# Hydra v0.0.2 configuration file # File format has is similar but no identical to the format of Boa v0.94 # version changes are noted in the comments # # The Hydra configuration file is parsed with a lex/yacc or flex/bison # generated parser. If it reports an error, the line number will be # provided; it should be easy to spot. The syntax of each of these # rules is very simple, and they can occur in any order. Where possible # these directives mimic those of NCSA httpd 1.3; I saw no reason to # introduce gratuitous differences. # $Id: hydra.conf,v 1.23 2006-03-09 18:31:13 nmav Exp $ # ServerRoot: The directory the .html (and related) files are placed. ServerRoot %%PREFIX%%/www # number of threads to spawn # One thread might be ok for a single CPU system, but in some systems, # performance may be increased by using a pool of 4-5 threads. Threads 4 # Maximum number of concurent connections. If connections arrive after # the given limit has been reached, then they will not be served, until # some established connections close. If you do not set it, or set it to # 0, then the default behaviour takes effect, which is to try to serve # as much connections as possible (depends on system limits). #MaxConnections 0 #MaxSSLConnections 0 # Port: The port Hydra runs on. The default port for http servers is 80. # If it is less than 1024, the server must be started as root. Port 80 # Listen: the Internet address to bind(2) to. If you leave it out, # it takes the behavior before 0.93.17.2, which is to bind to all # addresses (INADDR_ANY). You only get one "Listen" directive, # if you want service on multiple IP addresses, you have three choices: # 1. Run hydra without a "Listen" directive # a. All addresses are treated the same; makes sense if the addresses # are localhost, ppp, and eth0. # b. Use the VirtualHost directive below to point requests to different # files. Should be good for a very large number of addresses (web # hosting clients). # 2. Run one copy of hydra per IP address, each has its own configuration # with a "Listen" directive. No big deal up to a few tens of addresses. # Nice separation between clients. # The name you provide gets run through inet_aton(3), so you have to use dotted # quad notation. This configuration is too important to trust some DNS. #Listen 192.68.0.5 # User: The name or UID the server should run as. # Group: The group name or GID the server should run as. User %%WWWOWN%% Group %%WWWGRP%% # ServerAdmin: The email address where server problems should be sent. # Note: this is not currently used, except as an environment variable # for CGIs. #ServerAdmin root@localhost # PidFile: where to put the pid of the process. # Comment out to write no pid file. # Note: Because Boa drops priviledges at startup, and the # pid file is written by the UID/GID before doing so, Boa # does not attempt removal of the pid file. # PidFile /var/run/hydra.pid # ErrorLog: The location of the error log file. If this does not start # with /, it is considered relative to the server root. # Set to /dev/null if you don't want errors logged. # If unset, defaults to /dev/stderr ErrorLog %%LOGDIR%%/error_log # Please NOTE: Sending the logs to a pipe ('|'), as shown below, # is somewhat experimental and might fail under heavy load. # "Usual libc implementations of printf will stall the whole # process if the receiving end of a pipe stops reading." #ErrorLog "|/usr/sbin/cronolog --symlink=%%LOGDIR%%/error_log %%LOGDIR%%/error-%Y%m%d.log" # AccessLog: The location of the access log file. If this does not # start with /, it is considered relative to the server root. # Comment out or set to /dev/null (less effective) to disable # Access logging. AccessLog %%LOGDIR%%/access_log # Please NOTE: Sending the logs to a pipe ('|'), as shown below, # is somewhat experimental and might fail under heavy load. # "Usual libc implementations of printf will stall the whole # process if the receiving end of a pipe stops reading." #AccessLog "|/usr/sbin/cronolog --symlink=%%LOGDIR%%/access_log %%LOGDIR%%/access-%Y%m%d.log" # CGILog %%LOGDIR%%/cgi_log # CGILog: The location of the CGI stderr log file. If this does not # start with /, it is considered relative to the server root. # The log file would contain any