root/main/trunk/greenstone2/runtime-src/packages/apache-httpd/windows-httpd.conf.in @ 26543

Revision 26543, 19.0 KB (checked in by ak19, 7 years ago)

Forgot to commit the windows equivalent for the changes to the linux httpd.conf.in. Commit message for that: Kathy said that the apache server really only needs to give access to the collect and web folders (and cgi-bin for remote scripts), and that the rest of GS2 can just be inaccessible. This will deny access to the user databases too and the apache logs. Have now tested on a Windows GS2 server against Linux client-gli, so changes to windows' httpd.conf.in does not prevent access to usersDB.

Line 
1#
2# This is the main Apache HTTP server configuration file.  It contains the
3# configuration directives that give the server its instructions.
4# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
5# In particular, see
6# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
7# for a discussion of each configuration directive.
8#
9# Do NOT simply read the instructions in here without understanding
10# what they do.  They're here only as hints or reminders.  If you are unsure
11# consult the online docs. You have been warned. 
12#
13# Configuration and logfile names: If the filenames you specify for many
14# of the server's control files begin with "/" (or "drive:/" for Win32), the
15# server will use that explicit path.  If the filenames do *not* begin
16# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
17# with ServerRoot set to "**APACHE_HOME_OS**" will be interpreted by the
18# server as "**APACHE_HOME_OS**/logs/foo.log".
19#
20# NOTE: Where filenames are specified, you must use forward slashes
21# instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
22# If a drive letter is omitted, the drive on which httpd.exe is located
23# will be used by default.  It is recommended that you always supply
24# an explicit drive letter in absolute paths to avoid confusion.
25
26#
27# ServerRoot: The top of the directory tree under which the server's
28# configuration, error, and log files are kept.
29#
30# Do not add a slash at the end of the directory path.  If you point
31# ServerRoot at a non-local disk, be sure to point the LockFile directive
32# at a local disk.  If you wish to share the same ServerRoot for multiple
33# httpd daemons, you will need to change at least LockFile and PidFile.
34#
35ServerRoot "**APACHE_HOME_OS**"
36
37#
38# Listen: Allows you to bind Apache to specific IP addresses and/or
39# ports, instead of the default. See also the <VirtualHost>
40# directive.
41#
42# Change this to Listen on specific IP addresses as shown below to
43# prevent Apache from glomming onto all bound IP addresses.
44#
45#Listen 12.34.56.78:80
46Listen **PORT**
47
48# http://httpd.apache.org/docs/1.3/mod/mod_env.html#passenv
49# For a remote greenstone server on Windows, need to have access to the
50# USERPROFILE environment variable in order for open-office to process docs
51# It also requires ProgramFiles to guess where the OpenOffice bin is installed
52# The TEMP envvar is needed by lucenesearch.cpp so it can write out files
53# to the TEMP windows folder in case GS is installed on a non-writable media
54# like a CD-ROM.
55# Need to pass OS too, so that when the depositor builds and
56# util::setup_greenstone_env() is called, which then calls setup.bat,
57# the %OS% var is set. If empty, it defaults to Win95 instead of being
58# Windows_NT, and then things fail in a memory allocation line in setup.bat.
59PassEnv "USERPROFILE" "ProgramFiles" "TEMP" "OS" "LANG"
60
61#
62# Dynamic Shared Object (DSO) Support
63#
64# To be able to use the functionality of a module which was built as a DSO you
65# have to place corresponding `LoadModule' lines at this location so the
66# directives contained in it are actually available _before_ they are used.
67# Statically compiled modules (those listed by `httpd -l') do not need
68# to be loaded here.
