NANOWEB, the aEGiS PHP web server

Nanoweb Configuration Directives

The nanoweb configuration files reside in /etc/nanoweb/ and the following configuration directives can currently be used in the main server configuration file /etc/nanoweb/nanoweb.conf but often also in per-directory configuration files (.nwaccess):

AccessFile
AccessBlock
AccessMerge
AccessOverride
AccessPolicy
Access_RBL
ACPolicy
ACAllowIP
ACAllowHost
ACBlockError
ACBlockMessage
ACDenyIP
ACDenyHost
AddHeader
AddServerVar
AddType
Alias
AllowSymlinkTo
AllowPathInfo
AnydbLoadInterface
AuthAnydb
AuthAnonymousNames
AuthAnonymousSmtpCheck
AuthHtpasswdFilename
AuthLocation
AuthNwauthFilename
AuthMysql* directives
AuthPgsql* directives
AuthSimpleUserPass
AuthRealm
AuthRequire
Bandwidth
BSPAllowSource
CGIFilterPathInfo
CGIScriptsDir
CGIScriptNoExec
CGIPHPOption
ChildLifeTime
ChildLifeTime
ConfigDir
DefaultContentType
DefaultHandler
DirectoryIndex
DisableMimeMagic
DocumentRoot
DosEvasiveError
DosEvasiveMaxReqs
DosEvasiveTimer
ErrorDocument
ErrorHeader
FallBackPriority
FBDescFile
FBIconByType
FBIconDefault
FBIconDirectory
FBShowDotFiles
FBSortOrder
FBWelcomeFile
FCGIFilterPathInfo
FCGINoHeader
FileBrowser
FilterEnable
Filter
ForceHandler
Group
GzipEnable
GzipLevel
GzipMaxRatio
HostnameLookups
HostnameLookupsBy
IgnoreDotFiles
Include
KeepAlive
LanguagePriority
ListenInterface
ListenPort
ListenQueue
LoadLimit
LoadLimitAction
LoadLimitError
LoadLimitErrorMessage
LoadLimitRedirect
LoadModule
LoadTheme
Log
LogDir
LoggerProcess
LoggerUser
LoggerGroup
LogHitsToConsole
LogHitsToServerLog
LogType
MaxRequestBodyLength
MaxRequestURILength
MaxServers
MetaFetch
MethodHandler
MispellAction
MimeTypes
ModulesDir
MultiViews
MySQLLogHost
MySQLLogDatabase
MySQLLogUser
MySQLLogPassword
OtherPriority
ParseExt
PathInfoTryExt
PidFile
ProxyAccessLog
ProxyAllowIP
ProxyCacheDir
ProxyCacheMaxAge
ProxyDenySite
ProxyDenyPopup
ProxyDenyPub
RefererAllow
RefererCheck
ReflectRewriting
RewriteRule
RewriteCond
RequestTimeout
ServerAdmin
ServerAlias
ServerFakeSignature
ServerLog
ServerMode
ServerName
ServerSignature
ServerTheme
SingleProcessMode
StatusAllowHost
StaticBufferSize
StaticDisablePartial
TempDir
User
UserDir
WormsRun
WormsWpopText
WriteAccess

Starting from nanoweb 1.8.1 you may write all directives in apache style without the equal sign in between a directives` name and its value.

AccessFile directive

Syntax: AccessFile = .nwaccess
Context: Server Config, Virtual Hosts
Module: Core

Specifies the filename of the per-directory config files to be read. This is .nwaccess per default, but you may want to set it to .htaccess so nanoweb takes the files you previously used with apache.

AccessBlock directive

Syntax: AccessBlock = this_directive
Context: Server Config, Virtual Hosts
Module: Core

Use this directive to disallow overriding of configuration settings made in the main configuration files for just the given directive, regardless of what the default behaviour given in AccessPolicy is.

AccessMerge directive

Syntax: AccessMerge = directive-name
Context: Server Config, Virtual Hosts
Module: Core

Use this directive to allow settings from the main configuration file to get merged with the ones found in .nwaccess files for the directive named here, regardless of the default behaviour given by AccessPolicy.

AccessOverride directive

Syntax: AccessOverride = name_of_a_directive
Context: Server Config, Virtual Hosts
Module: Core

This enables overriding of settings made in the main configuration files with the ones found in .nwaccess files for the directive name given here, regardless of the default behaviour given with AccessPolicy.

AccessPolicy directive

Syntax: AccessPolicy = block | override | merge
Context: Server Config, Virtual Hosts
Module: Core

Defines the default access files policy regarding overriding of configuration values from higher level configuration files (for example .nwaccess file in another directory). You can override the default behaviour defined here for some directives using AccessMerge, AccessBlock or AccessOverride.
block means that, configuration values cannot be overriden by settings in a .nwaccess file. Setting override here allows that per default. merge defines that settings from the main configuration files are merged with the ones found in .nwaccess files.

Access_RBL directive

Syntax: Access_RBL = dns | web
Context: Server Config
Module: mod_access_rbl

Gives the prefered RBL query method. The default "dns" is much faster than the http access method "web".
See also mail-abuse.org/rbl for further informations on the RBL system.
Note: The maps service is free for personal usage only; but you can easily edit this nanoweb modules` code to use another one if desired.

ACPolicy directive

Syntax: ACPolicy = allow | deny
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core, mod_ac

This directive sets the default access control policy. For public webservers you may wish to leave this value to allow, for intranet systems however deny is recommended.
The default behaviour can be tweaked for individual hosts using ACAllowIP, ACAllowHost, ACDenyIP and ACDenyHost.

ACAllowIP directive

ACAllowHost directive

Syntax: ACAllowIP = 192.168.*
ACAllowHost = *.example.net
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core, mod_ac

These directives effectively allow the specified hosts to access files from your webserver. You may give complete IP addresses and host names for a single host here as well.

ACBlockError directive

Syntax: ACBlockError = 403
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core, mod_ac

Defines the response code for hosts which you denied access to the server.

