AcceptFilter protocol accept_filtersCConfigures optimizations for a Protocol's Listener Sockets AcceptPathInfo On|Off|Default Default svdhCResources accept trailing pathname information AccessFileName filename [filename] ... .htaccess svCName of the distributed configuration file Action action-type cgi-script [virtual]svdhBActivates a CGI script for a particular handler or content-type AddAlt string file [file] ...svdhBAlternate text to display for a file, instead of an icon selected by filename AddAltByEncoding string MIME-encoding [MIME-encoding] ...svdhBAlternate text to display for a file instead of an icon selected by MIME-encoding AddAltByType string MIME-type [MIME-type] ...svdhBAlternate text to display for a file, instead of an icon selected by MIME content-type AddCharset charset extension [extension] ...svdhBMaps the given filename extensions to the specified content charset AddDefaultCharset On|Off|charset Off svdhCDefault charset parameter to be added when a response content-type is text/plain or text/html AddDescription string file [file] ...svdhBDescription to display for a file AddEncoding encoding extension [extension] ...svdhBMaps the given filename extensions to the specified encoding type AddHandler handler-name extension [extension] ...svdhBMaps the filename extensions to the specified handler AddIcon icon name [name] ...svdhBIcon to display for a file selected by name AddIconByEncoding icon MIME-encoding [MIME-encoding] ...svdhBIcon to display next to files selected by MIME content-encoding AddIconByType icon MIME-type [MIME-type] ...svdhBIcon to display next to files selected by MIME content-type AddInputFilter filter[;filter...] extension [extension] ...svdhBMaps filename extensions to the filters that will process client requests AddLanguage language-tag extension [extension] ...svdhBMaps the given filename extension to the specified content language AddModuleInfo module-name stringsvEAdds additional information to the module information displayed by the server-info handler AddOutputFilter filter[;filter...] extension [extension] ...svdhBMaps filename extensions to the filters that will process responses from the server AddOutputFilterByType filter[;filter...] media-type [media-type] ...svdhBassigns an output filter to a particular media-type AddType media-type extension [extension] ...svdhBMaps the given filename extensions onto the specified content type Alias [URL-path] file-path|directory-pathsvdBMaps URLs to filesystem locations AliasMatch regex file-path|directory-pathsvBMaps URLs to filesystem locations using regular expressions AliasPreservePath OFF|ON OFF svdBMap the full path after the alias in a location. Allow from all|host|env=[!]env-variable [host|env=[!]env-variable] ...dhEControls which hosts can access an area of the server AllowCONNECT port[-port] [port[-port]] ... 443 563 svEPorts that are allowed to CONNECT through the proxy AllowEncodedSlashes On|Off|NoDecode Off svCDetermines whether encoded path separators in URLs are allowed to be passed through AllowMethods reset|HTTP-method [HTTP-method]... reset dXRestrict access to the listed HTTP methods AllowOverride All|None|directive-type [directive-type] ... None (2.3.9 and lat +dCTypes of directives that are allowed in .htaccess files AllowOverrideList None|directive [directive-type] ... None dCIndividual directives that are allowed in .htaccess files Anonymous user [user] ...dhESpecifies userIDs that are allowed access without password verification Anonymous_LogEmail On|Off On dhESets whether the password entered will be logged in the error log Anonymous_MustGiveEmail On|Off On dhESpecifies whether blank passwords are allowed Anonymous_NoUserID On|Off Off dhESets whether the userID field may be empty Anonymous_VerifyEmail On|Off Off dhESets whether to check the password field for a correctly formatted email address AsyncRequestWorkerFactor factorsMLimit concurrent connections per process AuthBasicAuthoritative On|Off On dhBSets whether authorization and authentication are passed to lower level modules AuthBasicFake off|username [password]dhBFake basic authentication using the given expressions for username and password AuthBasicProvider provider-name [provider-name] ... file dhBSets the authentication provider(s) for this location AuthBasicUseDigestAlgorithm MD5|Off Off dhBCheck passwords against the authentication providers as if Digest Authentication was in force instead of Basic Authentication. AuthDBDUserPWQuery querydESQL query to look up a password for a user AuthDBDUserRealmQuery querydESQL query to look up a password hash for a user and realm. AuthDBMGroupFile file-pathdhESets the name of the database file containing the list of user groups for authorization AuthDBMType default|SDBM|GDBM|NDBM|DB default dhESets the type of database file that is used to store passwords AuthDBMUserFile file-pathdhESets the name of a database file containing the list of users and passwords for authentication AuthDigestAlgorithm MD5|MD5-sess MD5 dhESelects the algorithm used to calculate the challenge and response hashes in digest authentication AuthDigestDomain URI [URI] ...dhEURIs that are in the same protection space for digest authentication AuthDigestNonceLifetime seconds 300 dhEHow long the server nonce is valid AuthDigestProvider provider-name [provider-name] ... file dhESets the authentication provider(s) for this location AuthDigestQop none|auth|auth-int [auth|auth-int] auth dhEDetermines the quality-of-protection to use in digest authentication AuthDigestShmemSize size 1000 sEThe amount of shared memory to allocate for keeping track of clients AuthFormAuthoritative On|Off On dhBSets whether authorization and authentication are passed to lower level modules AuthFormBody fieldname httpd_body dBThe name of a form field carrying the body of the request to attempt on successful login AuthFormDisableNoStore On|Off Off dBDisable the CacheControl no-store header on the login page AuthFormFakeBasicAuth On|Off Off dBFake a Basic Authentication header AuthFormLocation fieldname httpd_location dBThe name of a form field carrying a URL to redirect to on successful login AuthFormLoginRequiredLocation urldBThe URL of the page to be redirected to should login be required AuthFormLoginSuccessLocation urldBThe URL of the page to be redirected to should login be successful AuthFormLogoutLocation uridBThe URL to redirect to after a user has logged out AuthFormMethod fieldname httpd_method dBThe name of a form field carrying the method of the request to attempt on successful login AuthFormMimetype fieldname httpd_mimetype dBThe name of a form field carrying the mimetype of the body of the request to attempt on successful login AuthFormPassword fieldname httpd_password dBThe name of a form field carrying the login password AuthFormProvider provider-name [provider-name] ... file dhBSets the authentication provider(s) for this location AuthFormSitePassphrase secretdBBypass authentication checks for high traffic sites AuthFormSize size 8192 dBThe largest size of the form in bytes that will be parsed for the login details AuthFormUsername fieldname httpd_username dBThe name of a form field carrying the login username AuthGroupFile file-pathdhBSets the name of a text file containing the list of user groups for authorization AuthLDAPAuthorizePrefix prefix AUTHORIZE_ dhESpecifies the prefix for environment variables set during authorization AuthLDAPBindAuthoritative off|on on dhEDetermines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials. AuthLDAPBindDN distinguished-namedhEOptional DN to use in binding to the LDAP server AuthLDAPBindPassword passworddhEPassword used in conjunction with the bind DN AuthLDAPCharsetConfig file-pathsELanguage to charset conversion configuration file AuthLDAPCompareAsUser on|off off dhEUse the authenticated user's credentials to perform authorization comparisons AuthLDAPCompareDNOnServer on|off on dhEUse the LDAP server to compare the DNs AuthLDAPDereferenceAliases never|searching|finding|always always dhEWhen will the module de-reference aliases AuthLDAPGroupAttribute attribute member uniqueMember +dhELDAP attributes used to identify the user members of groups. AuthLDAPGroupAttributeIsDN on|off on dhEUse the DN of the client username when checking for group membership AuthLDAPInitialBindAsUser off|on off dhEDetermines if the server does the initial DN lookup using the basic authentication users' own username, instead of anonymously or with hard-coded credentials for the server AuthLDAPInitialBindPattern regex substitution (.