contents send to /dev/stderr # by the CGI. If this is commented out, it defaults to whatever # ErrorLog points. Set to /dev/null to disable CGI stderr logging. # Please NOTE: Sending the logs to a pipe ('|'), as shown below, # is somewhat experimental and might fail under heavy load. # "Usual libc implementations of printf will stall the whole # process if the receiving end of a pipe stops reading." #CGILog "|/usr/sbin/cronolog --symlink=%%LOGDIR%%/cgi_log %%LOGDIR%%/cgi-%Y%m%d.log" # CGIumask 027 (no mask for user, read-only for group, and nothing for user) # CGIumask 027 # The CGIumask is set immediately before execution of the CGI. # UseLocaltime: Logical switch. Uncomment to use localtime # instead of UTC time #UseLocaltime # VerboseCGILogs: this is just a logical switch. # It simply notes the start and stop times of cgis in the error log # Comment out to disable. #VerboseCGILogs # ServerName: the name of this server that should be sent back to # clients if different than that returned by gethostname + gethostbyname #ServerName www.your.org.here # VirtualHost: Setup any virtual hosts (host based) # Comment out to disable. # It needs to specify the HostName, the IP (use '*' if all), # the DocumentRoot and the UserDir (if any). # UserDir is the name of the directory which is appended onto a user's home # directory if a ~user request is received. # # Example: # VirtualHost www.dot.com * %%PREFIX%%/www public_html # VirtualHost www.dot.com 127.0.0.1 %%PREFIX%%/www "" # #VirtualHost www.dot.com * %%PREFIX%%/www "" # DocumentRoot: The root directory of the HTML documents. # Comment out to disable server non user files. # # Note that if VirtualHost is enabled, this will be the fallback # for the clients that did not supply any host. DocumentRoot %%PREFIX%%/www # DirectoryIndex: Name of the file to use as a pre-written HTML # directory index. Please MAKE AND USE THESE FILES. On the # fly creation of directory indexes can be _slow_. # You can use more than one directory index by adding this # directive several times. # Comment out to always use DirectoryMaker DirectoryIndex index.html # DirectoryMaker: Name of program used to create a directory listing. # Comment out to disable directory listings. If both this and # DirectoryIndex are commented out, accessing a directory will give # an error (though accessing files in the directory are still ok). DirectoryMaker %%PREFIX%%/bin/boa_indexer # DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker # has been commented out, the the on-the-fly indexing of Hydra can be used # to generate indexes of directories. Be warned that the output is # extremely minimal and can cause delays when slow disks are used. # Note: The DirectoryCache must be writable by the same user/group that # Hydra runs as. # DirectoryCache /var/spool/hydra/dircache # MaxFilesCache: Number of files to keep in file cache memory # Set to 0 to disable file caching. MaxFilesCache 256 # MaxFileSizeCache: The maximum size that a file should have in order to # be added to the file cache. # Comment out, to use the default value. MaxFileSizeCache 131072 # KeepAliveMax: Number of KeepAlive requests to allow per connection # Comment out, or set to 0 to disable keepalive processing KeepAliveMax 1000 # KeepAliveTimeout: seconds to wait before keepalive connection times out KeepAliveTimeout 10 # MimeTypes: This is the file that is used to generate mime type pairs # and Content-Type fields for hydra. # Set to /dev/null if you do not want to load a mime types file. # Do *not* comment out (better use AddType!) MimeTypes %%PREFIX%%/etc/hydra/mime.types # DefaultType: MIME type used if the file extension is unknown, or there # is no file extension. DefaultType text/plain # DefaultCharset: The default character set used in text MIME types. DefaultCharset ISO-8859-1 # CGIPath: The value of the $PATH environment variable given to CGI progs. CGIPath /bin:/usr/bin:/usr/local/bin # SinglePostLimit: The maximum allowable number of bytes in # a single POST. Default is normally 1MB. # AddType: adds types without editing mime.types # Example: AddType type extension [extension ...] # Uncomment the next line if you want .cgi files to execute from anywhere #AddType application/x-httpd-cgi cgi # Use