##
## httpd.conf -- Apache HTTP server configuration file
##
# This is the main server configuration file. See URL http://www.apache.org/
# for instructions.
# Do NOT simply read the instructions in here without understanding
# what they do, if you are unsure consult the online docs. You have been
# warned.
# Originally by Rob McCool
# These two directives are used to combine the three config files into one.
# The three config files are a legacy setup and are not needed.
AccessConfig /dev/null
ResourceConfig /dev/null
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Please read the file README.DSO in the Apache 1.3 distribution for more
# details about the DSO mechanism and run `httpd -l' for the list of already
# built-in (statically linked and thus always available) modules in your httpd
# binary.
#
# Example:
# LoadModule foo_module libexec/mod_foo.so
LoadModule env_module libexec/mod_env.so
LoadModule config_log_module libexec/mod_log_config.so
LoadModule mime_magic_module libexec/mod_mime_magic.so
LoadModule mime_module libexec/mod_mime.so
LoadModule negotiation_module libexec/mod_negotiation.so
#LoadModule status_module libexec/mod_status.so
LoadModule includes_module libexec/mod_include.so
LoadModule autoindex_module libexec/mod_autoindex.so
LoadModule dir_module libexec/mod_dir.so
LoadModule cgi_module libexec/mod_cgi.so
LoadModule asis_module libexec/mod_asis.so
LoadModule imap_module libexec/mod_imap.so
LoadModule action_module libexec/mod_actions.so
#LoadModule speling_module libexec/mod_speling.so
LoadModule userdir_module libexec/mod_userdir.so
LoadModule alias_module libexec/mod_alias.so
LoadModule rewrite_module libexec/mod_rewrite.so
LoadModule access_module libexec/mod_access.so
LoadModule auth_module libexec/mod_auth.so
#LoadModule anon_auth_module libexec/mod_auth_anon.so
LoadModule dbm_auth_module libexec/mod_auth_dbm.so
#LoadModule cern_meta_module libexec/mod_cern_meta.so
#LoadModule expires_module libexec/mod_expires.so
#LoadModule headers_module libexec/mod_headers.so
#LoadModule usertrack_module libexec/mod_usertrack.so
LoadModule unique_id_module libexec/mod_unique_id.so
LoadModule setenvif_module libexec/mod_setenvif.so
LoadModule ibm_app_server_module /opt/WebSphere/AppServer/bin/mod_ibm_app_server.so
# Uncomment this line to load the SNMP module. Do not
# forget to uncomment the 'AddModule' line as well.
# Note: You must have installed the SNMP support for this to work
#LoadModule snmp_agt_module libexec/mod_snmp.so
# Uncomment this line to load the LDAP module. Do not
# forget to uncomment the 'AddModule' line as well.
# Note: You must have installed the LDAP support for this to work
#LoadModule ibm_ldap_module libexec/mod_ibm_ldap.so
# Uncomment this line to load the MT module. Do not
# forget to uncomment the 'AddModule' line as well.
# Note: You must have installed the MT support for this to work
#LoadModule ibm_mt_module libexec/mod_ibm_mt.so
# Uncomment ONE(1) of the following lines to load the IBM SSL module.
# Do not forget to uncomment the 'AddModule' line as well.
# Note: You must have installed the corresponding IBM SSL support for
# this to work
#LoadModule ibm_ssl_module libexec/mod_ibm_ssl_40.so
LoadModule ibm_ssl_module libexec/mod_ibm_ssl_56.so
#LoadModule ibm_ssl_module libexec/mod_ibm_ssl_128.so
# Reconstruction of the complete module list from all available modules
# (static and shared ones) to achieve correct module execution order.
# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]