*) $1 (remote use +dhESpecifies the transformation of the basic authentication username to be used when binding to the LDAP server to perform a DN lookup AuthLDAPMaxSubGroupDepth Number 10 dhESpecifies the maximum sub-group nesting depth that will be evaluated before the user search is discontinued. AuthLDAPRemoteUserAttribute uiddhEUse the value of the attribute returned during the user query to set the REMOTE_USER environment variable AuthLDAPRemoteUserIsDN on|off off dhEUse the DN of the client username to set the REMOTE_USER environment variable AuthLDAPSearchAsUser on|off off dhEUse the authenticated user's credentials to perform authorization searches AuthLDAPSubGroupAttribute attribute member uniqueMember +dhESpecifies the attribute labels, one value per directive line, used to distinguish the members of the current group that are groups. AuthLDAPSubGroupClass LdapObjectClass groupOfNames groupO +dhESpecifies which LDAP objectClass values identify directory objects that are groups during sub-group processing. AuthLDAPURL url [NONE|SSL|TLS|STARTTLS]dhEURL specifying the LDAP search parameters AuthMerging Off | And | Or Off dhBControls the manner in which each configuration section's authorization logic is combined with that of preceding configuration sections. AuthName auth-domaindhBAuthorization realm for use in HTTP authentication AuthnCacheContext directory|server|custom-string directory dBSpecify a context string for use in the cache key AuthnCacheEnablesBEnable Authn caching configured anywhere AuthnCacheProvideFor authn-provider [...]dhBSpecify which authn provider(s) to cache for AuthnCacheSOCache provider-name[:provider-args]sBSelect socache backend provider to use AuthnCacheTimeout timeout (seconds) 300 (5 minutes) dhBSet a timeout for cache entries <AuthnProviderAlias baseProvider Alias> ... </AuthnProviderAlias>sBEnclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias AuthnzFcgiCheckAuthnProvider provider-name|None option ...dEEnables a FastCGI application to handle the check_authn authentication hook. AuthnzFcgiDefineProvider type provider-name backend-addresssEDefines a FastCGI application as a provider for authentication and/or authorization AuthType None|Basic|Digest|FormdhBType of user authentication AuthUserFile file-pathdhBSets the name of a text file containing the list of users and passwords for authentication AuthzDBDLoginToReferer On|Off Off dEDetermines whether to redirect the Client to the Referring page on successful login or logout if a Referer request header is present AuthzDBDQuery querydESpecify the SQL Query for the required operation AuthzDBDRedirectQuery querydESpecify a query to look up a login page for the user AuthzDBMType default|SDBM|GDBM|NDBM|DB default dhESets the type of database file that is used to store list of user groups <AuthzProviderAlias baseProvider Alias Require-Parameters> ... </AuthzProviderAlias> sBEnclose a group of directives that represent an extension of a base authorization provider and referenced by the specified alias AuthzSendForbiddenOnFailure On|Off Off dhBSend '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authentication succeeds but authorization fails BalancerGrowth # 5 svENumber of additional Balancers that can be added Post-configuration BalancerInherit On|Off On svEInherit ProxyPassed Balancers/Workers from the main server BalancerMember [balancerurl] url [key=value [key=value ...]]dEAdd a member to a load balancing group BalancerPersist On|Off Off svEAttempt to persist changes made by the Balancer Manager across restarts. BrotliAlterETag AddSuffix|NoChange|Remove AddSuffix svEHow the outgoing ETag header should be modified during compression BrotliCompressionMaxInputBlock valuesvEMaximum input block size BrotliCompressionQuality value 5 svECompression quality BrotliCompressionWindow value 18 svEBrotli sliding compression window size BrotliFilterNote [type] notenamesvEPlaces the compression ratio in a note for logging BrowserMatch regex [!]env-variable[=value] [[!]env-variable[=value]] ...svdhBSets environment variables conditional on HTTP User-Agent BrowserMatchNoCase regex [!]env-variable[=value] [[!]env-variable[=value]] ...svdhBSets environment variables conditional on User-Agent without respect to case BufferedLogs On|Off Off sBBuffer log entries in memory before writing to disk BufferSize integer 131072 svdhEMaximum size in bytes to buffer by the buffer filter CacheDefaultExpire seconds 3600 (one hour) svdhEThe default duration to cache a document when no expiry date is specified. CacheDetailHeader on|off off svdhEAdd an X-Cache-Detail header to the response. CacheDirLength length 2 svEThe number of characters in subdirectory names CacheDirLevels levels 2 svEThe number of levels of subdirectories in the cache. CacheDisable url-string | onsvdhEDisable caching of specified URLs CacheEnable cache_type [url-string]svdEEnable caching of specified URLs using a specified storage manager CacheFile file-path [file-path] ...sXCache a list of file handles at startup time CacheHeader on|off off svdhEAdd an X-Cache header to the response. CacheIgnoreCacheControl On|Off Off svEIgnore request to not serve cached content to client CacheIgnoreHeaders header-string [header-string] ... None svEDo not store the given HTTP header(s) in the cache. CacheIgnoreNoLastMod On|Off Off svdhEIgnore the fact that a response has no Last Modified header. CacheIgnoreQueryString On|Off Off svEIgnore query string when caching CacheIgnoreURLSessionIdentifiers identifier [identifier] ... None svEIgnore defined session identifiers encoded in the URL when caching CacheKeyBaseURL URLsvEOverride the base URL of reverse proxied cache keys. CacheLastModifiedFactor float 0.1 svdhEThe factor used to compute an expiry date based on the LastModified date. CacheLock on|off off svEEnable the thundering herd lock. CacheLockMaxAge integer 5 svESet the maximum possible age of a cache lock. CacheLockPath directory /tmp/mod_cache-lock +svESet the lock path directory. CacheMaxExpire seconds 86400 (one day) svdhEThe maximum time in seconds to cache a document CacheMaxFileSize bytes 1000000 svdhEThe maximum size (in bytes) of a document to be placed in the cache CacheMinExpire seconds 0 svdhEThe minimum time in seconds to cache a document CacheMinFileSize bytes 1 svdhEThe minimum size (in bytes) of a document to be placed in the cache CacheNegotiatedDocs On|Off Off svBAllows content-negotiated documents to be cached by proxy servers CacheQuickHandler on|off on svERun the cache from the quick handler. CacheReadSize bytes 0 svdhEThe minimum size (in bytes) of the document to read and be cached before sending the data downstream CacheReadTime milliseconds 0 svdhEThe minimum time (in milliseconds) that should elapse while reading before data is sent downstream CacheRoot directorysvEThe directory root under which cache files are stored CacheSocache type[:args]svEThe shared object cache implementation to use CacheSocacheMaxSize bytes 102400 svdhEThe maximum size (in bytes) of an entry to be placed in the cache CacheSocacheMaxTime seconds 86400 svdhEThe maximum time (in seconds) for a document to be placed in the cache CacheSocacheMinTime seconds 600 svdhEThe minimum time (in seconds) for a document to be placed in the cache CacheSocacheReadSize bytes 0 svdhEThe minimum size (in bytes) of the document to read and be cached before sending the data downstream CacheSocacheReadTime milliseconds 0 svdhEThe minimum time (in milliseconds) that should elapse while reading before data is sent downstream CacheStaleOnError on|off on svdhEServe stale content in place of 5xx responses. CacheStoreExpired On|Off Off svdhEAttempt to cache responses that the server reports as expired CacheStoreNoStore On|Off Off svdhEAttempt to cache requests or responses that have been marked as no-store. CacheStorePrivate On|Off Off svdhEAttempt to cache responses that the server has marked as private CGIDScriptTimeout time[s|ms]svdhBThe length of time to wait for more output from the CGI program CGIMapExtension cgi-path .extensiondhCTechnique for locating the interpreter for CGI scripts CGIPassAuth On|Off Off dhCEnables passing HTTP authorization headers to scripts as CGI variables CGIScriptTimeout time[s|ms]svdhBThe length of time to wait for more output from the CGI program CGIVar variable ruledhCControls how some CGI variables are set CharsetDefault charsetsvdhECharset to translate into CharsetOptions option [option] ... ImplicitAdd svdhEConfigures charset translation behavior CharsetSourceEnc charsetsvdhESource charset of files CheckBasenameMatch on|off On svdhEAlso match files with differing file name extensions. CheckCaseOnly on|off Off svdhELimits the action of the speling module to case corrections CheckSpelling on|off Off svdhEEnables the spelling module ChrootDir /path/to/directorysBDirectory for apache to run chroot(8) after startup. ContentDigest On|Off Off svdhCEnables the generation of Content-MD5 HTTP Response headers CookieDomain domainsvdhEThe domain to which the tracking cookie applies CookieExpires expiry-periodsvdhEExpiry time for the tracking cookie CookieHTTPOnly on|off off svdhEAdds the 'HTTPOnly' attribute to the cookie CookieName token Apache svdhEName of the tracking cookie CookieSameSite None|Lax|StrictsvdhEAdds the 'SameSite' attribute to