ACBlockMessage directive

Syntax: ACBlockMessage = You won't get access! Go away!
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core, mod_ac

You can also set an individual greeting for hosts that have no permission to access the server.

ACDenyIP directive

ACDenyHost directive

Syntax: ACDenyIP = 54.7.*
ACAllowHost = *.microsoft.com
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core, mod_ac

Using this directives you can deny the specified hosts access to files from your webserver, even if the default access control policy was set to 'allow'.

AddHeader directive

Syntax: AddHeader = X-HTTP-Header: value
Context: Server Config, Virtual Hosts
Module: Core

You can append additional headers to the HTTP responses nanoweb sends back to the client (browser). This is a very powerful feature if you know the headers recognized by special http clients (or you've written one of your own).
A good example is the "P3P:" http header, which states the privacy policy of your site. A funny example mentioned in the distributed main server config file is "X-Powered-by: beer", you can do this because current browsers ignore all unknown headers.

AddServerVar directive

Syntax: AddServerVar = CGIENVVAR value
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core

Using the AddServerVar directive you can pass arbitrary environmental variables to any executed CGI program. You may also overwrite one of the default server vars with any static value you would like to (so you can fault any CGI, for example let it assume a different webserver or tell it a false request uri).
Don't use an equal sign between the variable name (uppercase letters are recommended) and its new value! You may use this directive in .nwaccess files, too, of course.

AddType directive

Syntax: AddType = .ext mime/type
Context: Server Config
Module: Core

This directive allows you to add a mime type for an extension on the fly without modifying your systems` mime.types file, it can however be used in the main server configuration file only.

Alias directive

Syntax: Alias = /virtual/ /real/path/
Context: Server Config, Virtual Hosts
Module: Core

Declares an alias directory name to an existing path of the real filesystem. This directive can be used to get access to a directory from within any virtual host, as in the rewriting process the docroot gets changed.
This directive is used by mod_fb for example, to always keep the /icons/ directory reachable.

AllowExtSymlinks (obsolete)

Syntax: AllowExtSymlinks = 1
Replaced-By:

The newer AllowSymlinkTo directive allows now much finer grained configuration of which symlinks are allowes within the docroot.

AllowSymlinkTo directive

Syntax: AllowSymlinkTo = /usr/lib/nanoweb
Context: Server Config, Virtual Hosts
Module: Core

Nanoweb will generelly reject symlinks to outside of the DocumentRoot for security reasons. Using this directive you can give destination paths where symlinks are however allowed to (the directive can be given multiple times).
If you just set it to the root directory / symlinks will always be allowed.

AllowPathInfo directive

Syntax: AllowPathInfo = 1
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core

Any CGI may be called with a »pathinfo« appended to its filename (think of http://www.example.com/cgi-bin/program.php/arg1/arg2), which is treaten by many CGI interpreters as additional data input beside the »query string«.

AnydbLoadInterface directive

Syntax: AnydbLoadInterface = .../adodb/adodb.inc.php
Context: Server Config
Module: mod_auth_anydb

You must specify this directive before the LoadModule directive for mod_auth_anydb, if you want to use the ADOdb or the PEAR::DB database abstraction layer.

AuthAnydb directive

Syntax: AuthAnydb = dbtype://user:password@server/dbname/table
AuthAnydbLoginColumn = login_field_name
AuthAnydbPasswordColumn = password_field_name
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_auth_anydb

With the ANYDB authentication method you can allow access to a restricted area using the auth data (login/user names and passwords) from any PEAR::DB, dbx or ADOdb supported database.
The syntax for this directive is often called "dsn" (data source name), but additonally contains the name of the database table with the login names and passwords. The dbtype part tells which RDBMS you use, but the value depends highly on the database abstraction layer you choose (PEAR, ADO, dbx).

AuthAnonymousNames directive

Syntax: AuthAnonymousNames = anonymous anonym guest nobody
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_auth_anonymous

The ANONYMOUS authentication method allows to login suppling a email address as password for either "anonymous" or any other symbolic user name specified with this directive. You can give additonal names in one line or within multiple directive lines.

AuthAnonymousSmtpCheck directive

Syntax: AuthAnonymousSmtpCheck = 0
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_auth_anonymous

The email address given as password for ANONYMOUS http authentication logins can be verified, and if the quick SMTP check fails, the mail address is rejected and cannot be used to access the restricted area.

AuthFile (obsolete)

Syntax: AuthFile = .nwauth

This directive was used until 1.9.0, and is called AuthNwauthFilename now and used by mod_auth_nwauth.

AuthHtpasswdFilename directive

Syntax: AuthHtpasswdFilename = /path/to/.htpasswd
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_auth_htpasswd

With the HTPASSWD authentication method you can reuse the password files from the apache webserver, these are often called .htpasswd

AuthLocation directive

Syntax: AuthLocation = /path/to/protect
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core

Using the AuthLocation in the global, virtualhost, or access file will restrict the need for authentication to the specified locations.

AuthNwauthFilename directive

Syntax: AuthNwauthFilename = /path/to/.nwauth
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_auth_nwauth

You can give just ".nwauth" to this directive to activate the authentication with "AuthRequire=NWAUTH" from a directories .nwaccess

AuthMysql* directives

Syntax:
AuthMysqlHost = localhost
AuthMysqlUser = db_user
AuthMysqlPass = db_pass
AuthMysqlDB = db_name
AuthMysqlTable = table_name
AuthMysqlLoginColumn = login_field_name
AuthMysqlPassColumn = password_field_name
AuthMysqlPassType = plain | crypt | md5 | mysql
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_auth_mysql

These directives specify the mysql database + server, the database table and the columns which hold the user names and passwords to check for when using the MYSQL authentication method. The PassType setting tells if the password is saved unencoded in the table (plain) or using one of the system password hash algortithms (crypt, md5) or the according MySQL function (mysql).

