Apache HTTP Server Version 2.4

The directive quick reference shows the usage, default, status, and context of each Apache configuration directive. For more information about each of these, see the Directive Dictionary.
The first column gives the directive name and usage. The second column shows the default value of the directive, if a default exists. If the default is too large to display, it will be truncated and followed by "+".
The third and fourth columns list the contexts where the directive is allowed and the status of the directive according to the legend tables below.
| A | B | C | D | E | F | G | H | I | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | 
 | 
 | 
| AcceptFilter protocol accept_filter | s | C | |
| Configures optimizations for a Protocol's Listener Sockets | |||
| AcceptPathInfo On|Off|Default | Default | svdh | C | 
| Resources accept trailing pathname information | |||
| AccessFileName filename [filename] ... | .htaccess | sv | C | 
| Name of the distributed configuration file | |||
| Action action-type cgi-script [virtual] | svdh | B | |
| Activates a CGI script for a particular handler or content-type | |||
| AddAlt string file [file] ... | svdh | B | |
| Alternate text to display for a file, instead of an icon selected by filename | |||
| AddAltByEncoding string MIME-encoding [MIME-encoding] ... | svdh | B | |
| Alternate text to display for a file instead of an icon selected by MIME-encoding | |||
| AddAltByType string MIME-type [MIME-type] ... | svdh | B | |
| Alternate text to display for a file, instead of an icon selected by MIME content-type | |||
| AddCharset charset extension [extension] ... | svdh | B | |
| Maps the given filename extensions to the specified content charset | |||
| AddDefaultCharset On|Off|charset | Off | svdh | C | 
| Default charset parameter to be added when a response
content-type is text/plainortext/html | |||
| AddDescription string file [file] ... | svdh | B | |
| Description to display for a file | |||
| AddEncoding encoding extension [extension] ... | svdh | B | |
| Maps the given filename extensions to the specified encoding type | |||
| AddHandler handler-name extension [extension] ... | svdh | B | |
| Maps the filename extensions to the specified handler | |||
| AddIcon icon name [name] ... | svdh | B | |
| Icon to display for a file selected by name | |||
| AddIconByEncoding icon MIME-encoding [MIME-encoding] ... | svdh | B | |
| Icon to display next to files selected by MIME content-encoding | |||
| AddIconByType icon MIME-type [MIME-type] ... | svdh | B | |
| Icon to display next to files selected by MIME content-type | |||
| AddInputFilter filter[;filter...] extension [extension] ... | svdh | B | |
| Maps filename extensions to the filters that will process client requests | |||
| AddLanguage language-tag extension [extension] ... | svdh | B | |
| Maps the given filename extension to the specified content language | |||
| AddModuleInfo module-name string | sv | E | |
| Adds additional information to the module information displayed by the server-info handler | |||
| AddOutputFilter filter[;filter...] extension [extension] ... | svdh | B | |
| Maps filename extensions to the filters that will process responses from the server | |||
| AddOutputFilterByType filter[;filter...] media-type [media-type] ... | svdh | B | |
| assigns an output filter to a particular media-type | |||
| AddType media-type extension [extension] ... | svdh | B | |
| Maps the given filename extensions onto the specified content type | |||
| Alias [URL-path] file-path|directory-path | svd | B | |
| Maps URLs to filesystem locations | |||
| AliasMatch regex file-path|directory-path | sv | B | |
| Maps URLs to filesystem locations using regular expressions | |||
| Allow from all|host|env=[!]env-variable [host|env=[!]env-variable] ... | dh | E | |
| Controls which hosts can access an area of the server | |||
| AllowCONNECT port[-port] [port[-port]] ... | 443 563 | sv | E | 
| Ports that are allowed to CONNECTthrough the
proxy | |||
| AllowEncodedSlashes On|Off|NoDecode | Off | sv | C | 
| Determines whether encoded path separators in URLs are allowed to be passed through | |||
| AllowMethods reset|HTTP-method [HTTP-method]... | reset | d | X | 
| Restrict access to the listed HTTP methods | |||