ClearModuleList
AddModule mod_env.c
AddModule mod_log_config.c
AddModule mod_mime_magic.c
AddModule mod_mime.c
AddModule mod_negotiation.c
#AddModule mod_status.c
AddModule mod_include.c
AddModule mod_autoindex.c
AddModule mod_dir.c
AddModule mod_cgi.c
AddModule mod_asis.c
AddModule mod_imap.c
AddModule mod_actions.c
#AddModule mod_speling.c
AddModule mod_userdir.c
AddModule mod_alias.c
AddModule mod_rewrite.c
AddModule mod_access.c
AddModule mod_auth.c
#AddModule mod_auth_anon.c
AddModule mod_auth_dbm.c
#AddModule mod_cern_meta.c
#AddModule mod_expires.c
#AddModule mod_headers.c
#AddModule mod_usertrack.c
AddModule mod_unique_id.c
AddModule mod_so.c
AddModule mod_setenvif.c
AddModule mod_app_server.c
# Uncomment this line to load the SNMP module. Do not
# forget to uncomment the 'LoadModule' line as well.
# Note: You must have installed the SNMP support for this to work
#AddModule mod_snmp.c
# Uncomment this line to load the LDAP module. Do not
# forget to uncomment the 'LoadModule' line as well.
# Note: You must have installed the LDAP support for this to work
#AddModule mod_ibm_ldap.c
# Uncomment this line to load the MT module. Do not
# forget to uncomment the 'LoadModule' line as well.
# Note: You must have installed the MT support for this to work
#AddModule mod_ibm_mt.c
# Uncomment this line to load the IBM SSL module. Do not
# forget to uncomment the 'LoadModule' line as well.
# Note: You must have installed the IBM SSL support for this to work
AddModule mod_ibm_ssl.c
# ServerType is either inetd, or standalone.
ServerType standalone
# If you are running from inetd, go to "ServerAdmin".
# Port: The port the standalone listens to. For ports < 1023, you will
# need httpd to be run as root initially.
Port 80
# The following Listen directive is really only needed if you have
# another Listen directive enabled in the config file, but it
# does not cause harm to have it in anyway.
Listen 80
# HostnameLookups: Log the names of clients or just their IP numbers
# e.g. www.apache.org (on) or 204.62.129.132 (off)
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on.
HostnameLookups off
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
# On SCO (ODT 3) use User nouser and Group nogroup
# On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group #-1 on these systems!
User nobody
Group nobody
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.
ServerAdmin you@your.address
# ServerRoot: The directory the server's config, error, and log files
# are kept in.
# NOTE! If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.
ServerRoot /opt/IBMHTTPD
# BindAddress: You can support virtual hosts with this option. This option
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the VirtualHost directive.
#BindAddress *
# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.
ErrorLog /opt/IBMHTTPD/logs/error_log
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# The location of the access logfile (Common Logfile Format).
# If this does not start with /, ServerRoot is prepended to it.
CustomLog /opt/IBMHTTPD/logs/access_log common
# If you would like to have an agent and referer logfile uncomment the
# following directives.
#CustomLog /opt/IBMHTTPD/logs/referer_log referer
#CustomLog /opt/IBMHTTPD/logs/agent_log agent
# If you prefer a single logfile with access, agent and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog /opt/IBMHTTPD/logs/access_log combined
# PidFile: The file the server should log its pid to
PidFile /opt/IBMHTTPD/logs/httpd.pid
# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this. But if yours does (you'll know because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile /opt/IBMHTTPD/logs/httpd.scoreboard
# The LockFile directive sets the path to the lockfile used when Apache
# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or
# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at
# its default value. The main reason for changing it is if the logs
# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL
# DISK. The PID of the main server process is automatically appended to
# the filename.
#
#LockFile /opt/IBMHTTPD/logs/httpd.lock
# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.
ServerName e250.ibsentg.com
# UseCanonicalName: (new for 1.3) With this setting turned on, whenever
# Apache needs to construct a self-referencing URL (a url that refers back
# to the server the response is coming from) it will use ServerName and
# Port to form a "canonical" name. With this setting off, Apache will
# use the hostname:port that the client supplied, when possible. This
# also affects SERVER_NAME and SERVER_PORT in CGIs.
UseCanonicalName on
# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.
#CacheNegotiatedDocs
# Timeout: The number of seconds before receives and sends time out
Timeout 300
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request
KeepAliveTimeout 15
# Server-pool size regulation. Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).
# It does this by periodically checking how many servers are waiting
# for a request. If there are fewer than MinSpareServers, it creates
# a new spare. If there are more than MaxSpareServers, some of the
# spares die off. These values are probably OK for most sites ---
MinSpareServers 5
MaxSpareServers 10
# Number of servers to start --- should be a reasonable ballpark figure.
StartServers 5
# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...