this if you want CGIs to execute from anywhere, using the CGIAction. # This will not try to execute the given scripts, but will associate the # content type with the given executable. #CGIAction "/usr/bin/php4" "application/x-httpd-php" # You may also need these: #AddType application/x-httpd-php php #AddType application/x-httpd-php phtml # Redirect, Alias, and ScriptAlias all have the same semantics -- they # match the beginning of a request and take appropriate action. Use # Redirect for other servers, Alias for the same server, and ScriptAlias # to enable directories for script execution. # The first argument of Redirect and friends is the virtual server hostname, # and the directive only applies to the given virtual server. If the directive # equals "" then the default server is assumed. # Redirect allows you to tell clients about documents which used to exist in # your server's namespace, but do not anymore. This allows you to tell the # clients where to look for the relocated document. # Example: Redirect www.ourhost.com /bar http://elsewhere/feh/bar # Aliases: Aliases one path to another. # Example: Alias www.ourhost.com /path1/bar /absolute/path2/foo #Alias www.localhost.com /doc /usr/doc # ScriptAlias: Maps a virtual path to a directory for serving scripts # Example: ScriptAlias www.ourhost.com /htbin/ /www/htbin/ #ScriptAlias www.localhost.com /cgi-bin/ /usr/lib/cgi-bin/ # An interval, that hydra will be entered in maintenance mode. This # includes an SSL parameter regeneration, and closing of unused # open files. This does not involve any downtime. Set to 0 to disable. MaintenanceInterval 172800 #two days # Access Control lists per virtual host # These two directives (Allow/Deny), allow you to specify file # patterns that will be denied or allowed access. The first argument # of these directives is a virtual host. # deny all files that start with a dot in the default host #Deny "" */.* # deny all the files that finish with '.inc' in www.localhost.com virtual # host, but allow access to the public.inc. #Deny "www.localhost.com" */*.inc #Allow "www.localhost.com" */public.inc # non zero enables SSL support # 0: no SSL support # 1: only SSL support # 2: both SSL and non SSL ports SSL 0 # The port where the SSL server will listen on SSLPort 4443 # read the certificate from SSLCertificate cert.pem # read the private key from SSLKey key.pem # read the trusted CA list from SSLCAList ca.pem # Whether to verify client. Use 0, or comment out to disable. # 1 means request a certificate, and verify if a certificate is sent. # 2 means require a certificate and verify. # 3 means request a certificate and try to verify. Do not fail if the verification # function failed. This is may be useful in CGIs that want to print some error message. SSLVerifyClient 3 # Number of sessions to cache. This is to support session resuming. # Set to 0 to disable. SSLSessionCache 40 # After this time (in seconds) has passed, the stored SSL sessions # will be expired, and will not be resumed. SSLSessionTimeout 3600 #one hour # Set the prime bits used in Diffie Hellman authentication. The parameters # are only generated if the DHE ciphersuites are enabled. # Value should be one of 768, 1024, 2048, 4096 SSLDHBits 768 # A comma separated list of the SSL ciphers. Valid selections are: # ARCFOUR-128, ARCFOUR-40, 3DES, AES # Note that ARCFOUR-40 is a weak algorithm. SSLCiphers "AES, 3DES, ARCFOUR-128, ARCFOUR-40" # A comma separated list of the SSL key exchange methods. Valid selections # are: RSA, DHE-RSA, DHE-DSS, RSA-EXPORT # DHE-DSS can only be used with certificates that hold DSA parameters. # Note that RSA-EXPORT is a weak algorithm. SSLKeyExchangeAlgorithms "RSA, RSA-EXPORT" # This one is by default more secure (offers forward secrecy), # but more expensive in CPU time. #SSLKeyExchangeAlgorithms "DHE-RSA, DHE-DSS, RSA, RSA-EXPORT" # A comma separated list of the SSL MAC algorithms. Valid selections # are: MD5, SHA1, RMD160 SSLMACAlgorithms "SHA1, MD5" # A comma separated list of the SSL compression methods. Valid selections # are: NULL SSLCompressionMethods "NULL" # A comma separated list of the SSL protocol versions. Valid selections # are: TLS1.1, TLS1.0 and SSL3.0 SSLProtocols "TLS 1.1, TLS1.0, SSL3.0"