AuthPgsql* directives

Syntax:
AuthPgsqlHost = localhost
AuthPgsqlUser = db_user
AuthPgsqlPass = db_pass
AuthPgsqlDB = db_name
AuthPgsqlTable = table_name
AuthPgsqlLoginColumn = login_field_name
AuthPgsqlPassColumn = password_field_name
AuthPgsqlPassType = plain | md5
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_auth_pgsql

Use these directives to give the name of the database of the PostgreSQL server with the column names which hold the user names and passwords to check for when using the PGSQL authentication method shall be used (see AuthRequire). The PassType setting tells if the password is saved as plain text in the table or was encoded using md5()

AuthSimpleUserPass directive

Syntax: AuthSimpleUserPass = login password
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_auth_simple

The SIMPLE authentication method allows you to specify the login and password pairs directly in the config file (.nwaccess most often, but may be also in one of the vhost sections to restrict access to the whole server).
You need to give one directive with space seperated login name and password for each user, most often in the same config file where you activated the authentication (with AuthRequire).

AuthRealm directive

Syntax: AuthRealm = realm name
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core, Authentication

This directive is to be used to give the different authentication areas (most often single directories or directory trees) a name, to help users to remember the correct login and password to be granted access.
Most often this is shown as info text in common browsers, so you may want to give a notice or a greeting message here.

AuthRequire directive

Syntax: AuthRequire = METHOD
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core, Authentication

The different modules give you different choices on where to keep the authentication passwords and login names, so you need to specify which auth module to use for the current directory (or server if you want to restrict one of your vhosts at whole).
Currently there a 6 different auth modules (have a look into the modules section), and thus you can specify SIMPLE, HTPASSWD, NWAUTH or the MYSQL, PGSQL, LDAP authentication method/module here.

The AuthRequire is the directive out of the bunch of authentication directives that really triggers if the access to a directory is restricted, so you may specify all your passwords (say with AuthSimpleUserPass directives) in the main server configuration file but activate it occassionally in the .nwaccess files of some directories only.
You can enable more than one authentication method by using this directive two or more times in one of your .nwaccess files. This leads to a logical OR, which means that the users login name and password needs to be verified by one of the authentication modules only to grant him or her access.

Bandwidth directive

Syntax: Bandwidth = 100K/s
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_throttle

Limits the average download throughput to the given fixed amount for the server area it was specified ([global], [vhost] or a single directory via .htaccess).
As the module only estimates the transfer size for every second, so the "/s" is optional (because the time slices cannot be influenced). You can however give the speed amount in bytes or in kilobytes (with an appended "K").

BSPAllowSource directive

Syntax: BSPAllowSource = 1
Context: Server Config
Module: mod_bsp

Allows to view the source of .bsp scripts when ?source is appended to the requested url.

CGIFilterPathInfo directive

Syntax: CGIFilterPathInfo = 1
Context: Server Config
Module: mod_cgi

If you plan to use the CGI version of PHP you may want to leave this directive enabled, as there still is a unfixed bug in PHP-CGI that forbids passing the $PATH_INFO server var to the scripts as this would trash the $PHP_SELF var. If you don't use the latter one in your scripts you otherwise should probably disable this option, and use the more reliable $SCRIPT_NAME in favour of $PHP_SELF.

CGIScriptsDir directive

Syntax: CGIScriptsDir = /var/lib/cgi-bin
Context: Server Config
Module: mod_cgi

This directive tells nanoweb, that the specified directory contains CGI scripts only. It is very common to have at least one such directory, which is often called /cgi-bin/ (and accessible with this name by using the Alias directive).
If you do not want to have just one seperate directory for all your CGIs, you may set this directive to / to allow files located anywhere on your server to be treated as CGIs if they have the executable flag set.

CGIScriptNoExec directive

Syntax: CGIScriptNoExec = error | raw
Context: Server Config
Module: mod_cgi

If a file in a CGIScriptsDir is accessed which is not marked executable, this directive tells nanoweb how to treat this. The value »error« leads to an error response message if a script without exec-bit is found, »raw« will deliver the according file as is (this is discouraged because of security reasons).

CGIPHPOption directive

Syntax: CGIPHPOption = phpini_setting="value"
Context: Server Config
Module: mod_cgi

You may override php.ini directives on a per directory basis with this directive. Don't put any spaces in between the equal sign and the option name and its value. If the value contains spaces you have to enclose it in quotation marks. For settings that expect on/off in php.ini please use 0 and 1 only.
This directive corresponds to apaches php_flag, php_option, ... directives.

ChildLifeTime directive

Syntax: ChildLifeTime = 21600
Context: Server Config
Module: Core

The absolute maximum time (in seconds) a child process is allowed to live.

ChildLifeTime directive

Syntax: ContentMD5 = 1
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_digest

Enabling this will add the HTTP header Content-MD5: for static responses, which contains the md5() hash summary of the served file to allow the client to verify correct transmission.
This requires the mod_digest extension module.

ConfigDir directive

Syntax: ConfigDir = /etc/nanoweb
Context: Server Config
Module: Core

Sets the default directory to contain all Nanoweb configuration files. This allows you to leave it out for Include and LoadTheme directives.

DefaultContentType directive

Syntax: DefaultContentType = text/plain
Context: Server Config
Module: Core

When the server cannot determine a MIME-type by examining the extensions of the requested file, it will tell the client the file is of the type set with this directive. The default of text/plain may not always suit your requirements, so setting this value to text/html can do a better job in some cases.

DefaultHandler directive

Syntax: DefaultHandler = static
Context: Server Config
Module: Core

Nanoweb feeds all files internally through an "parser"; you may specify one of them here (say CGI or SSI) if desired, but it is very rarely a good idea to feed standard static files through the PHP parser for example.

DirectoryIndex directive

Syntax: DirectoryIndex = index.html index.php /path/to/dirhandler.cgi
Context: Server Config, Virtual Hosts
Module: Core

With this directive you may specify one or more files, which get sent in favour of a directory listing when found - this is very often called the »start file« and index.html per default. You can alternatively define the absolute path to a cgi script, which will then be activated to generate a directory listing (instead of Nanowebs mod_fb) if none of the other index files exists.
The value of this directive may also be overriden finally in the per-directory configuration files (.nwaccess).
You may want to set it to just "index" if you activated mod_multiviews, as this is more flexible.

