay.  Expect this sort of stuff.  Also, expect to be fully probed by the web crawlers (Goggle, Yahoo, Duck Duck Go, and other wannabes)
  Edit:  Actually, the attack from Missouri might be this
  Last edited by ewaller (2014-03-27 05:17:09)

• How do you protect yourself against DDOS attacks?

  I'm starting a new job soon for an employer who has had the occasional ddos attack against their website.
  Anyways I was wondering, how do you guys protect yourselves against ddos attacks?
  The way my employer fought against it last time was rather unelegant and a sort of lucky situation. They noticed that all the attacks came from IPs which where located in foreign countries, so they simply blocked entire ip ranges which werent from the country they were providing the service for.
  This seems like quite a drastic measure to me. After all, one goal of my employer is to become more international, and even if you cater only to local clientele, plenty of legitimate users could be across the border.
  Specifically protecting Apache against DDOS attacks is what I would be interested in.
  Can anyone suggest some software or setup I should research for this?

  A colleague of mine recently had one of his own servers under a DDOS attack. Nginx helped out a bit. But the holy grail in this case was Fail2ban.
  Now, usually a DOS would mean that massive requests are issued within a short time. Such behaviour is easily identified and blocked. But how do you react when its distributed and each individual node is issueing requests at a normal rate?
  Well in my tests I came to the conclusion that its all about the difference in typical behaviour of legitimate visitors to a site and automated requests as in the case of a DDOS attack.
  For example, while a DOS bot might not issue requests at an alarmingly high rate (slow and steady wins the race), but will continually issue requests for hours.
  So rather than trying to catch "burst" behaviour with requests crossing a certain threshold in a short amount of time, I instead configured fail2ban to check for IPs which crossed a certain threshold after an hour, and then block that IP for 24hours.
  It might take a while to find the sweet spot. And it wont be effective immediately. But with a little patience the blocklist started to fill up, and after a few hours the DDOS'ers seemed to have run out of IPs from which to attack.
  It makes sense if you think about it. A legitimate human user, will go to a site, and spend most of their time reading content, rather than klicking links. Well, usually anyways.
  Also, I've noticed that bots always seem to hit the same URL. Meaning, the main url of the site, and not selecting any links within the site. While I suppose that it would be trivial to configure a bot to act more legitimately and have it actually klick through all available links, I think it kind of defeats the purpose. Or at least most script kiddies won't go that far.
  If you know your way around with REGEXP, I'm sure you could come up with some really nicely custom-tailored rules for fail2ban to use in identifiying and blocking ips. So for example, rather than simply counting ANY connection made in the http logs, you could concentrate on IPs which only and continually access the main the url, over and over again.
  Legitimate users will most likely click on other links as well, so if you manage to exclude these kinds of accesses from Fail2ban's counting mechanism, you minimize the chance of locking out legitimate users.

• APACHE DAYING AFTER DR WATSON ACTION

  Hi portal admins!!
  Does anybody implement patch no:2128936, with subject :
  "SECURITY HOLE : MODPLSQL VULNERABLE TO SERVER ATTACK" ?
  I got this patch as the solution for daying apache process on
  our IAS server. (there is no any entry in error log of apache -
  only Dr Watson log:
  Application exception occurred:
  App: (pid=234)
  When: 12/11/2001 @ 23:58:4.578
  Exception number: c0000005 (access violation))
  Software version:
  IAS ver 1.0.2.1 - O/S WINNT 4.0
  RDBMS Oracle8i 8.1.7.1.0 - O/S HP-UX 11.00
  Thanks in advance
  Marcin

  Hai Harry..
  I am using oracle 9ias version 1.0.2.1 & for portal version 3.0.
  Cheers
  Gopi
  <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by Harry Wong ([email protected]):
  Which revision of Oracle9iAS are you using? What is your current version of portal?
  Best Regards,
  Harry<HR></BLOCKQUOTE>
  null

• Can I prevent IP Spoofing attacks with wireless WRTGs router?

  I think i'm under attack.
  I have a WRTGs linksys router, which routes port 80 traffice to an apache webserver running bugzilla.
  Scanning through the apache logs see a bunch of errors resulting from un-allowed accesses to bugzilla.  The odd thing is that the source ip address logged in these errors are all internal addresses which have been statically assigned.
  For instance, a typical error in the errorlog looks like:
  [Wed Jan 31 04:17:05 2007] [error] [client 192.168.1.49] client denied by server configuration: C:/Bugzilla/
  The above entry was from just this morning, and was part of a cluster of about 200 errors.  At the time the log entry was made, I know there was nobody on the machine.
  So, I think someone must be trying to hack my bugzilla from the outside using IP Spoofing.
  I did a bit of research, which indicates that this sort of thing can be prevented by configuring the firewall to discard any packets coming in from the WAN that have internal LAN source or destination addresses.
  And so my question.  Can I configure the WRTGS router to do this?  I took a look through the admin screens, and did not see anything like "get rid of all the packets that look like this". 
  thanks in advance
  dmc_lat47

  You cannot modify the firewall rules with standard Linksys firmware. What you could do is install a third party firmware. Then you have direct access to Linux on the router and can configure firewall rules with iptables.
  For 3rd party firmwares, which projects exists and on which hardware versions of the WRT54G they will work please read the wikipedia article on "wrt54".

• Adv. of using apache with tomcat??

  can anyone pl tell me the advantages of using Apache with Tomcat in comarison to other web servers?
  Thanks

  The biggest advantages are that they are open source, so you don't have to pay a huge licence fee, and they are very stable. I don't know how they compare for speed - I know Apache is lightning when it comes to serving flat pages, there are no benchmarks yet for the new Tomcat because it was only released last monday. You can run them on linux or another unix variant, so they are more likely to be secure (windows servers are horrendously open to attack) and stable.