the cookie CookieSecure on|off off svdhEAdds the 'Secure' attribute to the cookie CookieStyle Netscape|Cookie|Cookie2|RFC2109|RFC2965 Netscape svdhEFormat of the cookie header field CookieTracking on|off off svdhEEnables tracking cookie CoreDumpDirectory directorysMDirectory where Apache HTTP Server attempts to switch before dumping core CustomLog file|pipe format|nickname [env=[!]environment-variable| expr=expression]svBSets filename and format of log file Dav On|Off|provider-name Off dEEnable WebDAV HTTP methods DavBasePath root-pathdEConfigure repository root path DavDepthInfinity on|off off svdEAllow PROPFIND, Depth: Infinity requests DavGenericLockDB file-pathsvdELocation of the DAV lock database DavLockDB file-pathsvELocation of the DAV lock database DavLockDiscovery on|off on svdhEEnable lock discovery DavMinTimeout seconds 0 svdEMinimum amount of time the server holds a lock on a DAV resource DBDExptime time-in-seconds 300 svEKeepalive time for idle connections DBDInitSQL "SQL statement"svEExecute an SQL statement after connecting to a database DBDKeep number 2 svEMaximum sustained number of connections DBDMax number 10 svEMaximum number of connections DBDMin number 1 svEMinimum number of connections DBDParams param1=value1[,param2=value2]svEParameters for database connection DBDPersist On|OffsvEWhether to use persistent connections DBDPrepareSQL "SQL statement" labelsvEDefine an SQL prepared statement DBDriver namesvESpecify an SQL driver DefaultIcon url-pathsvdhBIcon to display for files when no specific icon is configured DefaultLanguage language-tagsvdhBDefines a default language-tag to be sent in the Content-Language header field for all resources in the current context that have not been assigned a language-tag by some other means. DefaultRuntimeDir directory-path DEFAULT_REL_RUNTIME +sCBase directory for the server run-time files DefaultType media-type|none none svdhCThis directive has no effect other than to emit warnings if the value is not none. In prior versions, DefaultType would specify a default media type to assign to response content for which no other media type configuration could be found. Define parameter-name [parameter-value]svdCDefine a variable DeflateAlterETag AddSuffix|NoChange|Remove AddSuffix svEHow the outgoing ETag header should be modified during compression DeflateBufferSize value 8096 svEFragment size to be compressed at one time by zlib DeflateCompressionLevel valuesvEHow much compression do we apply to the output DeflateFilterNote [type] notenamesvEPlaces the compression ratio in a note for logging DeflateInflateLimitRequestBody valuesvdhEMaximum size of inflated request bodies DeflateInflateRatioBurst value 3 svdhEMaximum number of times the inflation ratio for request bodies can be crossed DeflateInflateRatioLimit value 200 svdhEMaximum inflation ratio for request bodies DeflateMemLevel value 9 svEHow much memory should be used by zlib for compression DeflateWindowSize value 15 svEZlib compression window size Deny from all|host|env=[!]env-variable [host|env=[!]env-variable] ...dhEControls which hosts are denied access to the server <Directory directory-path> ... </Directory>svCEnclose a group of directives that apply only to the named file-system directory, sub-directories, and their contents. DirectoryCheckHandler On|Off Off svdhBToggle how this module responds when another handler is configured DirectoryIndex disabled | local-url [local-url] ... index.html svdhBList of resources to look for when the client requests a directory DirectoryIndexRedirect on | off | permanent | temp | seeother | 3xx-code off svdhBConfigures an external redirect for directory indexes. <DirectoryMatch regex> ... </DirectoryMatch>svCEnclose directives that apply to the contents of file-system directories matching a regular expression. DirectorySlash On|Off On svdhBToggle trailing slash redirects on or off DocumentRoot directory-path "/usr/local/apache/ +svCDirectory that forms the main document tree visible from the web DTracePrivileges On|Off Off sXDetermines whether the privileges required by dtrace are enabled. DumpIOInput On|Off Off sEDump all input data to the error log DumpIOOutput On|Off Off sEDump all output data to the error log <Else> ... </Else>svdhCContains directives that apply only if the condition of a previous <If> or <ElseIf> section is not satisfied by a request at runtime <ElseIf expression> ... </ElseIf>svdhCContains directives that apply only if a condition is satisfied by a request at runtime while the condition of a previous <If> or <ElseIf> section is not satisfied EnableExceptionHook On|Off Off sMEnables a hook that runs exception handlers after a crash EnableMMAP On|Off On svdhCUse memory-mapping to read files during delivery EnableSendfile On|Off Off svdhCUse the kernel sendfile support to deliver files to the client Error messagesvdhCAbort configuration parsing with a custom error message ErrorDocument error-code documentsvdhCWhat the server will return to the client in case of an error ErrorLog file-path|syslog[:[facility][:tag]] logs/error_log (Uni +svCLocation where the server will log errors ErrorLogFormat [connection|request] formatsvCFormat specification for error log entries ExamplesvdhXDemonstration directive to illustrate the Apache module API ExpiresActive On|Off Off svdhEEnables generation of Expires headers ExpiresByType MIME-type <code>secondssvdhEValue of the Expires header configured by MIME type ExpiresDefault <code>secondssvdhEDefault algorithm for calculating expiration time ExtendedStatus On|Off Off[*] sCKeep track of extended status information for each request ExtFilterDefine filtername parameterssEDefine an external filter ExtFilterOptions option [option] ... NoLogStderr dEConfigure mod_ext_filter options FallbackResource disabled | local-urlsvdhBDefine a default URL for requests that don't map to a file FileETag component ... MTime Size svdhCFile attributes used to create the ETag HTTP response header for static files <Files filename> ... </Files>svdhCContains directives that apply to matched filenames <FilesMatch regex> ... </FilesMatch>svdhCContains directives that apply to regular-expression matched filenames FilterChain [+=-@!]filter-name ...svdhBConfigure the filter chain FilterDeclare filter-name [type]svdhBDeclare a smart filter FilterProtocol filter-name [provider-name] proto-flagssvdhBDeal with correct HTTP protocol handling FilterProvider filter-name provider-name expressionsvdhBRegister a content filter FilterTrace filter-name levelsvdBGet debug/diagnostic information from mod_filter FlushMaxPipelined number 5 svCMaximum number of pipelined responses above which they are flushed to the network FlushMaxThreshold number-of-bytes 65535 svCThreshold above which pending data are flushed to the network ForceLanguagePriority None|Prefer|Fallback [Prefer|Fallback] Prefer svdhBAction to take if a single acceptable document is not found ForceType media-type|NonedhCForces all matching files to be served with the specified media type in the HTTP Content-Type header field ForensicLog filename|pipesvESets filename of the forensic log GlobalLogfile|pipe format|nickname [env=[!]environment-variable| expr=expression]sBSets filename and format of log file GprofDir /tmp/gprof/|/tmp/gprof/%svCDirectory to write gmon.out profiling data to. GracefulShutdownTimeout seconds 0 sMSpecify a timeout after which a gracefully shutdown server will exit. Group unix-group #-1 sBGroup under which the server will answer requests H2CopyFiles on|off off svdhEDetermine file handling in responses H2Direct on|off on for h2c, off for +svEH2 Direct Protocol Switch H2EarlyHint name valuesvdhEAdd a response header to be picked up in 103 Early Hints H2EarlyHints on|off off svEDetermine sending of 103 status codes H2MaxDataFrameLen n 0 svEMaximum bytes inside a single HTTP/2 DATA frame H2MaxHeaderBlockLen n 0 svEMaximum size of response headers H2MaxSessionStreams n 100 svEMaximum number of active streams per HTTP/2 session. H2MaxStreamErrors n 8 svEMaximum amount of client caused errors to tolerate H2MaxWorkerIdleSeconds n 600 sEMaximum number of seconds h2 workers remain idle until shut down. H2MaxWorkers nsEMaximum number of worker threads to use per child process. H2MinWorkers nsEMinimal number of worker threads to use per child process. H2ModernTLSOnly on|off on svERequire HTTP/2 connections to be "modern TLS" only H2OutputBuffering on|off on svEDetermine buffering behaviour of output H2Padding numbits 0 svEDetermine the range of padding bytes added to payload frames H2ProxyRequests on|off off svEEn-/Disable forward proxy requests via HTTP/2 H2Push on|off on svdhEH2 Server Push Switch H2PushDiarySize n 256 svEH2 Server Push Diary Size H2PushPriority mime-type [after|before|interleaved] [weight] * After 16 svEH2 Server Push Priority H2PushResource [add] path [critical]svdhEDeclares resources for early pushing to the client H2SerializeHeaders on|off off svESerialize Request/Response Processing Switch H2StreamMaxMemSize bytes 65536 svEMaximum amount of output data buffered per stream. H2StreamTimeout time-interval[s]svdEMaximum time waiting when sending/receiving data to stream processing H2TLSCoolDownSecs seconds 1 svEConfigure the number of seconds of idle time on TLS before shrinking writes H2TLSWarmUpSize amount 1048576 svEConfigure the number of bytes on TLS connection before doing max writes H2Upgrade on|off on for h2c, off for +svdhEH2 Upgrade Protocol Switch H2WebSockets on|off off svEEn-/Disable WebSockets via HTTP/2 H2WindowSize bytes 65535 svESize of Stream Window for upstream data. Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] svdhEConfigure HTTP response headers HeaderName filenamesvdhBName of the file that will be inserted at the top of the index listing HeartbeatAddress addr:portsXMulticast address for heartbeat packets HeartbeatListen addr:portsXmulticast address to listen for incoming heartbeat requests HeartbeatMaxServers number-of-servers 10 sXSpecifies the maximum number of servers that will be sending heartbeat requests to this server HeartbeatStorage file-path logs/hb.dat sXPath to store heartbeat data when using flat-file storage HeartbeatStorage file-path logs/hb.dat sXPath to read heartbeat data HostnameLookups On|Off|Double Off svdCEnables DNS lookups on client IP addresses HttpProtocolOptions [Strict|Unsafe] [RegisteredMethods|LenientMethods] [Allow0.9|Require1.0] Strict LenientMetho +svCModify restrictions on HTTP Request Messages IdentityCheck On|Off Off svdEEnables logging of the RFC 1413 identity of the remote user IdentityCheckTimeout seconds 30 svdEDetermines the timeout duration for ident requests <If expression> ... </If>svdhCContains directives that apply only if a condition is satisfied by a request at runtime <IfDefine [!]parameter-name> ... </IfDefine>svdhCEncloses directives that will be processed only if a test is true at startup <IfDirective [!]directive-name> ... </IfDirective>svdhCEncloses directives that are processed conditional on the presence or absence of a specific directive <IfFile [!]filename> ... </IfFile>svdhCEncloses directives that will be processed only if file exists at startup <IfModule [!]module-file|module-identifier> ... </IfModule>svdhCEncloses directives that are processed conditional on the presence or absence of a specific module <IfSection [!]section-name> ... </IfSection>svdhCEncloses directives that are processed conditional on the presence or absence of a specific section directive <IfVersion [[!]operator] version> ... </IfVersion>svdhEcontains version dependent configuration ImapBase map|referer|URL http://servername/ svdhBDefault base for imagemap files ImapDefault error|nocontent|map|referer|URL nocontent svdhBDefault action when an imagemap is called with coordinates that are not explicitly mapped ImapMenu none|formatted|semiformatted|unformatted formatted svdhBAction if no coordinates are given when calling an imagemap Include file-path|directory-path|wildcardsvdCIncludes other configuration files from within the server configuration files IncludeOptional file-path|directory-path|wildcardsvdCIncludes other configuration files from within the server configuration files IndexHeadInsert "markup ..."svdhBInserts text in the HEAD section of an index page. IndexIgnore file [file] ... "." svdhBAdds to the list of files to hide when listing a directory IndexIgnoreReset ON|OFFsvdhBEmpties the list of files to hide when listing a directory IndexOptions [+|-]option [[+|-]option] ...svdhBVarious configuration settings for directory indexing IndexOrderDefault Ascending|Descending Name|Date|Size|Description Ascending Name svdhBSets the default ordering of the directory index IndexStyleSheet url-pathsvdhBAdds a CSS stylesheet to the directory index InputSed sed-commanddhXSed command to filter request data (typically POST data) ISAPIAppendLogToErrors on|off off svdhBRecord HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the error log ISAPIAppendLogToQuery on|off on svdhBRecord HSE_APPEND_LOG_PARAMETER requests from ISAPI extensions to the query field ISAPICacheFile file-path [file-path] ...svBISAPI .dll files to be loaded at startup ISAPIFakeAsync on|off off svdhBFake asynchronous support for ISAPI callbacks ISAPILogNotSupported on|off off svdhBLog unsupported feature requests from ISAPI extensions ISAPIReadAheadBuffer size 49152 svdhBSize of the Read Ahead Buffer sent to ISAPI extensions KeepAlive On|Off On svCEnables HTTP persistent connections KeepAliveTimeout num[ms] 5 svCAmount of time the server will wait for subsequent requests on a persistent connection KeptBodySize maximum size in bytes 0 dBKeep the request body instead of discarding it up to the specified maximum size, for potential use by filters such as mod_include. LanguagePriority MIME-lang [MIME-lang] ...svdhBThe precedence of language variants for cases where the client does not express a preference LDAPCacheEntries number 1024 sEMaximum number of entries in the primary LDAP cache LDAPCacheTTL seconds 600 sETime that cached items remain valid LDAPConnectionPoolTTL n -1 svEDiscard backend connections that have been sitting in the connection pool too long LDAPConnectionTimeout secondssESpecifies the socket connection timeout in seconds LDAPLibraryDebug 7sEEnable debugging in the LDAP SDK LDAPOpCacheEntries number 1024 sENumber of entries used to cache LDAP compare operations LDAPOpCacheTTL seconds 600 sETime that entries in the operation cache remain valid LDAPReferralHopLimit numberdhEThe maximum number of referral hops to chase before terminating an LDAP query. LDAPReferrals On|Off|default On dhEEnable referral chasing during queries to the LDAP server. LDAPRetries number-of-retries 3 sEConfigures the number of LDAP server retries. LDAPRetryDelay seconds 0 sEConfigures the delay between LDAP server retries. LDAPSharedCacheFile directory-path/filenamesESets the shared memory cache file LDAPSharedCacheSize bytes 500000 sESize in bytes of the shared-memory cache LDAPTimeout seconds 60 sESpecifies the timeout for LDAP search and bind operations, in seconds LDAPTrustedClientCert type directory-path/filename/nickname [password]dhESets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates. LDAPTrustedGlobalCert type directory-path/filename [password]sESets the file or database containing global trusted Certificate Authority or global client certificates LDAPTrustedMode typesvESpecifies the SSL/TLS mode to be used when connecting to an LDAP server. LDAPVerifyServerCert On|Off On sEForce server certificate verification <Limit method [method] ... > ... </Limit>dhCRestrict enclosed access controls to only certain HTTP methods <LimitExcept method [method] ... > ... </LimitExcept>dhCRestrict access controls to all HTTP methods except the named ones LimitInternalRecursion number [number] 10 svCDetermine maximum number of internal redirects and nested subrequests LimitRequestBody bytes 1073741824 svdhCRestricts the total size of the HTTP request body sent from the client LimitRequestFields number 100 svCLimits the number of HTTP request header fields that will be accepted from the client LimitRequestFieldSize bytes 8190 svCLimits the size of the HTTP request header allowed from the client LimitRequestLine bytes 8190 svCLimit the size of the HTTP request line that will be accepted from the client LimitXMLRequestBody bytes 1000000 svdhCLimits the size of an XML-based request body Listen [IP-address:]portnumber [protocol]sMIP addresses and ports that the server listens to ListenBackLog backlog 511 sMMaximum length of the queue of pending connections ListenCoresBucketsRatio ratio 0 (disabled) sMRatio between the number of CPU cores (online) and the number of listeners' buckets ListenTCPDeferAccept integer 30 sMValue set for the socket option TCP_DEFER_ACCEPT if it is set LoadFile filename [filename] ...svELink in the named object file or library LoadModule module filenamesvELinks in the object file or library, and adds to the list of active modules <Location URL-path|URL> ... </Location>svCApplies the enclosed directives only to matching URLs <LocationMatch regex> ... </LocationMatch>svCApplies the enclosed directives only to regular-expression matching URLs LogFormat format|nickname [nickname] "%h %l %u %t \"%r\" +svBDescribes a format for use in a log file LogIOTrackTTFB ON|OFF OFF svdhEEnable tracking of time to first byte (TTFB) LogLevel [module:]level [module:level] ... warn svdCControls the verbosity of the ErrorLog LogMessage message [hook=hook] [expr=expression] dXLog user-defined message to error log LuaAuthzProvider provider_name /path/to/lua/script.lua function_namesEPlug an authorization provider function into mod_authz_core LuaCodeCache stat|forever|never stat svdhEConfigure the compiled code cache. LuaHookAccessChecker /path/to/lua/script.lua hook_function_name [early|late]svdhEProvide a hook for the access_checker