DisableMimeMagic directive

Syntax: DisableMimeMagic = 0
Context: Server Config, Virtual Hosts
Module: Core

If nanoweb cannot determine the mime type from a files` extension then the PHP4.3 function mime_content_type() will be engaged to analyze the first 100 bytes of a file to guess the correct mime type. This directive can be used to disable this behaviour if you fear it slows down your server too much.
If disabled Nanoweb will always report the DefaultContentType if a extension is unknown. You must set the according php.ini option if your mime-magic.data file is not located at its usual place.

DocumentRoot directive

Syntax: DocumentRoot = /var/www
Context: Server Config, Virtual Hosts
Module: Core

Base directory path nanoweb will serve files from and where you should put all your html files and images into, as nanoweb doesn't allow to deliver files which are not located in there.
This directive needs to be present in each virtual host configuration section.

DosEvasiveError directive

Syntax: DosEvasiveError = 403
Context: Server Config, Virtual Hosts
Module: mod_dosevasive

Sets the http response code for »Denial of Service« attacks.

DosEvasiveMaxReqs directive

Syntax: DosEvasiveMaxReqs = 5
Context: Server Config, Virtual Hosts
Module: mod_dosevasive

The maximal number of requests one host may make in the time slice specified with DosEvasiveTimer before it is considered to be an attack.

DosEvasiveTimer directive

Syntax: DosEvasiveTimer = 10
Context: Server Config, Virtual Hosts
Module: mod_dosevasive

Gives a delay in seconds that is used to detect denial of service attacks.

ErrorDocument directive

Syntax: ErrorDocument = CODE errorNNN.html
Context: Server Config, Virtual Hosts
Module: Core

Defines files which get send on errors instead of the default (built-in) nanoweb messages. These documents must reside in the docroot.

ErrorHeader directive

Syntax: ErrorHeader = CODE HTTP-header: value
Context: Server Config, Virtual Hosts
Module: Core

You can attach additional HTTP headers to responses with an error code above 400; see also AddHeader.

FallBackPriority directive

Syntax: FallBackPriority = smallest | largest | newest | oldest
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_multiviews

If the mime qualities of all available file variants are equal, then mod_multiviews can at least select the smallest, largest, newest or the oldest file out of them.

FBDescFile directive

Syntax: FBDescFile = .desc
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_fb

Descriptions of each file in a directory may be given in the file specified here, its content is used to enhance the output of directory listings produced by the file browser module.
Such a description file should look like that:

filename.ext   desc of this file
index.html  main/homepage...

FBIconByType directive

Syntax: FBIconByType = /icons/image.gif mime/type
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_fb, mod_fb2

Associates icons pictures to mime types for output in directory listings produced by mod_fb.
You may specify partial mime-types only; so you can associtate fall-back icons for general mime types like »application«, »text« or »image«.
The default configuration of nanoweb also utilizes the Alias directive to keep all icons in a single directory (/icons/ which is rewritten to absolute real path /var/www/icons/) accessible from all the virtual hosts.

FBIconDefault directive

Syntax: FBIconDefault = /icons/misc.gif
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_fb, mod_fb2

If none of the FBIconByType directives defines an appropriate icon for a file (or if a files mime type is unknown) this directive gives the name of the image to be used.

FBIconDirectory directive

Syntax: FBIconDirectory = /icons/directory.gif
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_fb, mod_fb2

Defines the icon to be printed for directories.

FBShowDotFiles directive

Syntax: FBShowDotFiles = 1
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_fb, mod_fb2

This tells mod_fb to include files which names start with a dot to be included in directory listings. On UNIX machines these »dotfiles« should be treaten as invisible files by standard programs; and because nanoweb keeps some of its per-directory configurations in .nwaccess and .nwauth you probably want to set this directive to the default of 1.

FBSortOrder directive

Syntax: FBSortOrder = name | size | date [ desc ]
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_fb, mod_fb2

Directory listings are sorted by mod_fb according to this setting (»name« is the default). The use of »desc« reverses the order.

FBTemplateFooter (obsolete)

Syntax: FBTemplateFooter = .fbfooter

Dropped in favour of ServerThemes.

FBTemplateHeader (obsolete)

Syntax: FBTemplateHeader = .fbheader

Removed in favour of ServerThemes.

FBWelcomeFile directive

Syntax: FBWelcomeFile = .welcome
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_fb

Whenever a directory listing (»filebrowser«) is to be sent back to the client, the server searches for a file with the hereby given name to be included in the sent output.

FCGIFilterPathInfo directive

Syntax: FCGIFilterPathInfo = 1
Context: Server Config
Module: Core, mod_fcgi

See CGIFilterPathInfo on informations about this directive. The name of this directive was renamed from FastCGIFilterPathInfo in 2.1.0 to normalize its name with all the other ones.

FCGINoHeader directive

Syntax: FCGINoHeader = Powered-By
Context: Server Config
Module: mod_fcgi

Strips the given header from the output of a CGI.

FileBrowser directive

Syntax: FileBrowser = 1
Context: Server Config, Virtual Hosts
Module: mod_fb, mod_fb2
Compatibility: separated out from the core server in 1.8-dev

Is to activate / disactivate the automatic generation of directory listings by the server.

FilterEnable directive

Syntax: FilterEnable = 1
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_pfilters

This directive can be used to deactivate all filter rules on a per directory basis (in .nwaccess files).

Filter directive

Syntax: Filter = mime/type filtername [args]
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_pfilters

Sets a filter rule which is applied to all files matching the mime pattern (most often text/html, but may be just */*).
The second argument to this directive is the name of one of the internal filters which you may pass additional arguments.
The most powerful filter is 'pipe' which passes the current content through an external filter program given as argument to it ("/usr/bin/tidy" for example). The 'unchunk' filter is very often required to be listed before the first 'pipe'. Other filters are currently 'null', 'shrink', 'downcase' and 'wap' (you need to load »mod_html_filters« to make them available).