69#
70# Example:
71# LoadModule foo_module modules/mod_foo.so
72#
73LoadModule actions_module modules/mod_actions.so
74LoadModule alias_module modules/mod_alias.so
75LoadModule asis_module modules/mod_asis.so
76LoadModule auth_basic_module modules/mod_auth_basic.so
77#LoadModule auth_digest_module modules/mod_auth_digest.so
78#LoadModule authn_alias_module modules/mod_authn_alias.so
79#LoadModule authn_anon_module modules/mod_authn_anon.so
80#LoadModule authn_dbd_module modules/mod_authn_dbd.so
81#LoadModule authn_dbm_module modules/mod_authn_dbm.so
82LoadModule authn_default_module modules/mod_authn_default.so
83LoadModule authn_file_module modules/mod_authn_file.so
84#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
85#LoadModule authz_dbm_module modules/mod_authz_dbm.so
86LoadModule authz_default_module modules/mod_authz_default.so
87LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
88LoadModule authz_host_module modules/mod_authz_host.so
89#LoadModule authz_owner_module modules/mod_authz_owner.so
90LoadModule authz_user_module modules/mod_authz_user.so
91LoadModule autoindex_module modules/mod_autoindex.so
92#LoadModule cache_module modules/mod_cache.so
93#LoadModule cern_meta_module modules/mod_cern_meta.so
94LoadModule cgi_module modules/mod_cgi.so
95#LoadModule charset_lite_module modules/mod_charset_lite.so
96#LoadModule dav_module modules/mod_dav.so
97#LoadModule dav_fs_module modules/mod_dav_fs.so
98#LoadModule dav_lock_module modules/mod_dav_lock.so
99#LoadModule dbd_module modules/mod_dbd.so
100#LoadModule deflate_module modules/mod_deflate.so
101LoadModule dir_module modules/mod_dir.so
102#LoadModule disk_cache_module modules/mod_disk_cache.so
103#LoadModule dumpio_module modules/mod_dumpio.so
104LoadModule env_module modules/mod_env.so
105#LoadModule expires_module modules/mod_expires.so
106#LoadModule ext_filter_module modules/mod_ext_filter.so
107#LoadModule file_cache_module modules/mod_file_cache.so
108#LoadModule filter_module modules/mod_filter.so
109#LoadModule headers_module modules/mod_headers.so
110#LoadModule ident_module modules/mod_ident.so
111#LoadModule imagemap_module modules/mod_imagemap.so
112LoadModule include_module modules/mod_include.so
113#LoadModule info_module modules/mod_info.so
114LoadModule isapi_module modules/mod_isapi.so
115#LoadModule ldap_module modules/mod_ldap.so
116#LoadModule logio_module modules/mod_logio.so
117LoadModule log_config_module modules/mod_log_config.so
118#LoadModule log_forensic_module modules/mod_log_forensic.so
119#LoadModule mem_cache_module modules/mod_mem_cache.so
120LoadModule mime_module modules/mod_mime.so
121#LoadModule mime_magic_module modules/mod_mime_magic.so
122LoadModule negotiation_module modules/mod_negotiation.so
123#LoadModule proxy_module modules/mod_proxy.so
124#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
125#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
126#LoadModule proxy_connect_module modules/mod_proxy_connect.so
127#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
128#LoadModule proxy_http_module modules/mod_proxy_http.so
129#LoadModule rewrite_module modules/mod_rewrite.so
130LoadModule setenvif_module modules/mod_setenvif.so
131#LoadModule speling_module modules/mod_speling.so
132#LoadModule ssl_module modules/mod_ssl.so
133#LoadModule status_module modules/mod_status.so
134#LoadModule substitute_module modules/mod_substitute.so
135#LoadModule unique_id_module modules/mod_unique_id.so
136#LoadModule userdir_module modules/mod_userdir.so
137#LoadModule usertrack_module modules/mod_usertrack.so
138#LoadModule version_module modules/mod_version.so
139#LoadModule vhost_alias_module modules/mod_vhost_alias.so
140
141<IfModule !mpm_netware_module>
142<IfModule !mpm_winnt_module>
143#
144# If you wish httpd to run as a different user or group, you must run
145# httpd as root initially and it will switch. 
146#
147# User/Group: The name (or #number) of the user/group to run httpd as.
148# It is usually good practice to create a dedicated user and group for
149# running httpd, as with most system services.