phase of request processing LuaHookAuthChecker /path/to/lua/script.lua hook_function_name [early|late]svdhEProvide a hook for the auth_checker phase of request processing LuaHookCheckUserID /path/to/lua/script.lua hook_function_name [early|late]svdhEProvide a hook for the check_user_id phase of request processing LuaHookFixups /path/to/lua/script.lua hook_function_namesvdhEProvide a hook for the fixups phase of a request processing LuaHookInsertFilter /path/to/lua/script.lua hook_function_namesvdhEProvide a hook for the insert_filter phase of request processing LuaHookLog /path/to/lua/script.lua log_function_namesvdhEProvide a hook for the access log phase of a request processing LuaHookMapToStorage /path/to/lua/script.lua hook_function_namesvdhEProvide a hook for the map_to_storage phase of request processing LuaHookPreTranslate /path/to/lua/script.lua hook_function_namesvdhEProvide a hook for the pre_translate phase of a request processing LuaHookTranslateName /path/to/lua/script.lua hook_function_name [early|late]svEProvide a hook for the translate name phase of request processing LuaHookTypeChecker /path/to/lua/script.lua hook_function_namesvdhEProvide a hook for the type_checker phase of request processing LuaInherit none|parent-first|parent-last parent-first svdhEControls how parent configuration sections are merged into children LuaInputFilter filter_name /path/to/lua/script.lua function_namesEProvide a Lua function for content input filtering LuaMapHandler uri-pattern /path/to/lua/script.lua [function-name]svdhEMap a path to a lua handler LuaOutputFilter filter_name /path/to/lua/script.lua function_namesEProvide a Lua function for content output filtering LuaPackageCPath /path/to/include/?.soasvdhEAdd a directory to lua's package.cpath LuaPackagePath /path/to/include/?.luasvdhEAdd a directory to lua's package.path LuaQuickHandler /path/to/script.lua hook_function_namesvEProvide a hook for the quick handler of request processing LuaRoot /path/to/a/directorysvdhESpecify the base path for resolving relative paths for mod_lua directives LuaScope once|request|conn|thread|server [min] [max] once svdhEOne of once, request, conn, thread -- default is once <Macro name [par1 .. parN]> ... </Macro>svdBDefine a configuration file macro MaxConnectionsPerChild number 0 sMLimit on the number of connections that an individual child server will handle during its life MaxKeepAliveRequests number 100 svCNumber of requests allowed on a persistent connection MaxMemFree KBytes 2048 sMMaximum amount of memory that the main allocator is allowed to hold without calling free() MaxRangeOverlaps default | unlimited | none | number-of-ranges 20 svdCNumber of overlapping ranges (eg: 100-200,150-300) allowed before returning the complete resource MaxRangeReversals default | unlimited | none | number-of-ranges 20 svdCNumber of range reversals (eg: 100-200,50-70) allowed before returning the complete resource MaxRanges default | unlimited | none | number-of-ranges 200 svdCNumber of ranges allowed before returning the complete resource MaxRequestWorkers numbersMMaximum number of connections that will be processed simultaneously MaxSpareServers number 10 sMMaximum number of idle child server processes MaxSpareThreads numbersMMaximum number of idle threads MaxThreads number 2048 sMSet the maximum number of worker threads MDActivationDelay durationsXHow long to delay activation of new certificates MDBaseServer on|off off sXControl if base server may be managed or only virtual hosts. MDCACertificateFile file none sXFile containing x509 trust anchors to verify ACME servers. MDCAChallenges name [ name ... ] tls-alpn-01 http-01 +sXType of ACME challenge used to prove domain ownership. MDCertificateAgreement acceptedsXYou confirm that you accepted the Terms of Service of the Certificate Authority. MDCertificateAuthority url letsencrypt sXThe URL(s) of the ACME Certificate Authority to use. MDCertificateCheck name urlsXSet name and URL pattern for a certificate monitoring site. MDCertificateFile path-to-pem-filesXSpecify a static certificate file for the MD. MDCertificateKeyFile path-to-filesXSpecify a static private key for for the static cerrtificate. MDCertificateMonitor name url crt.sh https://crt. +sXThe URL of a certificate log monitor. MDCertificateProtocol protocol ACME sXThe protocol to use with the Certificate Authority. MDCertificateStatus on|off on sXExposes public certificate information in JSON. MDChallengeDns01 path-to-commandsXSet the command for setup/teardown of dns-01 challenges MDChallengeDns01Version 1|2 1 sXSet the type of arguments to call MDChallengeDns01 with MDCheckInterval duration 12h sXDetermines how often certificates are checked MDContactEmail addresssXEmail address used for account registration MDDriveMode always|auto|manual auto sXformer name of MDRenewMode. MDExternalAccountBinding key-id hmac-64 | none | file none sXSet the external account binding keyid and hmac values to use at CA MDHttpProxy urlsXDefine a proxy for outgoing connections. MDInitialDelay duration 0s sXHow long to delay the first certificate check. MDMatchNames all|servernames all sXDetermines how DNS names are matched to vhosts MDMember hostnamesXAdditional hostname for the managed domain. MDMembers auto|manual auto sXControl if the alias domain names are automatically added. MDMessageCmd path-to-cmd optional-argssXHandle events for Manage Domains MDMustStaple on|off off sXControl if new certificates carry the OCSP Must Staple flag. MDNotifyCmd path [ args ]sXRun a program when a Managed Domain is ready. MDomain dns-name [ other-dns-name... ] [auto|manual]sXDefine list of domain names that belong to one group. <MDomainSet dns-name [ other-dns-name... ]>...</MDomainSet>sXContainer for directives applied to the same managed domains. MDPortMap map1 [ map2 ] http:80 https:443 sXMap external to internal ports for domain ownership verification. MDPrivateKeys type [ params... ] RSA 2048 sXSet type and size of the private keys generated. MDProfile namesXUse a specific ACME profile from the CA MDProfileMandatory on|off off sXControl if an MDProfile is mandatory. MDRenewMode always|auto|manual auto sXControls if certificates shall be renewed. MDRenewViaARI on|off on sXusage of the ACME ARI extension (rfc9773). MDRenewWindow duration 33% sXControl when a certificate will be renewed. MDRequireHttps off|temporary|permanent off sXRedirects http: traffic to https: for Managed Domains. MDRetryDelay duration 30s sXTime length for first retry, doubled on every consecutive error. MDRetryFailover number 13 sXThe number of errors before a failover to another CA is triggered MDServerStatus on|off on sXControl if Managed Domain information is added to server-status. MDStapleOthers on|off on sXEnable stapling for certificates not managed by mod_md. MDStapling on|off off sXEnable stapling for all or a particular MDomain. MDStaplingKeepResponse duration 7d sXControls when old responses should be removed. MDStaplingRenewWindow duration 33% sXControl when the stapling responses will be renewed. MDStoreDir path md sXPath on the local file system to store the Managed Domains data. MDStoreLocks on|off|duration off sXConfigure locking of store for updates MDWarnWindow duration 10% sXDefine the time window when you want to be warned about an expiring certificate. MemcacheConnTTL num[units] 15s svEKeepalive time for idle connections MergeSlashes ON|OFF ON svCControls whether the server merges consecutive slashes in URLs. MergeTrailers [on|off] off svCDetermines whether trailers are merged into headers MetaDir directory .web svdhEName of the directory to find CERN-style meta information files MetaFiles on|off off svdhEActivates CERN meta-file processing MetaSuffix suffix .meta svdhEFile name suffix for the file containing CERN-style meta information MimeMagicFile file-pathsvEEnable MIME-type determination based on file contents using the specified magic file MinSpareServers number 5 sMMinimum number of idle child server processes MinSpareThreads numbersMMinimum number of idle threads available to handle request spikes MMapFile file-path [file-path] ...sXMap a list of files into memory at startup time ModemStandard V.21|V.26bis|V.32|V.34|V.92dXModem standard to simulate ModMimeUsePathInfo On|Off Off dBTells mod_mime to treat path_info components as part of the filename MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers [Handlers|Filters] NegotiatedOnly svdhBThe types of files that will be included when searching for a matching file with MultiViews Mutex mechanism [default|mutex-name] ... [OmitPID] default sCConfigures mutex mechanism and lock file directory for all or specified mutexes NameVirtualHost addr[:port]sCDEPRECATED: Designates an IP address for name-virtual hosting NoProxy host [host] ...svEHosts, domains, or networks that will be connected to directly NWSSLTrustedCerts filename [filename] ...sBList of additional client certificates NWSSLUpgradeable [IP-address:]portnumbersBAllows a connection to be upgraded to an SSL connection upon request Options [+|-]option [[+|-]option] ... FollowSymlinks svdhCConfigures what features are available in a particular directory Order ordering Deny,Allow dhEControls the default access state and the order in which Allow and Deny are evaluated. OutputSed sed-commanddhXSed command for filtering response content PassEnv env-variable [env-variable] ...svdhBPasses environment variables from the shell PidFile filename logs/httpd.pid sMFile where the server records the process ID of the daemon PrivilegesMode FAST|SECURE|SELECTIVE FAST svdXTrade off processing speed and efficiency vs security against malicious privileges-aware code. Protocol protocolsvCProtocol for a listening socket ProtocolEcho On|Off Off svXTurn the echo server on or off Protocols protocol ... http/1.1 svCProtocols available for a server/virtual host ProtocolsHonorOrder On|Off On svCDetermines if order of Protocols determines precedence during negotiation <Proxy wildcard-url> ...