MaxClients 150
# MaxRequestsPerChild: the number of requests each child process is
# allowed to process before the child dies.
# The child will exit so as to avoid problems after prolonged use when
# Apache (and maybe the libraries it uses) leak. On most systems, this
# isn't really needed, but a few (such as Solaris) do have notable leaks
# in the libraries.
MaxRequestsPerChild 10000
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the VirtualHost command
#Listen 3000
#Listen 12.34.56.78:80
Listen 64.241.229.101
# VirtualHost: Allows the daemon to respond to requests for more than one
# server address, if your server machine is configured to accept IP packets
# for multiple addresses. This can be accomplished with the ifconfig
# alias flag, or through kernel patches like VIF.
# Any httpd.conf or srm.conf directive may go into a VirtualHost command.
# See also the BindAddress entry.
#
#ServerAdmin webmaster@host.some_domain.com
#DocumentRoot /www/docs/host.some_domain.com
#ServerName host.some_domain.com
#ErrorLog logs/host.some_domain.com-error_log
#TransferLog logs/host.some_domain.com-access_log
#
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
# First, we configure the "default" to be a very restrictive set of
# permissions.
Options FollowSymLinks +Includes
AllowOverride None
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# This should be changed to whatever you set DocumentRoot to.
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
Options Indexes FollowSymLinks
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
AllowOverride None
# Controls who can get stuff from this server.
order allow,deny
allow from all
# /opt/IBMHTTPD/cgi-bin should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
AllowOverride None
Options None
# ScriptAlias: This controls which directories contain server scripts.
# Format: ScriptAlias fakename realname
ScriptAlias /cgi-bin/ /opt/IBMHTTPD/cgi-bin/
# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.
#
###### IBM WebSphere Commerce ###### (Do not edit this section)
LoadModule ibm_nc_module /opt/WebSphere/CommerceSuite/bin/libnc_cgi_apapi.so
SetHandler ibm_nc_cache_handler
SetHandler ibm_nc_cache_handler
SetHandler ibm_nc_cache_handler
SetHandler ibm_nc_auth_handler
SetHandler ibm_nc_auth_handler
deny from all
Alias /te_html "/opt/WebSphere/CommerceSuite/instance/DEV/teditor/te_html"
Alias /ca_html "/opt/WebSphere/CommerceSuite/instance/DEV/teditor/ca_html"
Alias /storemgr "/opt/WebSphere/CommerceSuite/html/en_US/ncadmin/storemgr"
Alias /stores "/opt/WebSphere/CommerceSuite/stores"
Alias /sitemgr "/opt/WebSphere/CommerceSuite/html/en_US/ncadmin/sitemgr"
Alias /ncacom "/opt/WebSphere/CommerceSuite/html/en_US/ncadmin/common"
Alias /ncagif "/opt/WebSphere/CommerceSuite/html/en_US/ncadmin/gif"
Alias /butnbars "/opt/WebSphere/CommerceSuite/html/en_US/ncadmin/butnbars"
Alias /ncadmin "/opt/WebSphere/CommerceSuite/html/en_US/ncadmin"
Alias /nchelp "/opt/WebSphere/CommerceSuite/html/en_US/nchelp"
Alias /ncerror "/opt/WebSphere/CommerceSuite/html/en_US/ncerror"
Alias /ncbooks "/opt/WebSphere/CommerceSuite/html/en_US/ncbooks"
Alias /base "/opt/WebSphere/CommerceSuite/html/en_US/base"
Alias /ncsample "/opt/WebSphere/CommerceSuite/html/en_US/base"
Alias /scgifs "/opt/WebSphere/CommerceSuite/storecreator/scgifs"
Alias /demomall "/opt/WebSphere/CommerceSuite/models/demomall/html/en_US"
Alias /demoauct "/opt/WebSphere/CommerceSuite/models/demoauct/html/en_US"
Alias /dm_jsp "/opt/WebSphere/CommerceSuite/models/demomall/jsp/en_US"
Alias /nextgeneration "/opt/WebSphere/CommerceSuite/models/demomall/html/en_US"
Alias /HotMedia "/opt/WebSphere/CommerceSuite/hm"
Alias /reports "/opt/WebSphere/CommerceSuite/CHS"
Alias /ca_icons "/opt/WebSphere/CommerceSuite/html/en_US/ca_icons"
Alias /ca_widgets "/opt/WebSphere/CommerceSuite/servlets/public"
Alias /danly "/opt/IBMHTTPD/htdocs/danly"
ScriptAlias /webapp/commerce/command "/opt/IBMHTTPD/cgi-bin/command"
ScriptAlias /cgi-bin/ "/opt/IBMHTTPD/cgi-bin/"
ScriptAlias /msprotect/ "/opt/IBMHTTPD/cgi-bin/"
