mathopd.conf(5) Configuration file for the Mathopd HTTP server

DESCRIPTION

/etc/mathopd.conf is the default configuration file for the mathopd(8) HTTP server.

A configuration file for mathopd consists of zero or more 'items', possibly mixed with comment text.

An item is a configuration keyword followed by zero or one arguments, as indicated by the syntax below.

I have taken the liberty of introducing some meta-concepts to make the syntax more readable.

When you read the phrase "X-block", please replace it with the following.


    X-block: "{" X-items "}"


    X-items:
      <nothing>
      X-item X-items

Keywords and arguments are separated by whitespace, that is, spaces, tab characters, carriage returns, or line feeds.

A string is anything enclosed in double quotes ("). The quotes can be omitted if the string is actually just a single word. To include the double quote character itself in a string, precede the quote with a backslash ('').

An integer is represented using the normal 'C' conventions: '0x' in front indicates a hexadecimal number, '0' in front indicates octal.

The '#' character, when not used inside a string, is considered the beginning of comment text. A comment lasts until the next line. Comments are ignored when the input file is parsed.         

OPTIONS

AcceptMulti

• Where: Tuning
• Type: Flag
• Default: On

By default, Mathopd will try to accept more connections after it has accepted one, until the accept call indicates a blocking condition. When there is hardly any traffic, this means that an extra system call is made each time a connection comes in. If you don't want that behaviour, use this keyword to turn it off.

Access

• Where: Control
• Type: Block
• Default: Inherits from previous Access blocks

The Access block can be used to allow or deny access to specific IP addresses. Mathopd has a default-allow policy, so if you have no Access blocks, access is allowed to anyone. If you do have Access blocks, make sure that you put the access entries in the correct order. Mathopd scans access blocks from the bottom up until a match is found. Example:


   Control {
     Access {
       Deny 0/0
       Allow 127.0.0.1/32
     }
   }

This will allow access to 127.0.0.1, while denying access to anyone else.

Address

• Where: Server
• Type: Address
• Default: 0 (any address)

If you want a server to listen on a specific address, rather than any address, use this keyword. Example:


  Server {
    Address 127.0.0.1
  }

Admin

• Where: Control
• Type: String
• Default: (none)

The value of this keyword, if set, is displayed in HTTP error messages.

Alias

• Where: Control
• Type: String

Control blocks that contain an Alias keyword are used in URI-to-path translation. A block with an Alias keyword must have one or more Location keywords as well. Generally speaking, Mathopd scans Control blocks until it can match the directory part of the Request-URI with the alias. Scanning starts in the Virtual server and continues upwards. Scanning stops as soon as a match is found.

Example:


  Control {
    Alias /
    Location /usr/share/doc/handbook
  }
  Control {
    Alias /boland
    Location /usr/home/boland/www
  }

The above is an example of two aliases. Note that the order of the aliases matters: if you switch the two around, unexpected things will happen (the more specific alias will be obscured by the '/' alias.)

Allow

• Where: Access
• Type: Network

AllowDotfiles

• Where: Control
• Type: Flag
• Default: Off

Normally, Mathopd will not serve any file if any part of its pathname contains '/.', for security reasons. If the AllowDotFiles flag is set, there restrictions are lifted a bit, although constructions like '/./', '/../', etc. are still disallowed.

AnyHost

• Where: Virtual

If a virtual server has this keyword, it will match on any Host: header that is sent by the client. Other virtual servers that have an explicit Host name are still checked, so the 'AnyHost' virtual server will only be used as a last resort. See also the discussion of wildcard expansion under the 'Location' keyword.

Apply

• Where: Clients
• Type: Network

AutoIndexCommand

• Where: Control

If a request for a directory is made, and none of the files specified by IndexNames is found in that directory, mathopd will, as a last resort, run a special CGI script to generate a directory listing. The AutoIndexCommand determines which script exactly. The script must be an absolute pathname.

Backlog

• Where: Server
• Type: Integer
• Default: 128

If all connections are in use, and there are no idle connections, Mathopd will make no attempt to accept new connections. The operating system may hold on to new connections though, in which case they will be picked up by Mathopd as soon as one connection becomes idle. The number of connections that can 'hang in the air' in this fashion is determined by the Backlog parameter. Normally one should never have to change this number.