</Proxy>svEContainer for directives applied to proxied resources Proxy100Continue Off|On On svdEForward 100-continue expectation to the origin server ProxyAddHeaders Off|On On svdEAdd proxy information in X-Forwarded-* headers ProxyBadHeader IsError|Ignore|StartBody IsError svEDetermines how to handle bad header lines in a response ProxyBlock *|word|host|domain [word|host|domain] ...svEWords, hosts, or domains that are banned from being proxied ProxyDomain DomainsvEDefault domain name for proxied requests ProxyErrorOverride Off|On [code ...] Off svdEOverride error pages for proxied content ProxyExpressDBMFile pathnamesvEPathname to DBM file. ProxyExpressDBMType type default svEDBM type of file. ProxyExpressEnable on|off off svEEnable the module functionality. ProxyFCGIBackendType FPM|GENERIC FPM svdhESpecify the type of backend FastCGI application ProxyFCGISetEnvIf conditional-expression [!]environment-variable-name [value-expression]svdhEAllow variables sent to FastCGI servers to be fixed up ProxyFtpDirCharset character_set ISO-8859-1 svdEDefine the character set for proxied FTP listings ProxyFtpEscapeWildcards on|off on svdEWhether wildcards in requested filenames are escaped when sent to the FTP server ProxyFtpListOnWildcard on|off on svdEWhether wildcards in requested filenames trigger a file listing ProxyHCExpr name {ap_expr expression}svECreates a named condition expression to use to determine health of the backend based on its response ProxyHCTemplate name parameter=setting [...]svECreates a named template for setting various health check parameters ProxyHCTPsize size 16 sESets the total server-wide size of the threadpool used for the health check workers ProxyHTMLBufSize bytes 8192 svdBSets the buffer size increment for buffering inline scripts and stylesheets. ProxyHTMLCharsetOut Charset | *svdBSpecify a charset for mod_proxy_html output. ProxyHTMLDocType HTML|XHTML [Legacy]
OR
ProxyHTMLDocType fpi [SGML|XML]svdBSets an HTML or XHTML document type declaration. ProxyHTMLEnable On|Off Off svdBTurns the proxy_html filter on or off. ProxyHTMLEvents attribute [attribute ...]svdBSpecify attributes to treat as scripting events. ProxyHTMLExtended On|Off Off svdBDetermines whether to fix links in inline scripts, stylesheets, and scripting events. ProxyHTMLFixups [lowercase] [dospath] [reset]svdBFixes for simple HTML errors. ProxyHTMLInterp On|Off Off svdBEnables per-request interpolation of ProxyHTMLURLMap rules. ProxyHTMLLinks element attribute [attribute2 ...]svdBSpecify HTML elements that have URL attributes to be rewritten. ProxyHTMLMeta On|Off Off svdBTurns on or off extra pre-parsing of metadata in HTML <head> sections. ProxyHTMLStripComments On|Off Off svdBDetermines whether to strip HTML comments. ProxyHTMLURLMap from-pattern to-pattern [flags] [cond]svdBDefines a rule to rewrite HTML links ProxyIOBufferSize bytes 8192 svEDetermine size of internal data throughput buffer <ProxyMatch regex> ...</ProxyMatch>svEContainer for directives applied to regular-expression-matched proxied resources ProxyMaxForwards number -1 svEMaximum number of proxies that a request can be forwarded through ProxyPass [path] !|url [key=value [key=value ...]] [nocanon] [interpolate] [noquery]svdEMaps remote servers into the local server URL-space ProxyPassInherit On|Off On svEInherit ProxyPass directives defined from the main server ProxyPassInterpolateEnv On|Off Off svdEEnable Environment Variable interpolation in Reverse Proxy configurations ProxyPassMatch [regex] !|url [key=value [key=value ...]]svdEMaps remote servers into the local server URL-space using regular expressions ProxyPassReverse [path] url [interpolate]svdEAdjusts the URL in HTTP response headers sent from a reverse proxied server ProxyPassReverseCookieDomain internal-domain public-domain [interpolate]svdEAdjusts the Domain string in Set-Cookie headers from a reverse- proxied server ProxyPassReverseCookiePath internal-path public-path [interpolate]svdEAdjusts the Path string in Set-Cookie headers from a reverse- proxied server ProxyPreserveHost On|Off Off svdEUse incoming Host HTTP request header for proxy request ProxyReceiveBufferSize bytes 0 svENetwork buffer size for proxied HTTP and FTP connections ProxyRemote match remote-server [username:password]svERemote proxy used to handle certain requests ProxyRemoteMatch regex remote-server [username:password]svERemote proxy used to handle requests matched by regular expressions ProxyRequests On|Off Off svEEnables forward (standard) proxy requests ProxySCGIInternalRedirect On|Off|Headername On svdEEnable or disable internal redirect responses from the backend ProxySCGISendfile On|Off|Headername Off svdEEnable evaluation of X-Sendfile pseudo response header ProxySet url key=value [key=value ...]svdESet various Proxy balancer or member parameters ProxySourceAddress addresssvESet local IP address for outgoing proxy connections ProxyStatus Off|On|Full Off svEShow Proxy LoadBalancer status in mod_status ProxyTimeout secondssvENetwork timeout for proxied requests ProxyVia On|Off|Full|Block Off svEInformation provided in the Via HTTP response header for proxied requests ProxyWebsocketFallbackToProxyHttp On|Off On svEInstructs this module to let mod_proxy_http handle the request QualifyRedirectURL On|Off Off svdCControls whether the REDIRECT_URL environment variable is fully qualified ReadBufferSize bytes 8192 svdCSize of the buffers used to read data ReadmeName filenamesvdhBName of the file that will be inserted at the end of the index listing ReceiveBufferSize bytes 0 sMTCP receive buffer size Redirect [status] [URL-path] URLsvdhBSends an external redirect asking the client to fetch a different URL RedirectMatch [status] regex URLsvdhBSends an external redirect based on a regular expression match of the current URL RedirectPermanent URL-path URLsvdhBSends an external permanent redirect asking the client to fetch a different URL RedirectRelative On|Off Off svdBAllows relative redirect targets. RedirectTemp URL-path URLsvdhBSends an external temporary redirect asking the client to fetch a different URL RedisConnPoolTTL num[units] 15s svETTL used for the connection pool with the Redis server(s) RedisTimeout num[units] 5s svER/W timeout used for the connection with the Redis server(s) ReflectorHeader inputheader [outputheader]svdhBReflect an input header to the output headers RegexDefaultOptions [none] [+|-]option [[+|-]option] ... DOTALL DOLLAR_ENDON +sCAllow to configure global/default options for regexes RegisterHttpMethod method [method [...]]sCRegister non-standard HTTP methods RemoteIPHeader header-fieldsvBDeclare the header field which should be parsed for useragent IP addresses RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value RemoteIPInternalProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value RemoteIPProxiesHeader HeaderFieldNamesvBDeclare the header field which will record all intermediate IP addresses RemoteIPProxyProtocol On|OffsvBEnable or disable PROXY protocol handling RemoteIPProxyProtocolExceptions host|range [host|range] [host|range]svBDisable processing of PROXY header for certain hosts or networks RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...svBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value RemoteIPTrustedProxyList filenamesvBDeclare client intranet IP addresses trusted to present the RemoteIPHeader value RemoveCharset extension [extension] ...vdhBRemoves any character set associations for a set of file extensions RemoveEncoding extension [extension] ...vdhBRemoves any content encoding associations for a set of file extensions RemoveHandler extension [extension] ...vdhBRemoves any handler associations for a set of file extensions RemoveInputFilter extension [extension] ...vdhBRemoves any input filter associations for a set of file extensions RemoveLanguage extension [extension] ...vdhBRemoves any language associations