ForceHandler directive

Syntax: ForceHandler = PARSER
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core

This directive is to be used in .nwaccess files to enforce one of the nanoweb parsers (like CGI, static or SSI) to handle all files. So if you want to ensure, that none of the files in a directory is activated as CGI script, you could put the line "ForceHandler=static" into the .nwaccess file.

Group directive

Syntax: Group = groupid
Context: Server Config
Module: Core

Default group nanoweb will run as (defaults to »www-data«).

GzipEnable directive

Syntax: GzipEnable = 1
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_gzip

This directive allows you to enable/disable mod_gzip for each virtual host or different directories (in .nwaccass files).
Chunked CGI output will not get compressed as this often leads to poor results and is not supported by some browsers. You can however enforce compression of such content streams by setting this directive to 2 - A much better solution is however to apply the "unchunk" Filter, which will help mod_gzip. For PHP scripts you may wish to enable automagic output compression via php.ini rather.

GzipLevel directive

Syntax: GzipLevel = 5
Context: Server Config
Module: mod_gzip

This options tells mod_gzip how much time to spend on compression. A value of 1 leads to very fast processing, 9 means maximum compression, which is of course very time consuming. So you probably want to have some value in between to achieve good compression in a justifiable amount of time.
BTW, 0 means no compression, but this is stupid; see the above configuration directive for this.

GzipMaxRatio directive

Syntax: GzipMaxRatio = 90
Context: Server Config
Module: mod_gzip

Max compression ratio (percentage of original size). If it is higher, the content is likely to be already compressed and does not need a recompression.

HostnameLookups directive

Syntax: HostnameLookups = 1
Context: Server Config
Module: Core

Use reverse-DNS to put hostnames instead of IP addresses into server log.
Note that using DNS slows down nanoweb a bit, so if you need some more speed you should think about disabling this feature, as you can get the names of the hosts which requested pages from your server later too by evaluating the server logs with appropriate software.

HostnameLookupsBy directive

Syntax: HostnameLookupsBy = server | logger
Context: Server Config
Module: Core

Using the value "logger" in this directive tells nanoweb to delay DNS lookups and let these be done by the logger processes after the page already has been delivered. This is a speed improvement, because there is actually no need to do the slow DNS query for the requesting host in the main server; some modules may however depend on it, so you can set this directive to "server" for the old behaviour.

IgnoreDotFiles directive

Syntax: IgnoreDotFiles = 1
Context: Server Config, Virtual hosts, .nwaccess
Module: Core

Setting this directive to 1 will make nanoweb ignore .xxx files. This is for security reasons (not allowing clients to request .nwaccess or .nwauth files for example). You shouldn't change this unless you know exactly what you're doing.

Include directive

Syntax: Include = /path/to/file.conf
Context: Server Config
Module: Core

This directive reads another (swapped out) configuration file into the current one. In standard installations the main configuration file is /etc/nanoweb/nanoweb.conf which additionally loads modules.conf and vhosts.conf using this directive.

KeepAlive directive

Syntax: KeepAlive = 25
Context: Server Config
Module: Core

Maximum number of http requests per connection (A client may get more than one file after it opened a connection to nanoweb, to speed up downloading of multiple files). To disable the keep-alive feature of nanoweb just set this value to 0.

LanguagePriority directive

Syntax: LanguagePriority = en fr de
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_multiviews

Content-negotiation occurs if the requested file does not exist, but some variants can be found instead. If the client doesn't specifies a preferred language this setting will come into use.

ListenInterface directive

Syntax: ListenInterface = 127.0.0.1
Context: Server Config
Module: Core

Specify the IP address the server shall listen to for incoming connections.

ListenPort directive

Syntax: ListenPort = 80
Context: Server Config
Module: Core

Specify the TCP port number the server shall listen on for incoming connections. 80 is the default for web servers, but 8080 is also very common and you must use this to run nanoweb if you're not root (as ports below 1024 are reserved for system daemons).
Starting with version 2.0 you can make Nanoweb listen on more than one TCP port, if you give this directive multiple times:

ListenPort = 80
ListenPort = 8080
ListenPort = 12080

ListenQueue directive

Syntax: ListenQueue = 20
Context: Server Config
Module: Core

Maximum number of queued connections.

LoadLimit directive

Syntax: LoadLimit = 25.0
Context: Server Config
Module: mod_load_limit

Defines the maximum load average after which the server will return an error and won't serve documents until load goes down.

LoadLimitAction directive

Syntax: LoadLimitAction = error | redir
Context: Server Config
Module: mod_load_limit

Per dafault nanoweb stops serving any further requests if the load limit is reached, but instead of just sending an error message response nanoweb is also able to redirect the request to another server (and thus probably all further queries from the requesting client).

LoadLimitError directive

Syntax: LoadLimitError = 503
Context: Server Config
Module: mod_load_limit

This directive sets the http response code for error messages that are send back when the the server load gets too high. (rarely needed)

LoadLimitErrorMessage directive

Syntax: LoadLimitErrorMessage = Sorry, our server gets too slow...
Context: Server Config
Module: mod_load_limit

Defines a custom error message that is send if your server gets too slow. Besides the common nanoweb server vars, you can use %CUR_LOAD and %MAX_LOAD in the message text.

LoadLimitRedirect directive

Syntax: LoadLimitRedirect = http://www2.example.com/%REQUEST_URI
Context: Server Config
Module: mod_load_limit

If enabled with the LoadLimitAction directive, clients are redirected to the server given by this directive as soon as the load limit is reached.
Please note that %DOCUMENT_ROOT may be useful together with %REQUEST_URI if your fallback server holds backups of different sites.

LoadModule directive

Syntax: LoadModule = /usr/lib/nanoweb/modules/mod_fb.php
Context: Server Config
Module: Core

This directive is usually found in /etc/nanoweb/modules.conf (or C:\nanoweb\modules.conf on Windows), which is included into the main server configuration file. It registers the specified module to the server core in the startup sequence of nanoweb.
You don't need anymore to specify the full pathname of the PHP source file containing the module if you set ModulesDir accordingly.