BufSize

• Where: Tuning
• Type: Integer
• Default: 12288

The server uses two buffers to store incoming and outgoing data. The size of the outgoing buffer is determined by the value of the BufSize keyword. Larger buffers can lead to less system calls, but also increase the amount of memory used by the server process.

Note: if you run a version of Mathopd that uses sendfile(), the default bufsize is way too large, and you should decrease it.

BytesRead

• Where: LogFormat

The number of octets (bytes) read from the client during a single request.

BytesWritten

• Where: LogFormat

The number of octets (bytes) sent to the client during a single request. Note that this number may not be accurate in all cases. If a network error occurs after a successful send operation, the logged number of bytes sent will be too big.

ChildLog

• Where: Control
• Type: String

If a child process, such as a CGI script, writes a message to its standard error file descriptor (fd 2) it will end up in the file designated by the ChildLog keyword. If no ChildLog is specified, diagnostic messages will be thrown away.

Clients

• Where: Control
• Type: Block

This directive is similar to 'Access', except that it causes 'conditional alias matching', rather than blocking traffic with '403 Forbidden' errors. As such, it is only useful when used in combination with Control blocks that contain an Alias. To distinguish a 'Clients' access list from a 'normal' access list, the keywords to be used inside the list are 'Apply' and 'NoApply', rather than 'Allow' and 'Deny'.

All this is perhaps best illustrated by an example.


  Control {
    Alias /
    Location /usr/share/doc/handbook
  }
  Control {
    Alias /
    Location /usr/share/doc/internal/handbook
    Clients {
      Apply 192.168.57.0/24
    }
  }

In this example, visitors from within the 192.168.57.0/24 network will get their content served from /usr/share/doc/internal/handbook, whereas other clients will see /usr/share/doc/handbook. Note that the order of the control blocks matters. If you put the unconditional alias at the bottom, rather than at the top, it will be matched first by the server, thus occluding the conditional alias.

Clobber

• Where: Tuning
• Type: Flag
• Default: On

Normally, Mathopd closes connections that are idle when a new connection arrives and the maximum number of connections has been reached. This behaviour is called 'clobbering'. By setting the 'Clobber' flag to 'Off', new connections cannot be made until an existing connection terminates by itself or times out.

ContentLength

• Where: LogFormat

The total size of the resource requested by the client.

Control

• Where: Global, Server, Virtual
• Type: Block

The 'Control' keyword starts a so-called control block. As the name suggests, it controls the behaviour of the server. In fact the keyword itself does not do very much; the directives inside the control block do all the work.

Unless the block contains an Alias directive, settings that are specified inside a control block are inherited by all next blocks that are on an equal or lower level.

Control blocks can appear at three different levels. Control bocks that appear at the 'top' level in the configuration file are called global control blocks. Next, one can put control blocks inside Server blocks. The settings defined there are local to that specific server. And finally one can have control blocks inside Virtual blocks. These blocks are on the lowest level.

Usually a configuration file is made up of one very large global control block, followed by a bunch of Virtual servers that each contain a small control block, mostly containing just an Alias and a Location directive.

CoreDirectory

• Where: Global
• Type: String

Normally, for practical reasons, the server changes its current directory to the root directory "/". If this is undesirable for whatever reason, you can specify an alternate directory here. As a side effect, if mathopd dumps core for whatever reason, the core file will be in this directory. Actually if the server is started by root it will never dump core for security reasons, so this feature is a bit useless.

Ctime

• Where: LogFormat

The current time in 'C' format (e.g. Sun Mar 30 21:44:52 2003.)

Deny

• Where: Access
• Type: Network

EncryptedUserFile

• Where: Control
• Type: Flag
• Default: Off

Normally, the UserFile (see the descriptions of the Realm and Userfile keywords) contains passwords in clear-text format. If you want to use encrypted passwords (for example, using the 'htpasswd' program) you must set the value of EncryptedUserFile to 'On' in the control block that contains the UserFile in question.

Error401File

• Where: Control
• Type: String

The contents of this file will be displayed whenever a '401' (not authorized) error occurs. The file may be a CGI script or an external command. If CGI scripts are used, the script is responsible for sending the proper status code.