for a set of file extensions RemoveOutputFilter extension [extension] ...vdhBRemoves any output filter associations for a set of file extensions RemoveType extension [extension] ...vdhBRemoves any content type associations for a set of file extensions RequestHeader add|append|edit|edit*|merge|set|setifempty|unset header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] svdhEConfigure HTTP request headers RequestReadTimeout [handshake=timeout[-maxtimeout][,MinRate=rate] [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate] handshake=0 header= +svESet timeout values for completing the TLS handshake, receiving the request headers and/or body from client. Require [not] entity-name [entity-name] ...dhBTests whether an authenticated user is authorized by an authorization provider. <RequireAll> ... </RequireAll>dhBEnclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed. <RequireAny> ... </RequireAny>dhBEnclose a group of authorization directives of which one must succeed for the enclosing directive to succeed. <RequireNone> ... </RequireNone>dhBEnclose a group of authorization directives of which none must succeed for the enclosing directive to not fail. RewriteBase URL-pathdhESets the base URL for per-directory rewrites RewriteCond TestString CondPattern [flags]svdhEDefines a condition under which rewriting will take place RewriteEngine on|off off svdhEEnables or disables runtime rewriting engine RewriteMap MapName MapType:MapSource [MapTypeOptions] svEDefines a mapping function for key-lookup RewriteOptions OptionssvdhESets some special options for the rewrite engine RewriteRule Pattern Substitution [flags]svdhEDefines rules for the rewriting engine RLimitCPU seconds|max [seconds|max]svdhCLimits the CPU consumption of processes launched by Apache httpd children RLimitMEM bytes|max [bytes|max]svdhCLimits the memory consumption of processes launched by Apache httpd children RLimitNPROC number|max [number|max]svdhCLimits the number of processes that can be launched by processes launched by Apache httpd children Satisfy Any|All All dhEInteraction between host-level access control and user authentication ScoreBoardFile file-path logs/apache_runtime +sMLocation of the file used to store coordination data for the child processes Script method cgi-scriptsvdBActivates a CGI script for a particular request method. ScriptAlias [URL-path] file-path|directory-pathsvdBMaps a URL to a filesystem location and designates the target as a CGI script ScriptAliasMatch regex file-path|directory-pathsvBMaps a URL to a filesystem location using a regular expression and designates the target as a CGI script ScriptInterpreterSource Registry|Registry-Strict|Script Script svdhCTechnique for locating the interpreter for CGI scripts ScriptLog file-pathsvBLocation of the CGI script error logfile ScriptLogBuffer bytes 1024 svBMaximum amount of PUT or POST requests that will be recorded in the scriptlog ScriptLogLength bytes 10385760 svBSize limit of the CGI script logfile ScriptSock file-path cgisock sBThe filename prefix of the socket to use for communication with the cgi daemon SecureListen [IP-address:]portnumber Certificate-Name [MUTUAL]sBEnables SSL encryption for the specified port SeeRequestTail On|Off Off sCDetermine if mod_status displays the first 63 characters of a request or the last 63, assuming the request itself is greater than 63 chars. SendBufferSize bytes 0 sMTCP buffer size ServerAdmin email-address|URLsvCEmail address that the server includes in error messages sent to the client ServerAlias hostname [hostname] ...vCAlternate names for a host used when matching requests to name-virtual hosts ServerLimit numbersMUpper limit on configurable number of processes ServerName [scheme://]domain-name|ip-address[:port]svCHostname and port that the server uses to identify itself ServerPath URL-pathvCLegacy URL pathname for a name-based virtual host that is accessed by an incompatible browser ServerRoot directory-path /usr/local/apache sCBase directory for the server installation ServerSignature On|Off|EMail Off svdhCConfigures the footer on server-generated documents ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full Full sCConfigures the Server HTTP response header Session On|Off Off svdhEEnables a session for the current directory or location SessionCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session SessionCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session SessionCookieRemove On|Off Off svdhEControl for whether session cookies should be removed from incoming HTTP headers SessionCryptoCipher name aes256 svdhXThe crypto cipher to be used to encrypt the session SessionCryptoDriver name [param[=value]]sXThe crypto driver to be used to encrypt the session SessionCryptoPassphrase secret [ secret ... ] svdhXThe key used to encrypt the session SessionCryptoPassphraseFile filenamesvdXFile containing keys used to encrypt the session SessionDBDCookieName name attributessvdhEName and attributes for the RFC2109 cookie storing the session ID SessionDBDCookieName2 name attributessvdhEName and attributes for the RFC2965 cookie storing the session ID SessionDBDCookieRemove On|Off On svdhEControl for whether session ID cookies should be removed from incoming HTTP headers SessionDBDDeleteLabel label deletesession svdhEThe SQL query to use to remove sessions from the database SessionDBDInsertLabel label insertsession svdhEThe SQL query to use to insert sessions into the database SessionDBDPerUser On|Off Off svdhEEnable a per user session SessionDBDSelectLabel label selectsession svdhEThe SQL query to use to select sessions from the database SessionDBDUpdateLabel label updatesession svdhEThe SQL query to use to update existing sessions in the database SessionEnv On|Off Off svdhEControl whether the contents of the session are written to the HTTP_SESSION environment variable SessionExclude pathsvdhEDefine URL prefixes for which a session is ignored SessionExpiryUpdateInterval interval 0 (always update) svdhEDefine the number of seconds a session's expiry may change without the session being updated SessionHeader headersvdhEImport session updates from a given HTTP response header SessionInclude pathsvdhEDefine URL prefixes for which a session is valid SessionMaxAge maxage 0 svdhEDefine a maximum age in seconds for a session SetEnv env-variable [value]svdhBSets environment variables SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request SetEnvIfExpr expr [!]env-variable[=value] [[!]env-variable[=value]] ...svdhBSets environment variables based on an ap_expr expression SetEnvIfNoCase attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ...svdhBSets environment variables based on attributes of the request without respect to case SetHandler handler-name|none|expressionsvdhCForces all matching files to be processed by a handler SetInputFilter filter[;filter...]svdhCSets the filters that will process client requests and POST input SetOutputFilter filter[;filter...]svdhCSets the filters that will process responses from the server SSIEndTag tag "-->" svBString that ends an include element SSIErrorMsg message "[an error occurred +svdhBError message displayed when there is an SSI error SSIETag on|off off dhBControls whether ETags are generated by the server. SSILastModified on|off off dhBControls whether Last-Modified headers are generated by the server. SSILegacyExprParser on|off off dhBEnable compatibility mode for conditional expressions. SSIStartTag tag "<!--#" svBString that starts an include element SSITimeFormat formatstring "%A, %d-%b-%Y %H:%M +svdhBConfigures the format in which date strings are displayed SSIUndefinedEcho string "(none)" svdhBString displayed when an unset variable is echoed SSLCACertificateFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for Client Auth SSLCACertificatePath directory-pathsvEDirectory of PEM-encoded CA Certificates for Client Auth SSLCADNRequestFile file-pathsvEFile of concatenated PEM-encoded CA Certificates for defining acceptable CA names SSLCADNRequestPath directory-pathsvEDirectory of PEM-encoded CA Certificates for defining acceptable CA names SSLCARevocationCheck chain|leaf|none [flags ...] none svEEnable CRL-based revocation checking SSLCARevocationFile file-pathsvEFile of concatenated PEM-encoded CA CRLs for Client Auth SSLCARevocationPath directory-pathsvEDirectory of PEM-encoded CA CRLs for Client Auth SSLCertificateChainFile file-pathsvEFile of PEM-encoded Server CA Certificates SSLCertificateFile file-path|certidsvEServer PEM-encoded X.509 certificate data file or token identifier SSLCertificateKeyFile file-path|keyidsvEServer PEM-encoded private key file SSLCipherSuite [protocol] cipher-spec DEFAULT (depends on +svdhECipher Suite available for negotiation in SSL handshake SSLCompression on|off off svEEnable compression on the SSL level SSLCryptoDevice engine builtin sEEnable use of a cryptographic hardware accelerator SSLEngine on|off