AddType application/x-javascript .js #WebSphere Commerce java
###### End of IBM WebSphere Commerce ######
#SetHandler server-status
#order deny,allow
#deny from all
#allow from .your_domain.com
#
# There have been reports of people trying to abuse an old bug from pre-1.1
# days. This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging
# script on phf.apache.org. Or, you can record them yourself, using the script
# support/phf_abuse_log.cgi.
#
#deny from all
#ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#
# You may place any other directories or locations you wish to have
# access information for after this one.
# With this document, you define the name space that users see of your http
# server. This file also defines server settings which affect how requests are
# serviced, and how results should be formatted.
# See the tutorials at http://www.apache.org/ for
# more information.
# Originally by Rob McCool; Adapted for Apache
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot /opt/IBMHTTPD/htdocs/en_US
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is recieved.
UserDir public_html
# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index. Separate multiple entries with spaces.
DirectoryIndex index.html
# FancyIndexing is whether you want fancy directory indexing or standard
FancyIndexing on
# IndexIgnore is a set of filenames which directory indexing should ignore
# Format: IndexIgnore name1 name2...
IndexIgnore .??* *~ *# HEADER* README* RCS
# AccessFileName: The name of the file to look for in each directory
# for access control information.
AccessFileName .htaccess
# DefaultType is the default MIME type for documents which the server
# cannot find the type of from filename extensions.
DefaultType text/plain
# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress
# information on the fly. Note: Not all browsers support this.
AddEncoding x-compress Z
AddEncoding x-gzip gz
# AddLanguage allows you to specify the language of a document. You can
# then use content negotiation to give a browser a file in a language
# it can understand. Note that the suffix does not have to be the same
# as the language keyword --- those with documents in Polish (whose
# net-standard language code is pl) may wish to use "AddLanguage pl .po"
# to avoid the ambiguity with the common suffix for perl scripts.
AddLanguage en .en
AddLanguage fr .fr
AddLanguage de .de
AddLanguage da .da
AddLanguage el .el
AddLanguage it .it
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
# Just list the languages in decreasing order of preference.
LanguagePriority en fr de
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Format: Redirect fakename url
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example.
Alias /icons/ /opt/IBMHTTPD/icons/
# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.
# AddType allows you to tweak mime.types without actually editing it, or to
# make certain files to be certain types.
# Format: AddType type/subtype ext1
# For example, the PHP3 module (not part of the Apache distribution)
# will typically use:
#AddType application/x-httpd-php3 .phtml
#AddType application/x-httpd-php3-source .phps
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below)
# Format: AddHandler action-name ext1
# To use CGI scripts:
AddHandler cgi-script .cgi
# To use server-parsed HTML files
AddType text/html .shtml
AddHandler server-parsed .shtml .html
# Uncomment the following line to enable Apache's send-asis HTTP file
# feature
#AddHandler send-as-is asis
# If you wish to use server-parsed imagemap files, use
#AddHandler imap-file map
# To enable type maps, you might want to use
#AddHandler type-map var
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
# MetaDir: specifies the name of the directory in which Apache can find
# meta information files. These files contain additional HTTP headers
# to include when sending the document
#MetaDir .web
# MetaSuffix: specifies the file name suffix for the file containing the
# meta information.
#MetaSuffix .meta
# Customizable error response (Apache style)
# these come in three flavors
#
# 1) plain text
#ErrorDocument 500 "The server made a boo boo.
# n.b. the (") marks it as text, it does not get output
#
# 2) local redirects
#ErrorDocument 404 /missing.html
# to redirect to local url /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
# n.b. can redirect to a script or a document using server-side-includes.
#
# 3) external redirects
#ErrorDocument 402 http://some.other_server.com/subscription_info.html
#
# mod_mime_magic allows the server to use various hints from the file itself
# to determine its type.
#MimeMagicFile /opt/IBMHTTPD/etc/magic
# AddIcon tells the server which icon to show for different files or filename
# extensions
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
DefaultIcon /icons/unknown.gif
# AddDescription allows you to place a short description after a file in
# server-generated indexes.
# Format: AddDescription "description" filename
# ReadmeName is the name of the README file the server will look for by
# default. Format: ReadmeName name
#
# The server will first look for name.html, include it if found, and it will
# then look for name and include it as plaintext if found.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName README