| AllowOverride All|None|directive-type [directive-type] ... | None (2.3.9 and lat + | d | C | 
| Types of directives that are allowed in .htaccessfiles | |||
| AllowOverrideList None|directive [directive-type] ... | None | d | C | 
| Individual directives that are allowed in .htaccessfiles | |||
| Anonymous user [user] ... | dh | E | |
| Specifies userIDs that are allowed access without password verification | |||
| Anonymous_LogEmail On|Off | On | dh | E | 
| Sets whether the password entered will be logged in the error log | |||
| Anonymous_MustGiveEmail On|Off | On | dh | E | 
| Specifies whether blank passwords are allowed | |||
| Anonymous_NoUserID On|Off | Off | dh | E | 
| Sets whether the userID field may be empty | |||
| Anonymous_VerifyEmail On|Off | Off | dh | E | 
| Sets whether to check the password field for a correctly formatted email address | |||
| AsyncRequestWorkerFactor factor | s | M | |
| Limit concurrent connections per process | |||
| AuthBasicAuthoritative On|Off | On | dh | B | 
| Sets whether authorization and authentication are passed to lower level modules | |||
| AuthBasicFake off|username [password] | dh | B | |
| Fake basic authentication using the given expressions for username and password | |||
| AuthBasicProvider provider-name [provider-name] ... | file | dh | B | 
| Sets the authentication provider(s) for this location | |||
| AuthBasicUseDigestAlgorithm MD5|Off | Off | dh | B | 
| Check passwords against the authentication providers as if Digest Authentication was in force instead of Basic Authentication. | |||
| AuthDBDUserPWQuery query | d | E | |
| SQL query to look up a password for a user | |||
| AuthDBDUserRealmQuery query | d | E | |
| SQL query to look up a password hash for a user and realm. | |||
| AuthDBMGroupFile file-path | dh | E | |
| Sets the name of the database file containing the list of user groups for authorization | |||
| AuthDBMType default|SDBM|GDBM|NDBM|DB | default | dh | E | 
| Sets the type of database file that is used to store passwords | |||
| AuthDBMUserFile file-path | dh | E | |
| Sets the name of a database file containing the list of users and passwords for authentication | |||
| AuthDigestAlgorithm MD5|MD5-sess | MD5 | dh | E | 
| Selects the algorithm used to calculate the challenge and response hashes in digest authentication | |||
| AuthDigestDomain URI [URI] ... | dh | E | |
| URIs that are in the same protection space for digest authentication | |||
| AuthDigestNonceLifetime seconds | 300 | dh | E | 
| How long the server nonce is valid | |||
| AuthDigestProvider provider-name [provider-name] ... | file | dh | E | 
| Sets the authentication provider(s) for this location | |||
| AuthDigestQop none|auth|auth-int [auth|auth-int] | auth | dh | E | 
| Determines the quality-of-protection to use in digest authentication | |||
| AuthDigestShmemSize size | 1000 | s | E | 
| The amount of shared memory to allocate for keeping track of clients | |||
| AuthFormAuthoritative On|Off | On | dh | B | 
| Sets whether authorization and authentication are passed to lower level modules | |||
| AuthFormBody fieldname | httpd_body | d | B | 
| The name of a form field carrying the body of the request to attempt on successful login | |||
| AuthFormDisableNoStore On|Off | Off | d | B | 
| Disable the CacheControl no-store header on the login page | |||
| AuthFormFakeBasicAuth On|Off | Off | d | B | 
| Fake a Basic Authentication header | |||
| AuthFormLocation fieldname | httpd_location | d | B | 
| The name of a form field carrying a URL to redirect to on successful login | |||
| AuthFormLoginRequiredLocation url | d | B | |
| The URL of the page to be redirected to should login be required | |||
| AuthFormLoginSuccessLocation url | d | B | |
| The URL of the page to be redirected to should login be successful | |||
| AuthFormLogoutLocation uri | d | B | |
| The URL to redirect to after a user has logged out | |||
| AuthFormMethod fieldname | httpd_method | d | B | 
| The name of a form field carrying the method of the request to attempt on successful login | |||
| AuthFormMimetype fieldname | httpd_mimetype | d | B | 
| The name of a form field carrying the mimetype of the body of the request to attempt on successful login | |||