Error403File

• Where: Control
• Type: String

The contents of this file will be displayed whenever a '403' (forbidden) error occurs. For more information, see Error401File.

Error404File

• Where: Control
• Type: String

The contents of this file will be displayed whenever a '404' (not found) error occurs. For more information, see Error401File.

ErrorLog

• Where: Global
• Type: String

The server process will print diagnostics messages into this file. Mathopd will open the error log in write-only mode. If it does not have permission to do that, the program will exit. Note that if the value of ErrorLog contains a percent sign (%), the name of the error logfile will be expanded using a strftime-like contruction (see also: Log.)

ExactMatch

• Where: Control
• Type: Flag

The ExactMatch causes an Alias to be used only if it matches the request-URI exactly. This is rather a hack. It was originally designed to disallow users more than one html page per web site. The way this is done is as follows


  Control {
    IndexNames { index.html }
    Types {
      text/html { html htm }
    }
  }
  Server {
    Virtual {
      Host www.another.example
      Control {
        Alias /
        Location /var/www/www.another.example
        Specials {
          Dummy { html htm }
        }
      }
      Control {
        Alias /
        Location /var/www/www.another.example
        ExactMatch On
      }
    }
    # other virtual servers ...
  }

Now if someone requests http://www.another.example/, the alias will match exactly, so the control block at the bottom will be in effect. On the other hand, if a request is made for, say, http://www.another.example/foo.html, the alias will not match exactly, so the second control block from the bottom will be used. This control block overrides the type declaration for html and htm extensions, effectively hiding these files, even if they were to exist physically. Note that files with extensions other than html and htm are processed normally, so that you can for example still have things like images on your home page.

Export

• Where: Control
• Type: Block

Some operating systems require that some environment variables have certain values in order for child processes to work correctly. To export these variables to child processes, use the 'Export' keyword. If you want to export certain variables with preset values, use 'PutEnv' instead. Example:


  Control {
    Export { TZ LD_LIBRARY_PATH }
  }

External

• Where: Control
• Type: Block

The 'External' keywords defines a set of filename extensions that get special treatment. (See also: Types, Specials.) If mathopd processes a filename whose extension is match in an 'External' block, it will run an external program with the name of the file as its first argument. Before execution, mathopd will change its current directory to the directory that contains the file that is being served. Example:


  Control {
    External {
      /usr/bin/perl { .pl }
    }
  }

This will treat all files that end with '.pl' as CGI scripts, interpreted by /usr/bin/perl.

It is possible to pass additional arguments to interpreters. For example, if you want to run all perl scripts with the '-T' option, use the following construction:


  Control {
    External {
      "/usr/bin/perl -T" { .pl }
    }
  }

ExtraHeaders

• Where: Control
• Type: Block

Use this keyword to add extra HTTP headers. This is perhaps best demonstrated by an example.


  Control {
    ExtraHeaders { "Cache-Control: max-age=3600" }
  }

If this is done, all responses, well, to be precise, all responses with status code 200, will be accompanied by a


  Cache-Control: max-age=3600

HTTP header.

Host

• Where: Virtual
• Type: String

A virtual server has zero or more names. To name a virtual server, use the 'Host' keyword. More than one `Host' keyword is allowed for each virtual server.

IndexNames

• Where: Control
• Type: Block

Any request that ends with a slash ('/') is treated as an `index'. The terminology is a bit confusing, since no indexes are actually being made. What happens is that mathopd will map the request-URI to a directory. This directory is then scanned for a set of files called indexes. (For instance 'index.html'). As soon as a file is found, that file will be sent to the client. Example:


  Control {
    IndexNames { index.html Default.htm }
  }

Note that the value of 'IndexNames' is carried over into all subsequent control blocks. That is, if you define IndexNames once it is not possible to reset its value later on.

InputBufSize

• Where: Tuning
• Type: Integer
• Default: 2048

The input buffer contains the complete set of headers sent by the client. As such, it needs to be large enough to contain all those headers. Usually the default value of 2048 is sufficient and does not need to be changed.

LocalAddress

• Where: LogFormat

The local Internet address of the connection.