150#
151User daemon
152Group daemon
153
154</IfModule>
155</IfModule>
156
157# 'Main' server configuration
158#
159# The directives in this section set up the values used by the 'main'
160# server, which responds to any requests that aren't handled by a
161# <VirtualHost> definition.  These values also provide defaults for
162# any <VirtualHost> containers you may define later in the file.
163#
164# All of these directives may appear inside <VirtualHost> containers,
165# in which case these default settings will be overridden for the
166# virtual host being defined.
167#
168
169#
170# ServerAdmin: Your address, where problems with the server should be
171# e-mailed.  This address appears on some server-generated pages, such
172# as error documents.  e.g. admin@your-domain.com
173#
174ServerAdmin admin@example.com
175
176#
177# ServerName gives the name and port that the server uses to identify itself.
178# This can often be determined automatically, but we recommend you specify
179# it explicitly to prevent problems during startup.
180#
181# If your host doesn't have a registered DNS name, enter its IP address here.
182#
183#ServerName www.example.com:80
184
185#
186# DocumentRoot: The directory out of which you will serve your
187# documents. By default, all requests are taken from this directory, but
188# symbolic links and aliases may be used to point to other locations.
189#
190DocumentRoot "**APACHE_HOME_OS**/htdocs"
191
192#
193# Each directory to which Apache has access can be configured with respect
194# to which services and features are allowed and/or disabled in that
195# directory (and its subdirectories).
196#
197# First, we configure the "default" to be a very restrictive set of
198# features. 
199#
200<Directory />
201    Options FollowSymLinks
202    AllowOverride None
203    Order deny,allow
204    Deny from all
205</Directory>
206
207#
208# Note that from this point forward you must specifically allow
209# particular features to be enabled - so if something's not working as
210# you might expect, make sure that you have specifically enabled it
211# below.
212#
213
214#
215# This should be changed to whatever you set DocumentRoot to.
216#
217<Directory "**APACHE_HOME_OS**/htdocs">
218    #
219    # Possible values for the Options directive are "None", "All",
220    # or any combination of:
221    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
222    #
223    # Note that "MultiViews" must be named *explicitly* --- "Options All"
224    # doesn't give it to you.
225    #
226    # The Options directive is both complicated and important.  Please see
227    # http://httpd.apache.org/docs/2.2/mod/core.html#options
228    # for more information.
229    #
230    Options Indexes FollowSymLinks
231
232    #
233    # AllowOverride controls what directives may be placed in .htaccess files.
234    # It can be "All", "None", or any combination of the keywords:
235    #   Options FileInfo AuthConfig Limit
236    #
237    AllowOverride None
238
239    #
240    # Controls who can get stuff from this server.
241    #
242    Order allow,deny
243    Allow from all
244
245</Directory>
246
247#
248# DirectoryIndex: sets the file that Apache will serve if a directory
249# is requested.
250#
251<IfModule dir_module>
252    DirectoryIndex index.html
253</IfModule>
254
255#
256# The following lines prevent .htaccess and .htpasswd files from being
257# viewed by Web clients.
258#
259<FilesMatch "^\.ht">
260    Order allow,deny
261    Deny from all
262    Satisfy All
263</FilesMatch>
264
265#
266# ErrorLog: The location of the error log file.
267# If you do not specify an ErrorLog directive within a <VirtualHost>
268# container, error messages relating to that virtual host will be
269# logged here.  If you *do* define an error logfile for a <VirtualHost>
270# container, that host's errors will be logged there and not here.
271#
272ErrorLog "logs/error.log"
273
274#
275# LogLevel: Control the number of messages logged to the error_log.
276# Possible values include: debug, info, notice, warn, error, crit,
277# alert, emerg.
278#
279LogLevel warn
280
281<IfModule log_config_module>
282    #
283    # The following directives define some format nicknames for use with
284    # a CustomLog directive (see below).
285    #
286    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
287    LogFormat "%h %l %u %t \"%r\" %>s %b" common
288
289    <IfModule logio_module>
290      # You need to enable mod_logio.c to use %I and %O
291      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
292    </IfModule>
293
294    #
295    # The location and format of the access logfile (Common Logfile Format).