| AuthFormPassword fieldname | httpd_password | d | B | 
| The name of a form field carrying the login password | |||
| AuthFormProvider provider-name [provider-name] ... | file | dh | B | 
| Sets the authentication provider(s) for this location | |||
| AuthFormSitePassphrase secret | d | B | |
| Bypass authentication checks for high traffic sites | |||
| AuthFormSize size | 8192 | d | B | 
| The largest size of the form in bytes that will be parsed for the login details | |||
| AuthFormUsername fieldname | httpd_username | d | B | 
| The name of a form field carrying the login username | |||
| AuthGroupFile file-path | dh | B | |
| Sets the name of a text file containing the list of user groups for authorization | |||
| AuthLDAPAuthorizePrefix prefix | AUTHORIZE_ | dh | E | 
| Specifies the prefix for environment variables set during authorization | |||
| AuthLDAPBindAuthoritative off|on | on | dh | E | 
| Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials. | |||
| AuthLDAPBindDN distinguished-name | dh | E | |
| Optional DN to use in binding to the LDAP server | |||
| AuthLDAPBindPassword password | dh | E | |
| Password used in conjunction with the bind DN | |||
| AuthLDAPCharsetConfig file-path | s | E | |
| Language to charset conversion configuration file | |||
| AuthLDAPCompareAsUser on|off | off | dh | E | 
| Use the authenticated user's credentials to perform authorization comparisons | |||
| AuthLDAPCompareDNOnServer on|off | on | dh | E | 
| Use the LDAP server to compare the DNs | |||
| AuthLDAPDereferenceAliases never|searching|finding|always | always | dh | E | 
| When will the module de-reference aliases | |||
| AuthLDAPGroupAttribute attribute | member uniqueMember + | dh | E | 
| LDAP attributes used to identify the user members of groups. | |||
| AuthLDAPGroupAttributeIsDN on|off | on | dh | E | 
| Use the DN of the client username when checking for group membership | |||
| AuthLDAPInitialBindAsUser off|on | off | dh | E | 
| Determines if the server does the initial DN lookup using the basic authentication users' own username, instead of anonymously or with hard-coded credentials for the server | |||
| AuthLDAPInitialBindPattern regex substitution | (.*) $1 (remote use + | dh | E | 
| Specifies the transformation of the basic authentication username to be used when binding to the LDAP server to perform a DN lookup | |||
| AuthLDAPMaxSubGroupDepth Number | 10 | dh | E | 
| Specifies the maximum sub-group nesting depth that will be evaluated before the user search is discontinued. | |||
| AuthLDAPRemoteUserAttribute uid | dh | E | |
| Use the value of the attribute returned during the user query to set the REMOTE_USER environment variable | |||
| AuthLDAPRemoteUserIsDN on|off | off | dh | E | 
| Use the DN of the client username to set the REMOTE_USER environment variable | |||
| AuthLDAPSearchAsUser on|off | off | dh | E | 
| Use the authenticated user's credentials to perform authorization searches | |||
| AuthLDAPSubGroupAttribute attribute | member uniqueMember + | dh | E | 
| Specifies the attribute labels, one value per directive line, used to distinguish the members of the current group that are groups. | |||
| AuthLDAPSubGroupClass LdapObjectClass | groupOfNames groupO + | dh | E | 
| Specifies which LDAP objectClass values identify directory objects that are groups during sub-group processing. | |||
| AuthLDAPURL url [NONE|SSL|TLS|STARTTLS] | dh | E | |
| URL specifying the LDAP search parameters | |||
| AuthMerging Off | And | Or | Off | dh | B | 
| Controls the manner in which each configuration section's authorization logic is combined with that of preceding configuration sections. | |||
| AuthName auth-domain | dh | B | |
| Authorization realm for use in HTTP authentication | |||
| AuthnCacheContext directory|server|custom-string | directory | d | B | 
| Specify a context string for use in the cache key | |||
| AuthnCacheEnable | s | B | |
| Enable Authn caching configured anywhere | |||
| AuthnCacheProvideFor authn-provider [...] | dh | B | |
| Specify which authn provider(s) to cache for | |||
| AuthnCacheSOCache provider-name[:provider-args] | s | B | |
| Select socache backend provider to use | |||
| AuthnCacheTimeout timeout (seconds) | 300 (5 minutes) | dh | B | 
| Set a timeout for cache entries | |||