LocalPort

• Where: LogFormat

The port number of the server.

Location

• Where: Control
• Type: String

The Location keyword is used in combination with the Alias keyword. There are two types of locations: physical locations and 'redirects'. A physicial location is anything that starts with a slash ('/'), a redirect is anything else. When mathopd processes a request, the Alias that matches the Request-URI sent by the client is replaced with its corresponding location. For example, in the following situation


  Control {
    Alias /doc
    Location /usr/share/doc/handbook
  }

when a client requests a URI '/doc/x11.html', the server will send the contents of /usr/share/doc/handbook/x11.html. When the location is a redirect, the server will send a HTTP '302' status response, which should cause the client to redirect to the desired location. Example:


  Control {
    Alias /secure
    Location https://an.example
  }

In this example, when a client request a URI '/secure/test.html', the server will redirect the client to 'https://an.example/test.html'.

More than one Location keywords can be used with one alias. Mathopd will rotate the locations on a round-robin bases. Example:


  Control {
    Alias /download
    Location http://mirror1.an.example/download
    Location http://mirror2.an.example/download
    Location http://mirror3.an.example/download
  }

The first client that request something under /download will be redirected to mirrior1.an.example, the second client to mirror2, the third to mirror3, the fourth to mirror1, and so on.

Wildcard expansion: the wildcard character '*' in Location values is expanded to the current value of the 'host' header sent by the client (after conversion to lower case.) This makes it possible to define a very large number of virtual servers in one go. Example:


  Server {
    Virtual {
      AnyHost
      Control {
        Alias /
        Location /home/www/*
      }
    }
  }

With this setting, a request for, say, http://an.example/foo.html will result in the file /home/www/an.example/foo.html.

Log

• Where: Global
• Type: String

This keyword determines where the access log is stored. The server creates one and only one access log, regardless of the number of (virtual) servers. The log file must be writeable by the user the server runs as. If no log file exists, Mathopd will try to create one. In that case, the server must also have write access to the directory that will contain the log file. There are some hacks that make it easier to maintain logs for distinct time periods. Before Mathopd tries to open the log file, it will expand any '%' constructs in the log file name, similar to date(1) and strftime(3). For example, if


  Log /var/mathopd/log.%Y%m%d

is used, Mathopd will expand the %Y, %m and %d in the file name, to something like /var/mathopd/log.20020831 Mathopd automatically rotates the log file every hour. If during this process Mathopd cannot create a new log file for any reason, it will continue to append to the old log. The format of the access log is determined by whatever is specified in the LogFormat block (see below.)

LogFormat

• Where: Global
• Type: Block

This keyword determines the order in which items are written into the log file. Each line of the log file consists of some tab- separated fields. The contents of each field is determined by whatever is inside the LogFormat block. For example, if the following is specified


  LogFormat { CTime URI }

the first field in the log file corresponds to the date and time of the request, and the second field corresponds to the client's request-URI at that time.

The default field order for the log is as follows.


  Ctime
  RemoteUser
  RemoteAddress
  RemotePort
  ServerName
  Method
  Uri
  Status
  ContentLength
  Referer
  UserAgent
  BytesRead
  BytesWritten

In addition to the above, the following fields are available:-


  LocalAddress
  LocalPort
  Version
  QueryString
  TimeTaken
  MicroTime

LogGMT

• Where: Global
• Type: Flag
• Default: Off

Normally time stamps in log files are in local time. If LogGMT is set to 'On', time stamps are in GMT. Note that this setting also affects naming of log files when '%' constructions are used. (See the 'Log' keyword.)

Method

• Where: LogFormat

The client's request-method, usually GET.

MicroTime

• Where: LogFormat

The time, measured in seconds, with microsecond precision, since 00:00:00 UTC, January 1, 1970. (Or whatever is returned by the gettimeofday() system call.)

NoApply

• Where: Clients
• Type: Network

NoHost

• Where: Virtual

A Virtual server that has the "NoHost" keyword will be used when no Host header is sent by the client.

NumConnections

• Where: Tuning
• Type: Integer
• Default: 64

The NumConnections parameter determines how many simultaneous requests can be handled. The default is probably too low for high-traffic systems. Mathopd uses a fixed block of memory for each connection, so the higher you set this tunable, the more memory the server will use.

