Quick Nav
See Also
Server Directives
Action
Description | Specify the CGI program to run to handle the document |
Synopsis | Action mimeType programPath |
Context | Default server, Virtual host |
Example | Action application/x-appweb-python /usr/bin/python |
Notes |
The Action directive associates the specified program path with a document mime type. The Action directive may be used to ensure a specific program is used to run CGI scripts. The CGI handler may match URLs by extension or by prefix path, depending on how the appweb configuration file setup. When a match by extension occurs, the cgiHandler will first see if an Action directive has been specified for the corresponding mime type for the URLs extension. If one is defined, the specified program is run with the CGI script passed as the first argument. If no action directive is found, the script is examined to see if it contains a "#!/programPath" in the first line of the script. If it does, the specified program is run with the CGI script passed as the first argument. If the script is a binary executable or if the first line does not contain such a programPath, the CGI script will be directly executed. The default extensions in the appweb configuration file are: cgi, cgi-nph, bat, cmd, pl, py, and php. For Linux, the default settings also include an Action directive for the php extension. The other default extensions do not have Action directives. The mime type may be added via the AddType directive or you may edit the mime.types file to add the mime type. Mime type entries associate a mime type with a given URL extension. For example, the following mime entry specifies that any URL with a ".php" extension should will have the application/x-appweb-php mime type: application/x-appweb-php php |
AddType
Description | Add a MIME type specification |
Synopsis | AddType mimeType extension |
Context | Default server, Virtual host |
Example | application/x-appweb-perl pl |
Notes |
The AddType directive will associate the specified MIME type with the nominated extension. MIME types are used by Appweb when processing CGI scripts. When processing client requests, Appweb will map a URLs extension to a mime type. If an Action directive has been specified for this mime type, the associate program will be run using the CGI protocol to process the URL. |
Chroot
Description | Directory containing a "chroot jail" in which for Appweb to execute. Once this directive is parsed, all files outside the jail will be inaccessible. |
Synopsis | Chroot directoryPath |
Context | Entire Application |
Example | Chroot /etc/appweb/jail |
Notes |
See Wikipedia Chroot for more information. |
Security | A chroot jail enhances security by limiting system access should Appweb ever be compromised. When coupled with lowering the privilege for the UserAccount and GroupAccount potential security exposures can be minimized. |
GroupAccount
Description | Account group that Appweb will run as. |
Synopsis | GroupAccount group |
Context | Default server |
Example | GroupAccount nobody GroupAccount APPWEB |
Notes |
The GroupAccount directive specifies the account group in which Appweb will be a member when running. It is important that you run Appweb with the lowest system privilege that will get the job done. If any application is compromised, including Appweb, then the system will be safest if the compromised application has as few privileges as possible. When Appweb starts it initially runs as root or administrator and then changes account if a group account is defined in the Appweb configuration file by the GroupAccount directive. If logged in as root or administrator, the pseudo name of APPWEB will change group to _www on Mac, nogroup/nobody on Unix and Administrator on Windows. |
Security | It is extremely dangerous to run Appweb as Group "root" or "administrators". |
Home
Description | Directory containing the core Appweb installation files |
Synopsis | Home directoryPath |
Context | Default server |
Example | Home /etc/appweb |
Notes |
The Home is by default /etc/appweb on Linux and "C:\appweb" on Windows. It is important that the server root directory be protected against modification by other users. It should be owned by either root or administrator and should only be writable by these users. |
Listen
Description | IP address and port on which to listing for incoming requests. |
Synopsis | Listen [IP address:]portNumber |
Context | Default server, Virtual Host |
Examples | Listen 80 Listen 205.162.77.64:7777 Listen [::] |
Notes |
The Listen directive specifies the IP endpoints on which Appweb will listen for incoming HTTP requests. If you specify only the port number and omit the IP address, Appweb will listen on all network interfaces including the loop-back adaptor. It will listen on both IPv4 and IPv6 if only a portNumber is specified. To listen on IPv6 endpoints, enclose the IP address in square brackets. For example: Listen [2001:05c0:9168:0000:0000:0000:0000:0001] To listen on IPv4 endpoints, supply an IPv4 IP address. You may use 0.0.0.0 to listen on all IPv4 interfaces. To listen for SSL requests, use the ListenSecure directive. |
Protocol
Description | HTTP protocol version to use |
Synopsis | Protocol [HTTP/1.0 | HTTP/1.1] |
Context | Default server |
Example | Protocol HTTP/1.0 |
Notes |
The Protocol directive specifies the HTTP protocol version to respond with. If the Protocol directive specifies HTTP/1.0, a browser may issue requests using either HTTP/1.0 or HTTP/1.1. However, the response will always be downgraded to use HTTP/1.0 without Keep-Alive support. If the Protocol directive specifies HTTP/1.1 and a browser makes a request using HTTP/1.0 it will not be processed and the client will receive an error. NOTE: this directive is proprietary to Appweb and is not an Apache directive. |
ServerName
Description | Define the fully qualified hostname and port number for the server to use. |
Synopsis | ServerName hostName |
Context | Default server, Virtual Host |
Example | ServerName www.acme.com |
Notes |
The ServerName directive specifies the base HTTP address that will be used for identification and for redirection responses. The given hostName should be a fully qualified domain name with port number if using a port other than port 80. When used inside Name based VirtualHost blocks, this directive specifies the Host HTTP header that should be supplied with the request. |
TypesConfig
Description | Specify the location of the Mime types file |
Synopsis | TypesConfig directoryPath |
Context | Default server |
Example | TypesConfig /etc/appweb/mime.types |
Notes |
The TypeConfig directive specifies the location of the MIME types files. This file contains the mappings from file extensions to content types and is used by Appweb to determine the document content type which is included in the HTTP response back to the browser. The MIME types file included with Appweb follows the standard specified by IANA. The directory path may be an absolute path or it may be relative to the Home directory. The MIME types file has lines of the format: ApplicationType [extensions]... Feel free to modify the default mime types file, but be careful to save it as it will be overwritten should you upgrade Appweb. |
UserAccount
Description | The user account that Appweb will run as. |
---|---|
Synopsis | UserAccount name |
Context | Default server |
Example | UserAccount nobody UserAccount APPWEB |
Notes |
The UserAccount directive instructs Appweb to change accounts to run as the specified accountName. The UserAccount directive can only be used if Appweb is started using a privileged account such as root. Normally Appweb is started using the account root or administrator and thereafter it changes to run with less privilege using the specified accountName. The account name chosen for the UserAccount directive should have minimal privilege and should not be able to read or modify any files outside the DocumentRoot or specified Alias directories. If logged in as root or administrator, the pseudo name of APPWEB will change user to _www on Mac OSX, nobody on Unix and Administrator on Windows. |
Security | Do not run as root or administrator. Omitting the User directive can have the same effect as using a "User root" directive. |