• How to configure Apache to serve static content? Please Help

  Hi Guys,
  I have a set of servers that are:
  - Apache acting as a Load Balance;
  - Admin Server;
  - A cluster with 2 managed servers.
  I have a web application deployed on my cluster, but I would like that the static content would be delivered by the Apache.
  How should I do it?
  Thanks in Advance

  Hi Daniel,
  A Reverse Proxy could do this but keep in mind that the primary goal of the RP is to shield your back channel infrastructure IP/access from either Internet or your private network e.g. secure your back channel infrastructure with a Firewall and expose it only to your Reverse Proxy infrastructure; quite effective for DoS type of attack.
  Apache can be configured to do both static content as well as Reverse Proxy.
  Regards,
  P-H
  http://javaeesupportpatterns.blogspot.com/

• Possible to connect remotely to Apache TomCat JSP application server

  Hi, I've just installed an Apache TomCat server and locally playing around with some JSP and Servlets.
  I have an website which is hosted remotely by an hosting company.However they do not provide JSP/Servlets server as an service.
  I want to know is it possible to add some code or something which connects to my JSP/Servlet TomCat server remotely. So, allowing me to add JSP code or Servlets to say my index.html at my website host location which then connects from their to my TomCat server JVM and spit the goods back out at my website location.
  Is this possible? seems quite awkard?

  You are certainly not in an ideal situation. While you could use AJAX, and a library like DWR to send requests between the hosted website and whatever JSP/Servlet engine you have available, the resulting application will likely be slower and less reliable than if you hosted it all in the same place. Realistically, you won't save yourself any effort by doing it this way. Application hosting is a lot more resource-intensive than hosting static content, and even more so due to the amount of abuse that goes on in the wild Internet.
  While you've solved the problem temporarily, your JSP/Servlet engine is still vulnerable to DoS-based attacks once it's determined where your AJAX servlets reside. The only long-term solution is to go with a provider that has proper JSP hosting that is known to have good security.
  Brian

• How do you update/patch Apache for Windows?

  I am running Adobe Media Server 5.0.5 on a Windows 2008 server.  The current version of the Apache software is 2.2.21.  During our most recent vulnerability scan our server was identified as needing to be upgraded/patched to the latest version of Apache 2.4.10 for denial of service attacks.
  Do you know if it is possible to upgrade the current version to the latest version of Apache, and if so are there any issues I need to be concerned with since Apache is integrated within the Flash Media Server?  Specific instructions on this would be great as I am new to configuring Apache.
  thank you

  dpstucson Can you confirm that you're running AMS with apache2.4?
  If 'yes', can you help to solve how to config mine apache2.4 to work with AMS 5 cuz now i have this issue Can't get Adobe Media Server 5 to work with XAMPP's apache 2.4 when trying to load the modules in apache2.4.
  Thanks.

• IPS high alerts with Cisco sites as the attacker?

  Has anyone else recently been getting Alerts on the below signatures while accessing Cisco sites?
  Windows Shell External Handler
  Apache mod_proxy Buffer Overflow
  3340:0
  3883:0
  The above two alerts listed ftp-sj.cisco.com as the attacker and my CS-Manager as the victim. I assume this is during IPS signature file downloads.
  While searching the Cisco forums about the above issue, I received an alert on sig 3440 with tools.cisco.com as the attacker and my personal PC as the victim.
  Thanks for any info.

  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddbe05b

• Apache and Bonjour

  I am running OSX Server 10.6 and Apache -
  I can access my website from the internet to my home network using a dyndns fully qualified name.
  I can access that same website inside my network using an IP address 192.16.8.2.11
  I can not access my website internally using myserver.local from inside.
  I can not see the website from the Bonjour Collections in Safari.
  AFP works just fine inside my network using myserver.local.
  Any ideas why I cannot see my web server using a Bonjour name in the URL?
  Larry Good

  In no particular order.
  [Well-known TCP and UDP Ports Used By Apple Software|http://support.apple.com/kb/ts1629] has the ports; 5353 is the Bonjour (mDNS) port and you'll probably also have 53 (DNS) open when you get DNS configured on your server.
  The [Apple Manuals|http://www.apple.com/server/macosx/resources/documentation.html] are available, and you're going to be doing some reading as a server is different from running a client.
  I'd suggest getting out of 192.168.1.1/16, as that will cause issues when you eventually want to use a VPN. A subnet somewhere in 10.0.0.0/8 or 172.16.0.0/12 is usually a better long-term choice.
  Get DNS configured on your LAN; that's usually the first thing you want to get established, and various services are dependent on properly functioning local DNS.
  Get your DNS services configured not in .local or in any other domain you don't have registered.
  Get the router widget out of the connection path on your LAN, and use a switch; unmanaged switches "look" like a piece of Ethernet wire.
  Use bash-level tools such as ping and dig (or Applications > Utilities > Network Utility) to test your network connectivity.
  When you open ports and open firewalls to the Internet, you will get attacked. The last batch of servers I connected were attacked within two hours of connection. Plan on it. Plan for it.
  Your ISP can block port 80 and other server-oriented connections.
  Your firewall on your Mac OS X Server box is usually set to allow port 80 access.
  Your firewall on the edge of your network - whatever that internet gateway is - must be set to port-forward that port 80 traffic from the outside to your internal static IP address assigned to your server.
  Get a registered domain for your DNS.
  [DNS set-up reading|http://labs.hoffmanlabs.com/node/1436].