See also: Clobber.

Note: the amount of memory that is used by Mathopd for buffers can be approximated by the formula


  Memory =
    NumConnections * (BufSize + InputBufSize + 2 * ScriptBufSize)

NumHeaders

• Where: Tuning
• Type: Integer
• Default: 100

This keyword has a dual purpose.

Mathopd keeps track of the HTTP headers that are sent by a client to pass on to child processes. Since each of these headers must be stored somewhere, a fixed amount of memory is set aside for these. The number of HTTP headers that are actually stored is determined by the value of NumHeaders. If a client sends more headers these will still be processed by the server, but they will not be available as environment variables.

This keyword has an additional function: it determines the maximum number of headers that a CGI script can send. It is an error for a script to send more than this number of headers.

PIDFile

• Where: Global
• Type: String

The PIDFile keyword specifies a file in which the server will record its process ID, for tracking purposes.

PathArgs

• Where: Control
• Type: Flag

If you want to redirect a user to a different web site, regardless of the actual URL that is requested, you can do something like this


  Control {
    Alias /foo
    Location http://www.an.example/foo.html
    PathArgs On
  }

In the above example, a request for, say, /foo/index.html will be redirected to http://www.an.example/foo.html. In fact, *any* request that starts with /foo/ will be redirected to the same URL. If the PathArgs were omitted a request for /foo/index.html would be redirected to http://www.an.example/foo.html/index.html (which does not make much sense of course.)

The PathArgs keyword was originally created to solve a problem related to hit metering. If you have a website, but no control over its logfiles, you can create hidden images on your site that link to a statistics gathering site. This is a well-known process of course. If the statistics-gathering runs mathopd it can be set up something like this:-


  Control {
    Alias /
    Location /usr/local/www/tiny-image.png
    PathArgs On
  }

This way, every request will return the same response, namely, the contents of tiny-image.png. If the two websites cooperate, the request-URI that appears in the log file on the gathering website can then be used to collect hit-metering data for the original site.

PathInfo

• Where: Control
• Type: Flag
• Default: On

Normally mathopd allows requests for things like /script.cgi/args, where /args is passed as 'path info' to the script.cgi program. This works by mathopd chopping off all trailing path components until a file is found. This operation can be quite expensive and in most circumstances it is not needed. Worse yet, a request for, say, /a/b/c/d/e/f/g/h will result in eight system calls.

To turn the 'chopping' behaviour off, set the value of PathInfo to Off.

Note that PathInfo defaults to On for backwards compatibility.

Port

• Where: Server
• Type: Integer
• Default: 80

If you want Mathopd to run a server on a different port, rather than the default for http, which is port 80, use a Port declaration. Example:


  Server {
    Port 8080
  }

PutEnv

• Where: Control
• Type: Block

This is like Export, except that environment variables defined here must accompanied by a value. Example: (rather silly)


  Control {
    PutEnv {
      MATHOPD_INVOKED=1
    }
  }

There must be no space between the name of an environment variable, the equals sign, and its value. If the value contains space characters the entire name=value bit must be enclosed in double quotes.

QueryString

• Where: LogFormat

The query string (the part that follows the '?' in the request-URI) if present.

Realm

• Where: Control
• Type: String

If this keyword is present in a control block, resources in that block are protected using username-password combinations. The Realm keyword must be accompanied by a UserFile keyword. The value of the Realm keyword is transmitted to the client in '401' error responses. Its value may be displayed by a web browser in a login dialog.

Referer

• Where: LogFormat

The value of the 'Referer:' header sent by the client. Sometimes this refers to a URL that contains a link to the current request.

RemoteAddress

• Where: LogFormat

The Internet Address of the client.

RemotePort

• Where: LogFormat

The port number at the client's end of its connection to the server.

RemoteUser

• Where: LogFormat

The username sent by the client for a request that needs authorization and has successfully authenticated.

RootDirectory

• Where: Global
• Type: String

If this keyword is present, mathopd will perform a chroot() to the specified directory before startup. The chroot() is done right after the configuration file is read. Obviously the server must be started as root for this to work. Some additional files may be required in the new root, like a (stripped down) /etc/passwd and so on.