296    # If you do not define any access logfiles within a <VirtualHost>
297    # container, they will be logged here.  Contrariwise, if you *do*
298    # define per-<VirtualHost> access logfiles, transactions will be
299    # logged therein and *not* in this file.
300    #
301    CustomLog "logs/access.log" common
302
303    #
304    # If you prefer a logfile with access, agent, and referer information
305    # (Combined Logfile Format) you can use the following directive.
306    #
307    #CustomLog "logs/access.log" combined
308</IfModule>
309
310<IfModule alias_module>
311    #
312    # Redirect: Allows you to tell clients about documents that used to
313    # exist in your server's namespace, but do not anymore. The client
314    # will make a new request for the document at its new location.
315    # Example:
316    # Redirect permanent /foo http://www.example.com/bar
317
318    #
319    # Alias: Maps web paths into filesystem paths and is used to
320    # access content that does not live under the DocumentRoot.
321    # Example:
322    # Alias /webpath /full/filesystem/path
323    #
324    # If you include a trailing / on /webpath then the server will
325    # require it to be present in the URL.  You will also likely
326    # need to provide a <Directory> section to allow access to
327    # the filesystem path.
328
329    #
330    # ScriptAlias: This controls which directories contain server scripts.
331    # ScriptAliases are essentially the same as Aliases, except that
332    # documents in the target directory are treated as applications and
333    # run by the server when requested rather than as documents sent to the
334    # client.  The same rules about trailing "/" apply to ScriptAlias
335    # directives as to Alias.
336    #
337    ScriptAlias /cgi-bin/ "**APACHE_HOME_OS**/cgi-bin/"
338
339</IfModule>
340
341<IfModule cgid_module>
342    #
343    # ScriptSock: On threaded servers, designate the path to the UNIX
344    # socket used to communicate with the CGI daemon of mod_cgid.
345    #
346    #Scriptsock logs/cgisock
347</IfModule>
348
349#
350# "**APACHE_HOME_OS**/cgi-bin" should be changed to whatever your ScriptAliased
351# CGI directory exists, if you have that configured.
352#
353<Directory "**APACHE_HOME_OS**/cgi-bin">
354    AllowOverride None
355    Options None
356    Order allow,deny
357    Allow from all
358</Directory>
359
360#
361# DefaultType: the default MIME type the server will use for a document
362# if it cannot otherwise determine one, such as from filename extensions.
363# If your server contains mostly text or HTML documents, "text/plain" is
364# a good value.  If most of your content is binary, such as applications
365# or images, you may want to use "application/octet-stream" instead to
366# keep browsers from trying to display binary files as though they are
367# text.
368#
369DefaultType text/plain
370
371<IfModule mime_module>
372    #
373    # TypesConfig points to the file containing the list of mappings from
374    # filename extension to MIME-type.
375    #
376    TypesConfig conf/mime.types
377
378    #
379    # AddType allows you to add to or override the MIME configuration
380    # file specified in TypesConfig for specific file types.
381    #
382    #AddType application/x-gzip .tgz
383    #
384    # AddEncoding allows you to have certain browsers uncompress
385    # information on the fly. Note: Not all browsers support this.
386    #
387    #AddEncoding x-compress .Z
388    #AddEncoding x-gzip .gz .tgz
389    #
390    # If the AddEncoding directives above are commented-out, then you
391    # probably should define those extensions to indicate media types:
392    #
393    AddType application/x-compress .Z
394    AddType application/x-gzip .gz .tgz
395
396    #
397    # AddHandler allows you to map certain file extensions to "handlers":
398    # actions unrelated to filetype. These can be either built into the server
399    # or added with the Action directive (see below)
400    #
401    # To use CGI scripts outside of ScriptAliased directories:
402    # (You will also need to add "ExecCGI" to the "Options" directive.)
403    #
404    #AddHandler cgi-script .cgi
405
406    # For type maps (negotiated resources):
407    #AddHandler type-map var
408
409    #
410    # Filters allow you to process content before it is sent to the client.