off svESSL Engine Operation Switch SSLFIPS on|off off sESSL FIPS mode Switch SSLHonorCipherOrder on|off off svEOption to prefer the server's cipher preference order SSLInsecureRenegotiation on|off off svEOption to enable support for insecure renegotiation SSLOCSPDefaultResponder urisvESet the default responder URI for OCSP validation SSLOCSPEnable on|leaf|off off svEEnable OCSP validation of the client certificate chain SSLOCSPNoverify on|off off svEskip the OCSP responder certificates verification SSLOCSPOverrideResponder on|off off svEForce use of the default responder URI for OCSP validation SSLOCSPProxyURL urlsvEProxy URL to use for OCSP requests SSLOCSPResponderCertificateFile filesvESet of trusted PEM encoded OCSP responder certificates SSLOCSPResponderTimeout seconds 10 svETimeout for OCSP queries SSLOCSPResponseMaxAge seconds -1 svEMaximum allowable age for OCSP responses SSLOCSPResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP response validation SSLOCSPUseRequestNonce on|off on svEUse a nonce within OCSP queries SSLOpenSSLConfCmd command-name command-valuesvEConfigure OpenSSL parameters through its SSL_CONF API SSLOptions [+|-]option ...svdhEConfigure various SSL engine run-time options SSLPassPhraseDialog type builtin sEType of pass phrase dialog for encrypted private keys SSLProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svEConfigure usable SSL/TLS protocol versions SSLProxyCACertificateFile file-pathsvpEFile of concatenated PEM-encoded CA Certificates for Remote Server Auth SSLProxyCACertificatePath directory-pathsvpEDirectory of PEM-encoded CA Certificates for Remote Server Auth SSLProxyCARevocationCheck chain|leaf|none none svpEEnable CRL-based revocation checking for Remote Server Auth SSLProxyCARevocationFile file-pathsvpEFile of concatenated PEM-encoded CA CRLs for Remote Server Auth SSLProxyCARevocationPath directory-pathsvpEDirectory of PEM-encoded CA CRLs for Remote Server Auth SSLProxyCheckPeerCN on|off on svpEWhether to check the remote server certificate's CN field SSLProxyCheckPeerExpire on|off on svpEWhether to check if remote server certificate is expired SSLProxyCheckPeerName on|off on svpEConfigure host name checking for remote server certificates SSLProxyCipherSuite [protocol] cipher-spec ALL:!ADH:RC4+RSA:+H +svpECipher Suite available for negotiation in SSL proxy handshake SSLProxyEngine on|off off svpESSL Proxy Engine Operation Switch SSLProxyMachineCertificateChainFile filenamesvpEFile of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate SSLProxyMachineCertificateFile filenamesvpEFile of concatenated PEM-encoded client certificates and keys to be used by the proxy SSLProxyMachineCertificatePath directorysvpEDirectory of PEM-encoded client certificates and keys to be used by the proxy SSLProxyProtocol [+|-]protocol ... all -SSLv3 (up to 2 +svpEConfigure usable SSL protocol flavors for proxy usage SSLProxyVerify level none svpEType of remote server Certificate verification SSLProxyVerifyDepth number 1 svpEMaximum depth of CA Certificates in Remote Server Certificate verification SSLRandomSeed context source [bytes]sEPseudo Random Number Generator (PRNG) seeding source SSLRenegBufferSize bytes 131072 dhESet the size for the SSL renegotiation buffer SSLRequire expressiondhEAllow access only when an arbitrarily complex boolean expression is true SSLRequireSSLdhEDeny access when SSL is not used for the HTTP request SSLSessionCache type none sEType of the global/inter-process SSL Session Cache SSLSessionCacheTimeout seconds 300 svENumber of seconds before an SSL session expires in the Session Cache SSLSessionTicketKeyFile file-pathsvEPersistent encryption/decryption key for TLS session tickets SSLSessionTickets on|off on svEEnable or disable use of TLS session tickets SSLSRPUnknownUserSeed secret-stringsvESRP unknown user seed SSLSRPVerifierFile file-pathsvEPath to SRP verifier file SSLStaplingCache typesEConfigures the OCSP stapling cache SSLStaplingErrorCacheTimeout seconds 600 svENumber of seconds before expiring invalid responses in the OCSP stapling cache SSLStaplingFakeTryLater on|off on svESynthesize "tryLater" responses for failed OCSP stapling queries SSLStaplingForceURL urisvEOverride the OCSP responder URI specified in the certificate's AIA extension SSLStaplingResponderTimeout seconds 10 svETimeout for OCSP stapling queries SSLStaplingResponseMaxAge seconds -1 svEMaximum allowable age for OCSP stapling responses SSLStaplingResponseTimeSkew seconds 300 svEMaximum allowable time skew for OCSP stapling response validation SSLStaplingReturnResponderErrors on|off on svEPass stapling related OCSP errors on to client SSLStaplingStandardCacheTimeout seconds 3600 svENumber of seconds before expiring responses in the OCSP stapling cache SSLStrictSNIVHostCheck on|off off svEWhether to allow non-SNI clients to access a name-based virtual host. SSLUserName varnamesdhEVariable name to determine user name SSLUseStapling on|off off svEEnable stapling of OCSP responses in the TLS handshake SSLVerifyClient level none svdhEType of Client Certificate verification SSLVerifyDepth number 1 svdhEMaximum depth of CA Certificates in Client Certificate verification SSLVHostSNIPolicy strict|secure|authonly|insecure secure sESet compatibility policy for SNI client access to virtual hosts. StartServers numbersMNumber of child server processes created at startup StartThreads numbersMNumber of threads created on startup StrictHostCheck ON|OFF OFF svCControls whether the server requires the requested hostname be listed enumerated in the virtual host handling the request Substitute s/pattern/substitution/[infq]dhEPattern to filter the response content SubstituteInheritBefore on|off off dhEChange the merge order of inherited patterns SubstituteMaxLineLength bytes(b|B|k|K|m|M|g|G) 1m dhESet the maximum line size Suexec On|OffsBEnable or disable the suEXEC feature SuexecUserGroup User GroupsvEUser and group for CGI programs to run as ThreadLimit numbersMSets the upper limit on the configurable number of threads per child process ThreadsPerChild numbersMNumber of threads created by each child process ThreadStackSize sizesMThe size in bytes of the stack used by threads handling client connections TimeOut seconds 60 svCAmount of time the server will wait for certain events before failing a request TraceEnable [on|off|extended] on svCDetermines the behavior on TRACE requests TransferLog file|pipesvBSpecify location of a log file TypesConfig file-path conf/mime.types sBThe location of the mime.types file UNCList hostname [hostname...]sCControls what UNC host names can be accessed by the server UnDefine parameter-namesCUndefine the existence of a variable UndefMacro namesvdBUndefine a macro UnsetEnv env-variable [env-variable] ...svdhBRemoves variables from the environment Use name [value1 ... valueN] svdBUse a macro UseCanonicalName On|Off|DNS Off svdCConfigures how the server determines its own name and port UseCanonicalPhysicalPort On|Off Off svdCConfigures how the server determines its own port User unix-userid #-1 sBThe userid under which the server will answer requests UserDir directory-filename [directory-filename] ... svBLocation of the user-specific directories VHostCGIMode On|Off|Secure On vXDetermines whether the virtualhost can run subprocesses, and the privileges available to subprocesses. VHostCGIPrivs [+-]?privilege-name [[+-]?privilege-name] ...vXAssign arbitrary privileges to subprocesses created by a virtual host. VHostGroup unix-groupidvXSets the Group ID under which a virtual host runs. VHostPrivs [+-]?privilege-name [[+-]?privilege-name] ...vXAssign arbitrary privileges to a virtual host. VHostSecure On|Off On vXDetermines whether the server runs with enhanced security for the virtualhost. VHostUser unix-useridvXSets the User ID under which a virtual host runs. VirtualDocumentRoot interpolated-directory|none none svEDynamically configure the location of the document root for a given virtual host VirtualDocumentRootIP interpolated-directory|none none svEDynamically configure the location of the document root for a given virtual host <VirtualHost addr[:port] [addr[:port]] ...> ... </VirtualHost>sCContains directives that apply only to a specific hostname or IP address VirtualScriptAlias interpolated-directory|none none svEDynamically configure the location of the CGI directory for a given virtual host VirtualScriptAliasIP interpolated-directory|none none svEDynamically configure the location of the CGI directory for a given virtual host WatchdogInterval time-interval[s] 1 sBWatchdog interval in seconds XBitHack on|off|full off svdhBParse SSI directives in files with the execute bit set xml2EncAlias charset alias [alias ...]sBRecognise Aliases for encoding values xml2EncDefault namesvdhBSets a default encoding to assume when absolutely no information can be automatically detected xml2StartParse element [element ...]svdhBAdvise the parser to skip leading junk.