RunScriptsAsOwner

• Where: Control
• Type: Flag
• Default: Off

Normally, if the server is started as root and the StayRoot flag is set, child processes are run as a certain user (see the StayRoot and ScriptUser keywords.) It is possible to run CGI scripts as the user that owns them by setting the RunScriptsAsOwner flag. This is not recommended, since it is possible to trick mathopd using symbolic links.

SanitizePath

• Where: Control
• Type: Flag
• Default: Off

If this flag is set for a virtual server, Mathop will filter out all '//', '/./' and '/../' components of a URL. For example, a request for


  /foo/bar/../baz/./watnou//weer

would be treated as if it really had been for


  /foo/baz/watnou/weer

Note that the presense of this flag in a virtual directory has no effect. It only works at server level.

Also note that URLs of the form


  /some/dir/.
  /some/dir/..

that is, URLs that end with /. or /.. are illegal and return an error, irrespective of the SanitizePath setting.

ScriptBufSize

• Where: Tuning
• Type: Integer
• Default: 4096

The server uses two buffers for CGI scripts: one for data that is passed to a script, and another for data arriving from a script. It is recommended that ScriptBufSize be equal to or greater than InputBufSize. Also the ScriptBufSize should be at least sixteen bytes less than BufSize, to leave room in the output buffer for "chunk" delimiters.

ScriptTimeout

• Where: Tuning
• Type: Integer
• Default: 60

This timeout determines how long, measured in seconds, scripts can run without generating any output.

ScriptUser

• Where: Control
• Type: String

If a CGI or external program is executed, Mathopd will change its identity to make sure that such programs cannot do silly things like kill the web server process and so on. The recommended way to set the user for child processes is with the ScriptUser keyword. Its argument is a user name that will be looked up in the system password file right before execution of each program. The user specified by ScriptUser must be someone else than the 'global' user, i.e. the user specified by the User keyword. Note that in order to get CGI to work if mathopd is started by root, the StayRoot flag MUST be set to 'On'.

See also: StayRoot.

Server

• Where: Global
• Type: Block

The Server keyword sets up a physical server, that is, a TCP socket. Some TCP parameters may be tuned (see Address and Port.) Inside a server block one can then declare 'virtual' servers, which is where all action occurs.

ServerName

• Where: LogFormat

The value of the 'Host:' header sent by the client (more or less.)

Specials

• Where: Control
• Type: Block

Some file extensions can be treated specially if they are put into a 'Specials' block. There are four specialties:


  CGI
  Imagemap
  Redirect
  Dump

If a specialty is defined with a name that is not one of the above four, a file that matches that specialty is treated as if it did not exist. (See the 'Dummy' example in the description of the ExactMatch keyword.)

A very brief description of the four specialties follows.

For a description of CGI, see cgi.txt. An imagemap is a fairly ancient concept. It is generally not used anymore but it is kept around for historical reasons. A redirect file simply redirects the client to a URL that is contained in the file. A Dump displays some mildly interesting server statistics but is otherwise not very useful.

Example:


  Control {
    Specials {
      CGI { cgi }
      Imagemap { map }
    }
  }

Status

• Where: LogFormat

The three-digit HTTP status code for this request.

StayRoot

• Where: Global
• Type: Flag
• Default: Off

Mathopd, if it is started by root, will change its identity to that of a nonprivileged user (see the User keyword.) It is sometimes desirable to retain some root privileges, for example when external processes are started. One does not really want those child processes to be able to interfere with the server process itself, therefore these processes must be run under a different identity. In order to accomplish this, set the StayRoot flag.

Timeout

• Where: Tuning
• Type: Integer
• Default: 60

Connections that are idle for too long are aborted by Mathopd. Idle in this case meaning 'receiving or transmitting no data.' It is possible to increase or decrease the timeout by adding a Timeout keyword. The unit of the timeout value is seconds.

See also: ScriptTimeout and Wait.

TimeTaken

• Where: LogFormat

The time it has taken for the request to complete. Time is measured from the first meaningful byte received from the client, or the time the client connected.