LoadTheme directive

Syntax: LoadTheme = default.theme
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core

Nanoweb supports themes to be applied to server generated response messages. This directive loads a template file on server startup, which then can be activated on a per-directory basis using the ServerTheme directive. You can give the full path to the theme file; but if you set the default configuration path using the ConfigDir directive you can leave that out, as theme files are usually located there, too.
Theme files can be loaded from inside a .nwaccess configuration file, too.
For more information about this, please see the manual section about Themes.

Log directive

Syntax: Log = /var/log/nanoweb/access.log
Context: Server Config
Module: Core

Specifies the file where nanoweb notes all served requests. This file will contain one line for each requested file with informations on where the request origined, when it occoured, and if it succeded (file found) beside with some other notes.
The format of this file is the same as with apache and often referred to as »common« or »combined« »log file format«, thus you can run some evalution program like "awstats" on it to generate a monthly traffic report for your site.
You can leave out the absolute path name, if a default path is already set by LogDir.

LogDir directive

Syntax: LogDir = /var/log/nanoweb/
Context: Server Config
Module: Core

Sets the default directory for log files (see Log and ServerLog), so you can give simple file names there.

LoggerProcess directive

Syntax: LoggerProcess = 2
Context: Server Config
Module: Core

Logger Process support. If enabled, nanoweb will spawn logger processes at launch and all logging will be done by them. This can help if you are using User or Group directives or simply want more performance from the server. Set to the number of loggers you want, or 0 to disable.

LoggerUser directive

Syntax: LoggerUser = userid
Context: Server Config
Module: Core

User the nanoweb loggers will run as.

LoggerGroup directive

Syntax: LoggerGroup = groupid
Context: Server Config
Module: Core

Group the nanoweb loggers will run as.

LogToConsole (deprecated)

Syntax: LogToConsole = 1
Module: mod_stdlog

LogHitsToConsole replaced this directive.

LogHitsToConsole directive

Syntax: LogHitsToConsole = 1
Context: Server Config
Module: mod_stdlog

Logs every hit to standard output. Of course this requires you not to run nanoweb in daemon mode via nanoctl start, you need to run nanoweb.php from your vterminal/shell. Additionally the --quiet option given to nanoweb.php allows you to disable this on the fly (this is neccessary for inetd mode for example), so you don't need to change the configuration files.

LogHitsToServerLog directive

Syntax: LogHitsToServerLog = 1
Context: Server Config
Module: mod_stdlog

Logs hits additionally to the standard server log, which normally wouldn't contain these (access.log used to contain hits).

LogType directive

Syntax: LogType = common | common-with-vhost | combined
Context: Server Config
Module: Core

Sets the format used for log files (see Log) output. »common« is the NCSA Common Log Format (also known as »clf«), »common-with-vhost« is the same as CLF, but with support for multiple hosts, »combined« is the extended CLF format used by Apache, which also reports user agent and referer informations.

MaxRequestBodyLength directive

Syntax: MaxRequestBodyLength = 1000000
Context: Server Config
Module: Core

Limits the size of the request body (the content of POST and PUT request),

MaxRequestURILength directive

Syntax: MaxRequestURILength = 512
Context: Server Config
Module: Core

Sets the maximum length of the request URIs nanoweb will accept. Usually the size of URLs is already limited at client side (IE for example: 1024 characters) but for security reasons you may wish to trim it here.

MaxServers directive

Syntax: MaxServers = 25
Context: Server Config
Module: Core

Limits the number of subservers (child processes) Nanoweb will create at maximum. A setting of 0 permits unlimited server processes.

MetaFetch directive

Syntax: MetaFetch = fast | regex | no | 0
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_meta

This directive tells mod_meta how to fetch the http header fields given in the <META HTTP-EQUIV> tags in .html files. The default fast method is only suitable if your html files are very well formed, the regex method is often more reliable and fetches non-http meta information as well, but is therefor much slower. The no disables opening the .html files for scanning, so only the headers found in every files companion *.meta file are attached to http answers. mod_meta gets fully disabled only by setting this directive to 0.

MethodHandler directive

Syntax: MethodHandler = METHOD /cgi-bin/METHOD_handler.php
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_method_handler

Defines a 'httpd user space' CGI script that handles HTTP requests with non-standard methods. The given script is called like a standard handler (as in mod_misc_filters) with the requested file given in $PATH_INFO. The path to the handler script must be absolute to the docroot.

MispellAction directive

Syntax: MispellAction = advice
Context: Server Config (modules.conf)
Module: mod_mispell

The mispell module handles incorrectly entered URLs. If a file with the given name cannot be found on the server this module tries to figure out the correct name by checking the sounding of the filename against that of the files located on the server.
This directives says what to do if it finds the correct name for the requested file. Default is »advice« which sends back an error page to the user, presenting him the corrected URL. You can also specify »redirect« which will send back a HTTP redirection response to the browser, so the users browser automagically re-requests with the corrected URL.

MimeTypes directive

Syntax: MimeTypes = /etc/mime.types
Context: Server Config
Module: Core

Reads in the system-wide available MIME-types database from given file, and thus makes nanoweb recognize hundreds of typical file extensions.

ModulesDir directive

Syntax: ModulesDir = /usr/lib/nanoweb/modules/
Context: Server Config
Module: Core

This directive specifies the default location of the nanoweb extension modules, so you don't need to give the full path name in LoadModule directives. You must append a slash to the directory name.
You may give this directive multiple times, nanoweb will use the module it finds first in one of the given paths. Due to PHP's fopen wrapper mechanism you could also give a http:// address here to always have the most current module versions available - but this is still under devolopment (and would be mentioned in one of your configuration files then).

MultiViews directive

Syntax: MultiViews = 1
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_multiviews

This directive enables / disables mod_multiviews, so you can use the negotiation features only in directories you actually need them.