HeaderName HEADER
# The following directives disable keepalives and HTTP header flushes.
# The first directive disables it for Netscape 2.x and browsers which
# spoof it. There are known problems with these.
# The second directive is for Microsoft Internet Explorer 4.0b2
# which has a broken HTTP/1.1 implementation and does not properly
# support keepalive when it is used on 301 or 302 (redirect) responses.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
# The following directive disables HTTP/1.1 responses to browsers which
# are in violation of the HTTP/1.0 spec by not being able to grok a
# basic 1.1 response.
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
################################################################
## Start SSL sample config
## Note: You must have installed the IBM SSL support for these
## options to work
################################################################
Listen 443
SSLEnable
## SSLServerCert directive
##
## Allows this particular host to pick which certificate in the
## Keyfile to use. If none is specified the first certificate
## in the keyfile will be used by default
##SSLServerCert whatever your certificate is called
## SSLClientAuth directive:
##
## Enable client authentication. If enabled, the server will
## request a certificate from each client that requests a protected
## document. Since this will cause increased network traffic, due
## to the additional handshake messages, this directive should only
## be enabled for servers that wish to validate clients.
##
## Default: 0
## Syntax: SSLClientAuth <0 | 1 | 2 | none | optional | required>
##
## 0/none no certificate is required
## 1/optional the client may present a valid certificate
## 2/required the client must present a valid certificate
SSLClientAuth 0
## SSLClientAuthGroup directive:
##
## Used in conjunction with Client Authentication and the directive
## SSLClientAuthRequire which is described below.
##
## Allows the user to specify a logic string of specific client
## certificate attributes and group them together as a single unit.
## Thus allowing a convenient shorthand for only allowing a certain set
## of client certificate attributes access multiple objects on the server.
## The syntax of the logic string allows for grouping of subexpressions
## using parenthesis with each subexpression consisting of
## ATTRIBUTE EQUALITY VALUE. Multiple subexpressions can be logically
## ANDed ('AND' or '&&'), ORed ('OR' or '||'), or NOTed ('NOT' or '!')
## to configure the desired client certificate attribute values needed
## for the client to access this object.
##
## Valid Attributes Include:
##
## Long Name Short Name
## --------- ----------
##
## IssuerStateOrProvince IST
## IssuerCommonName ICN
## IssuerOrgUnit IOU
## IssuerCountry IC
## IssuerLocality IL
## IssuerOrg IO
## IssuerEmail IE
## StateOrProvince ST
## CommonName CN
## OrgUnit OU
## Country C
## Locality L
## Org O
## Email E
## Group G
##
## Valid Equalities Include: '=' '!='
##
## Value is the desired value of that field in the client certificate.
##
## Default: none
## Syntax: SSLClientAuthGroup
##
## NOTE: Multiple instances of this directive is allowed. The
## is should not contain spaces.
##
##SSLClientAuthGroup usIBMers Org = IBM && C = USA
##SSLClientAuthGroup NCusIBMers Group = usIBMers && ST = "North Carolina"