Tuning

• Where: Global
• Type: Block

Some items that control general tuning of the server can be specified here.

Types

• Where: Control
• Type: Block

All served content must be accompanied by a 'Content-Type' header that indicates the kind of content. Historically, HTTP servers have used the extension of a filename to determine its content. For example a file whose name ends with 'html' is likely to contain HTML, a file with a name ending with 'png' is probably a PNG image, and so on. Mathopd follows this behaviour. File extensions are mapped to media types (values of 'Content-Type' that web browsers understand) using the 'Types' keyword. Example:


  Control {
    Types {
      text/html { html htm }
      text/plain { txt }
      image/jpeg { jpg }
      application/octet-stream { * }
    }
  }

As you can see, the media type is followed by a group of extensions that will be mapped to that type. The special extension '*' is used to indicate a default: if a filename has an extension that does not occur in any of the Types (or Specials or External), then the type for '*' (if it is defined) is used.

Note that for Mathopd, 'extension' really means just `last part'. For example, a file that is called 'flubrdhtml' is deemed to be a HTML file even though it does not really have an extension. This is a bit of a misfeature, but it does no real harm in practice.

Umask

• Where: Global
• Type: Integer
• Default: 022

Mathopd will create log files with certain permissions. These permissions are determined by what is called in Unix lingo the 'umask'. A umask of 022 (the default) will create files that are readable by everyone but writeable only by the user that runs the server process. More restricted umasks are 026 or even 066. (The 0 at the beginning is not optional!)

Note: the umask is inherited by child processes.

Uri

• Where: LogFormat

The URI requested by the client (minus query string, if present.)

User

• Where: Global
• Type: String

If Mathopd is started by root it must change its identity. This is done for security reasons: you do not want the web server to be able to read all files. The new identity is defined by the value of the User keyword. The user name is looked up in the password file (this is done before a possible chroot!) and Mathopd then changes its effective user id (and real user id as well, depending on whether StayRoot is off or on). In addition, Mathopd will perform a setgroups() call to clear its list of supplementary group ids.

Note: Mathopd will create log files, etc. with an owner that is equal to the value of the User keyword. The *group* owner of the log file may differ between operating systems. For example, on BSD, the group owner of a file is set to the group owner of the directory in which it is created. Other systems may have different semantics.

UserAgent

• Where: LogFormat

The value of the 'User-Agent:' header sent by the client. This may, or may not, contain a string that can identify a web browser.

UserDirectory

• Where: Control
• Type: Flag

To allow each user to put up his or her personal pages, use the UserDirectory kyeword. Example:


  Control {
    Alias /users
    Location public_html
    UserDirectory On
  }

In this example, a request for /users/boland/index.html will result in a password lookup for user 'boland'. Assume the home directory for this user is /home/boland. Then the file served will be /home/boland/public_html/index.html.

Note: the '~' character, when used as the last character in an alias is treated specially. For example:


  Control {
    Alias /~
    Location public_html
    UserDirectory On
  }

With this setting, /~boland/index.html will be mapped to /home/boland/public_html/index.html, like before. This is to allow some sort of compatibilty to the often used custom to use '~username' for user pages.

UserFile

• Where: Control
• Type: String

Control blocks that are 'protected' by a Realm keyword need a UserFile keyword as well. The user file contains all username / password combinations that are valid for that specific realm. The user file should contain lines that look like


  username:password

(with username and password replaced by a real username and password of course.) A user can be entered more than once with different passwords. The user file has no relation whatsoever to the system password file. Passwords can be encrypted, but Mathopd needs to be told that they are encrypted, using the EncryptedUserFile keyword.

Version

• Where: LogFormat

The HTTP version requested by the client.

Virtual

• Where: Server, Global
• Type: Block

The 'Virtual' keyword starts a virtual server block. Virtual blocks can be declared globally or inside a server block. Global virtual blocks are inherited by all servers that follow.

Wait

• Where: Tuning
• Type: Integer
• Default: 60

The value of 'Wait' represents the amount of time, in seconds, the server will wait for a request from the client.

AUTHOR

Mathopd was written and is copyright by Michiel Boland.

This manual page was produced from the authors text documentation by Juergen Daubert for the CRUX Linux system, but may be used by others.