MySQLLogHost directive

Syntax: MySQLLogHost = localhost
Context: Server Config (modules.conf)
Module: mod_mysqllog

The mysqllog module saves request hits to a database instead of saving it to files as mod_stdlog does. So you need to give a hostname here, where a MySQL database server runs on.

MySQLLogDatabase directive

Syntax: MySQLLogDatabase = databasename
Context: Server Config (modules.conf)
Module: mod_mysqllog

Sets the name of the MySQL database for request logging.

MySQLLogUser directive

Syntax: MySQLLogUser = mysql_username
Context: Server Config (modules.conf)
Module: mod_mysqllog

You need an account for access to a MySQL database server.

MySQLLogPassword directive

Syntax: MySQLLogPassword = mysql_password
Context: Server Config (modules.conf)
Module: mod_mysqllog

You need an account for access to a MySQL database server.

OtherPriority directive

Syntax: OtherPriority = php; qs=0.3, text/html; qs=0.2, image/*; q=0.1
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_multiviews

This gives additional preferences that will help mod_multiviews in selecting the "best" variant when the browser didn't send an Accept: header. Note that you can mix file extensions (without dot!) and mime types; quality-values help a lot.

ParseExt

Syntax: ParseExt = extension TYPE [parameters]
Context: Server Config
Module: Core, mod_cgi, mod_fcgi

Defines which script interpreter must be run to parse files with a given file extension.
Valid parser TYPEs are defined by the modules you loaded and the parameters are type dependant. CGI is the most commonly used parser type and requires the absolute filename of the interpreter to execute. FCGI argument is the FastCGI server socket, while SSI never requires any parameter.
See also the pages for mod_cgi mod_fcgi and mod_include and this example:

ParseExt = php CGI /usr/local/bin/php
ParseExt = awk CGI /usr/bin/awk $FILENAME
ParseExt = js CGI /usr/bin/js $FILENAME

PathInfoTryExt directive

Syntax: PathInfoTryExt = php
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core

This directive gives CGI extensions that should be checked for if a file with a pathinfo is requested but no file extension is there. You should use multiple PathInfoTryExt lines, one for each CGI extension you would like to leave out.
See also AllowPathInfo

PidFile directive

Syntax: PidFile = /var/run/nanoweb.pid
Context: Server Config
Module: Core

This directive gives a filename where nanoweb logs which pid (=process id, on Unix systems) it runs as.

ProxyAccessLog directive

Syntax: ProxyAccessLog = /var/log/nanoweb/proxy.log
Context: Server Config
Module: mod_proxy

The proxy module generates an additonal seperate log file, as you probably don't want the main server log to be intermixed with request informations for files that are not located in your servers docroot.

ProxyAllowIP directive

Syntax: ProxyAllowIP = 168.192.
Context: Server Config
Module: mod_proxy

Use this directive to allow hosts or all hosts from a network (with an abbreviated IP address range) to access the www via the nanoweb internal proxy server. Hosts not listed here cannot make use of the nanoweb proxy.

ProxyCacheDir directive

Syntax: ProxyCacheDir = /var/cache/nanoweb
Context: Server Config
Module: mod_proxy

The proxy module of course needs a dedicated directory where it can save all the files that were requested in the past, so that they do not need to be fetched a second time from the real server if they get requested another time.

ProxyCacheMaxAge directive

Syntax: ProxyCacheMaxAge = 2592000
Context: Server Config
Module: mod_proxy

Cached pages get invalid (need to be refetched) after an amount of time specified with this directive, the value is in seconds.

ProxyDenySite directive

Syntax: ProxyDenySite = /etc/nanoweb/badsites
Context: Server Config
Module: mod_proxy

If you want some servers not to be accessible through your proxy you just need to list them in a text file (one server name per line) which you specify here; so access to such servers will be forbidden.

ProxyDenyPopup directive

Syntax: ProxyDenyPopup = /etc/nanoweb/popup.txt
Context: Server Config
Module: mod_proxy

The proxy module can additonally filter popups out of delivered pages, if they match one of the regexs listed in the specified file.

ProxyDenyPub directive

Syntax: ProxyDenyPub = /etc/nanoweb/images.txt
Context: Server Config
Module: mod_proxy

This directive enables you to filter images. Just put a line with the filename or URL into the file »images.txt« for every image, that you do not want to be delivered through the proxy.

RefererAllow directive

Syntax: RefererAllow = http://www.google.com
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_access_referer

In a context where RefererCheck has been activated, this allows requests refered by the defined URL (or part of URL) to be processed as if they were coming from the local site

RefererCheck directive

Syntax: RefererCheck = 1
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_access_referer

When activated, nanoweb will answer every request which referer is nonempty and differs from the ServerName with a 403 Forbidden error page.
Other exceptions than the ServerName can be set with the RefererAllow directive.

ReflectRewriting directive

Syntax: ReflectRewriting = 1
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_rewrite, mod_multiviews

If a URL is rewritten via a RewriteRule or because of some content negotiation, this setting influences if the rewritten URL (or if unset the requested one) shall be presented in error messages that may occur.
Enabling this probably leads to trouble if you also run mod_proxy.

RewriteRule directive

Syntax: RewriteRule REGEX REPLACEMENT [flags,...]
Context: .nwaccess
Module: mod_rewrite

Mappes the requested file name to real one by rewriting with usage of regular expressions pattern matching. Please refer to the modules` documentation for a short explanation.

RewriteCond directive

Syntax: RewriteCond TESTSTRING CONDPATTERN [flags,...]
Context: .nwaccess
Module: mod_rewrite

Does additional regex tests that trigger if the following RewriteRule gets executed (on success of this RewriteCond).

RequestTimeout directive

Syntax: RequestTimeout = 15
Context: Server Config
Module: Core

Nanoweb will wait specified amount of time for receival of the actual http request after a TCP/IP connection was established, before it closes this connection again to not prevent others from correctly connecting.