## SSLClientAuthRequire directive:
##
## Used in conjunction with Client Authentication. If Client
## Authentication is turned off then this directive is ignored.
##
## Allows the user to specify a logic string of specific client
## certificate attributes and authenticate based on the certificate
## supplied by the client. The syntax of the logic string allows
## for grouping of subexpressions using parenthesis with each
## subexpression consisting of ATTRIBUTE EQUALITY VALUE. Multiple
## subexpressions can be logically ANDed ('AND' or '&&'), ORed ('OR' or
## '||'), or NOTed ('NOT' or '!') to configure the desired client
## certificate attribute values needed for the client to access this
## directory.
##
## Valid Attributes Include:
##
## Long Name Short Name
## --------- ----------
##
## IssuerStateOrProvince IST
## IssuerCommonName ICN
## IssuerOrgUnit IOU
## IssuerCountry IC
## IssuerLocality IL
## IssuerOrg IO
## IssuerEmail IE
## StateOrProvince ST
## CommonName CN
## OrgUnit OU
## Country C
## Locality L
## Org O
## Email E
##
## Valid Equalities Include: '=' '!='
##
## Value is the desired value of that field in the client certificate.
##
## Default: none
## Syntax: SSLClientAuthRequire
##
## NOTE: Multiple instances of this directive is allowed and the
## directive can appear either inside or outside of
## stanzas.
##
##SSLClientAuthRequire (CommonName = "John Doe" || Org = IBM) && ST != NC
##SSLClientAuthRequire group = usIBMers && ST != NC
## SSLCipherSpec directive
##
## Specify the methods of encryption that an SSL connection will
## support. Each encoded cipher specification is tested in the
## order specified for compatibility with the requester. If the
## requester supports a method specified here, an SSL connection
## can be established. If not, the connection is refused.
##
## Default: All available cipher specifications are enabled by
## default (see directives below)
##
## Syntax: SSLCipherSpec
##
## where is one of:
##
## SSL V2:
##
## shortname longname Meaning Note Strength
## ========= ======== ============= ==== ========
## 27 SSL_DES_192_EDE3_CBC_WITH_MD5 Triple-DES (168 bit) * (stronger)
## 21 SSL_RC4_128_WITH_MD5 RC4 (128 bit) *
## 23 SSL_RC2_CBC_128_CBC_WITH_MD5 RC2 (128 bit) * |
## 26 SSL_DES_64_CBC_WITH_MD5 DES (56 bit) V
## 22 SSL_RC4_128_EXPORT40_WITH_MD5 RC4 (40 bit)
## 24 SSL_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 RC2 (40 bit) (weaker)
##
## SSL V3:
##
## shortname longname Meaning Note Strength
## ========= ======== ============= ==== ========
## 3A SSL_RSA_WITH_3DES_EDE_CBC_SHA Triple-DES SHA (168 bit) * (stronger)
## 35 SSL_RSA_WITH_RC4_128_SHA RC4 SHA (128 bit) *
## 34 SSL_RSA_WITH_RC4_128_MD5 RC4 MD5 (128 bit) * |
## 39 SSL_RSA_WITH_DES_CBC_SHA DES SHA (56 bit) V
## 33 SSL_RSA_EXPORT_WITH_RC4_40_MD5 RC4 MD5 (40 bit)
## 36 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 RC2 MD5 (40 bit) (weaker)
## 32 SSL_RSA_WITH_NULL_SHA
## 31 SSL_RSA_WITH_NULL_MD5
## 30 SSL_NULL_WITH_NULL_NULL
##
##
## * Note: Not supported in versions available
## outside North America.
##
## Examples:
## SSLCipherSpec 24
## SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA
DocumentRoot /opt/IBMHTTPD/htdocs/en_US
##ServerName www.x.com
ErrorLog logs/www_x_com-error_log
##
##AuthName Protected-Realm
##AuthType Basic
##AuthUserFile /opt/IBMHTTPD/passwd
## SSLVersion directive
##
## Specify the type of SSL connection needed to access this host
## If this version is not negotiated the client will be FORBIDDEN
## to access the objects in this directory.
## Only valid inside a directory stanza.
##
## Default: SSLVersion ALL
##
## Syntax: SSLVersion SSLV2|SSLV3|ALL
##SSLVersion ALL
## SSLCipherBan directive
##
## Specify the cipher specifications that are not allowed in order
## to access the objects in this directory.
##
## Default: none
##
## Syntax: SSLCipherBan
##
## where shortname or longname comes from the table
## for valid SSLCipherSpecs
##
##SSLCipherBan 3A
##SSLCipherBan SSL_RSA_WITH_3DES_EDE_CBC_SHA
## SSLCipherRequire directive
##
## Specify the cipher specifications that are required
## to access the objects in this directory.
##
## Default: none
##
## Syntax: SSLCipherRequire
##
## where shortname or longname comes from the table
## for valid SSLCipherSpecs
##
##SSLCipherRequire 3A
##SSLCipherRequire SSL_RSA_WITH_3DES_EDE_CBC_SHA
## SSLFakeBasicAuth directive
##
## Allows the server to authenticate based on a given client certificate
## providing a user name with the given information is specified in
## the AuthUserFile with password as the password.
##
##SSLFakeBasicAuth
##
##allow from all
##require valid-user
##
##
###### IBM WebSphere Commerce ###### (Do not edit this section)
###### End of IBM WebSphere Commerce ######
SSLDisable
## keyfile directive:
##
## Specify the names of key files that are available.
##
## Default:
## Syntax: keyfile
## This directive is not allowed inside of a virtual host stanza
Keyfile /opt/IBMHTTPD/keys/keyfile.kdb
## SSLV2Timeout and SSlV3Timeout:
##
## Specify the timeout value for an SSL session. Once the timeout
## expires, the client is forced to perform another SSL handshake.
##
## Default: SSLV2Timeout 100
## SSLV3Timeout 1000
## Syntax: SSLV2Timeout