411    #
412    # To parse .shtml files for server-side includes (SSI):
413    # (You will also need to add "Includes" to the "Options" directive.)
414    #
415    #AddType text/html .shtml
416    #AddOutputFilter INCLUDES .shtml
417</IfModule>
418
419#
420# The mod_mime_magic module allows the server to use various hints from the
421# contents of the file itself to determine its type.  The MIMEMagicFile
422# directive tells the module where the hint definitions are located.
423#
424#MIMEMagicFile conf/magic
425
426#
427# Customizable error responses come in three flavors:
428# 1) plain text 2) local redirects 3) external redirects
429#
430# Some examples:
431#ErrorDocument 500 "The server made a boo boo."
432#ErrorDocument 404 /missing.html
433#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
434#ErrorDocument 402 http://www.example.com/subscription_info.html
435#
436
437#
438# EnableMMAP and EnableSendfile: On systems that support it,
439# memory-mapping or the sendfile syscall is used to deliver
440# files.  This usually improves server performance, but must
441# be turned off when serving from networked-mounted
442# filesystems or if support for these functions is otherwise
443# broken on your system.
444#
445#EnableMMAP off
446#EnableSendfile off
447
448# Supplemental configuration
449#
450# The configuration files in the conf/extra/ directory can be
451# included to add extra features or to modify the default configuration of
452# the server, or you may simply copy their contents here and change as
453# necessary.
454
455# Server-pool management (MPM specific)
456#Include conf/extra/httpd-mpm.conf
457
458# Multi-language error messages
459#Include conf/extra/httpd-multilang-errordoc.conf
460
461# Fancy directory listings
462#Include conf/extra/httpd-autoindex.conf
463
464# Language settings
465#Include conf/extra/httpd-languages.conf
466
467# User home directories
468#Include conf/extra/httpd-userdir.conf
469
470# Real-time info on requests and configuration
471#Include conf/extra/httpd-info.conf
472
473# Virtual hosts
474#Include conf/extra/httpd-vhosts.conf
475
476# Local access to the Apache HTTP Server Manual
477#Include conf/extra/httpd-manual.conf
478
479# Distributed authoring and versioning (WebDAV)
480#Include conf/extra/httpd-dav.conf
481
482# Various default settings
483#Include conf/extra/httpd-default.conf
484
485# Secure (SSL/TLS) connections
486#Include conf/extra/httpd-ssl.conf
487#
488# Note: The following must must be present to support
489#       starting without SSL on platforms with no /dev/random equivalent
490#       but a statically compiled-in mod_ssl.
491#
492<IfModule ssl_module>
493SSLRandomSeed startup builtin
494SSLRandomSeed connect builtin
495</IfModule>
496
497
498  ScriptAlias /greenstone/cgi-bin "**GSDLHOME**/cgi-bin/**GSDL_OS_ARCH**"
499  <Directory "**GSDLHOME**/cgi-bin/**GSDL_OS_ARCH**">
500     Options None
501     AllowOverride None
502     Order deny,allow
503     **CONNECTPERMISSION** from all
504     Allow from 127.0.0.1 **HOST_IP** **HOSTS** localhost
505  </Directory>
506 
507  Alias /greenstone/collect "**COLLECTHOME**"
508  <Directory "**COLLECTHOME**">
509     Options Indexes MultiViews FollowSymLinks
510     AllowOverride None
511     Order deny,allow
512     **CONNECTPERMISSION** from all
513     Allow from 127.0.0.1 **HOST_IP** **HOSTS** localhost
514  </Directory>
515
516  # Deny access to all except collect and web folder
517  <Directory />
518    Order Deny,Allow
519    Deny from all
520  </Directory>
521
522  Alias /greenstone/web "**GSDLHOME**/web"
523  <Directory "**GSDLHOME**/web">
524    Order Deny,Allow
525    **CONNECTPERMISSION** from all
526    Allow from 127.0.0.1 **HOST_IP** **HOSTS** localhost
527  </Directory>
Note: See TracBrowser for help on using the browser.