ServerAdmin directive

Syntax: ServerAdmin = webmaster@example.com
Context: Server Config, Virtual Hosts
Module: Core

Admin mail address present in most of the server generated pages (errors, status, directory listings).

ServerAlias directive

Syntax: ServerAlias = www.secondname.example.net
Context: Server Config, Virtual Hosts
Module: Core

As there can be only one default ServerName, you may use this directive to let nanoweb listen to additional DNS names (just give multiple lines here).
You can optionally give a port number after the server name.

ServerFakeSignature directive

Syntax: ServerFakeSignature = apache/1.3.19 (Unix) Debian GNU/Linux PHP/4.0.6
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core

If you'd like to annoy possible attackers to your webserver you can give them false informations on which webserver you are actually running using this directive.
You have to enable this behaviour by additionally changing the ServerSignature directive to 'fake'.

ServerLog directive

Syntax: ServerLog = /var/log/nanoweb/server.log logmode
Context: Server Config
Module: Core

The ServerLog directive may be given multiple times, to let nanoweb create separate files where runtime informational messages are written to. Having multiple of them makes sense, because the second parameter (logmode) to this directive allows you to filter parts of the possible server messages.
The internally generated server messages are divided into the classes: error, notice warning, debug, and hit. You can even say all or default here, or give multiple modes by connecting them with the plus sign, like "error+warning+hit" for example.

ServerLog = /var/log/nanoweb/server.log default+hit
ServerLog = /dev/tty9 all
ServerLog = /var/log/nanoweb/error.log error+warning
ServerLog = /var/log/nanoweb/server.debug notice+warning

If you leave out the logmode parameter, the default will apply, which is logging notices, errors and warnings to the specified file.

ServerMode directive

Syntax: ServerMode = standalone
Context: Server Config
Module: Core

You may wish to run nanoweb in standalone mode in most cases. This is, the nanoweb server is started to stay resident in memory and waiting for incoming connections.
Another variant of using the nanoweb server is by invoking it via inetd - the »internet superserver« used on many UNIX systems to startup internet services on oncoming requests, which leads to some overhead and is slower in general as one copy of nanoweb.php needs to be executed for each requested file.

ServerName directive

Syntax: ServerName = www.example.com
Context: Server Config, Virtual Hosts
Module: Core

Default DNS-name of this server. You may append a port number to the name.

ServerSignature directive

Syntax: ServerSignature = full | os | prod | min | off | fake
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core

Webservers usually reveal their name and version in the HTTP answer headers, but you can restrict nanoweb in how much information it gives away. Per default (full) it tells "nanoweb/NW_VERSION OPERATING_SYS PHP_VERSION", with this directive set to os it leaves out the PHP version, min still includes the nanoweb version but prod only tells "nanoweb" (the product name).
Finally you can disable the output fully with off. But much more funny it is to give clients wrong information instead using fake and the ServerFakeSignature.

ServerTheme directive

Syntax: ServerTheme = default
Context: Server Config, Virtual Hosts, .nwaccess
Module: Core

This directive selects one of the theme templates (loaded using LoadTheme) to be applied to server generated responses like error messages or directory listings.

SingleProcessMode directive

Syntax: SingleProcessMode = 1
Context: Server Config
Module: Core

This is used to force nanoweb in single process mode (which is usually slower than the default process forking mode). You should uncomment it when running in win32 or if your php binary was not compiled with pcntl.

StatusAllowHost directive

Syntax: StatusAllowHost = 127.0.0.1
Context: Server Config
Module: mod_status

This gives an IP of a host allowed to consult the server status through /server-status. Multiple lines with this directive may be specified; an incomplete IP address can be used to allow a range of host addresses to be granted access.

StaticBufferSize directive

Syntax: StaticBufferSize = 1048576
Context: Server Config
Module: Core (mod_static)

Limits the chunk size of static files to 1M per default, because nanoweb cannot keep files with unlimited size in memory. You may in fact speed up requests (for some cases) if you lower this value.

StaticDisablePartial directive

Syntax: StaticDisablePartial = 0
Context: Server Config
Module: Core (mod_static)

Disallows http clients to retrieve only parts of a resource/file, when set to 1. Usually the partial GET is used by clients like 'wget' to resume a stopped/unfinished previous download attemp.

TempDir directive

Syntax: TempDir = /tmp
Context: Server Config
Module: Core

This specifies where nanoweb shall put temporary files into, so this directory should be read+writeable by the user/group nanoweb will run as.

TempDirectory (obsolete)

Syntax: TempDirectory = /tmp
Replaced by: TempDir

This directive was renamed to TempDir in 2.1.1 to match general naming syntax.

User directive

Syntax: User = userid
Context: Server Config
Module: Core

Default user nanoweb will run as (the user name is »www-data« per dafault).

UserDir directive

Syntax: UserDir = public_html
Context: Server Config, Virtual Hosts
Module: Core

This is the subpath which nanoweb will look for in users homedir when an URL like http://webserver/~user is requested.
This directive can be set in the global section or for each virtual host.

WormsRun directive

Syntax: WormsRun = /usr/bin/command [args...]
Context: Server Config
Module: mod_worms

Commands specified with such directives are executed, if a worm is detected.
Please refer to the file README.mod_worms (in the docs/ directory of the unpacked tarball) as mod_worms requires additional preparation to work.

WormsWpopText directive

Syntax: WormsWpopText = message text ...
Context: Server Config
Module: mod_worms

Text that is sent to the offending IIS server console.

WriteAccess directive

Syntax: WriteAccess = 1
Context: Server Config, Virtual Hosts, .nwaccess
Module: mod_method_PUT

This directive enables writing files via HTTP for clients that support the PUT request method.
You shouldn't enable this setting in the main configuration file or one of the vhost sections; it is often a good idea to allows this type of access only for selected directories (in a .nwaccess file), even if the PUT module only can write to files and directories that have the world-writable bit set or that are owned by the default Nanoweb user/group.

NANOWEB, the aEGiS PHP web server

Index Modules Configuration READMEs FAQ Support Forum