| <AuthnProviderAlias baseProvider Alias> ... </AuthnProviderAlias> | s | B | |
| Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias | |||
| AuthnzFcgiCheckAuthnProvider provider-name| Noneoption ... | d | E | |
| Enables a FastCGI application to handle the check_authn authentication hook. | |||
| AuthnzFcgiDefineProvider type provider-name backend-address | s | E | |
| Defines a FastCGI application as a provider for authentication and/or authorization | |||
| AuthType None|Basic|Digest|Form | dh | B | |
| Type of user authentication | |||
| AuthUserFile file-path | dh | B | |
| Sets the name of a text file containing the list of users and passwords for authentication | |||
| AuthzDBDLoginToReferer On|Off | Off | d | E | 
| Determines whether to redirect the Client to the Referring
page on successful login or logout if a Refererrequest
header is present | |||
| AuthzDBDQuery query | d | E | |
| Specify the SQL Query for the required operation | |||
| AuthzDBDRedirectQuery query | d | E | |
| Specify a query to look up a login page for the user | |||
| AuthzDBMType default|SDBM|GDBM|NDBM|DB | default | dh | E | 
| Sets the type of database file that is used to store list of user groups | |||
| <AuthzProviderAlias baseProvider Alias Require-Parameters> ... </AuthzProviderAlias> | s | B | |
| Enclose a group of directives that represent an extension of a base authorization provider and referenced by the specified alias | |||
| AuthzSendForbiddenOnFailure On|Off | Off | dh | B | 
| Send '403 FORBIDDEN' instead of '401 UNAUTHORIZED' if authentication succeeds but authorization fails | |||
| BalancerGrowth # | 5 | sv | E | 
| Number of additional Balancers that can be added Post-configuration | |||
| BalancerInherit On|Off | On | sv | E | 
| Inherit ProxyPassed Balancers/Workers from the main server | |||
| BalancerMember [balancerurl] url [key=value [key=value ...]] | d | E | |
| Add a member to a load balancing group | |||
| BalancerPersist On|Off | Off | sv | E | 
| Attempt to persist changes made by the Balancer Manager across restarts. | |||
| BrotliAlterETag AddSuffix|NoChange|Remove | AddSuffix | sv | E | 
| How the outgoing ETag header should be modified during compression | |||
| BrotliCompressionMaxInputBlock value | sv | E | |
| Maximum input block size | |||
| BrotliCompressionQuality value | 5 | sv | E | 
| Compression quality | |||
| BrotliCompressionWindow value | 18 | sv | E | 
| Brotli sliding compression window size | |||
| BrotliFilterNote [type] notename | sv | E | |
| Places the compression ratio in a note for logging | |||
| BrowserMatch regex [!]env-variable[=value] [[!]env-variable[=value]] ... | svdh | B | |
| Sets environment variables conditional on HTTP User-Agent | |||
| BrowserMatchNoCase regex [!]env-variable[=value] [[!]env-variable[=value]] ... | svdh | B | |
| Sets environment variables conditional on User-Agent without respect to case | |||
| BufferedLogs On|Off | Off | s | B | 
| Buffer log entries in memory before writing to disk | |||
| BufferSize integer | 131072 | svdh | E | 
| Maximum size in bytes to buffer by the buffer filter | |||
| CacheDefaultExpire seconds | 3600 (one hour) | svdh | E | 
| The default duration to cache a document when no expiry date is specified. | |||
| CacheDetailHeader on|off | off | svdh | E | 
| Add an X-Cache-Detail header to the response. | |||
| CacheDirLength length | 2 | sv | E | 
| The number of characters in subdirectory names | |||
| CacheDirLevels levels | 2 | sv | E | 
| The number of levels of subdirectories in the cache. | |||
| CacheDisable url-string | on | svdh | E | |
| Disable caching of specified URLs | |||
| CacheEnable cache_type [url-string] | svd | E | |
| Enable caching of specified URLs using a specified storage manager | |||
| CacheFile file-path [file-path] ... | s | X | |
| Cache a list of file handles at startup time | |||
| CacheHeader on|off | off | svdh | E | 
| Add an X-Cache header to the response. | |||
| CacheIgnoreCacheControl On|Off | Off | sv | E | 
| Ignore request to not serve cached content to client | |||
| CacheIgnoreHeaders header-string [header-string] ... | None | sv | E | 
| Do not store the given HTTP header(s) in the cache. | |||
| CacheIgnoreNoLastMod On|Off | Off | svdh | E | 
| Ignore the fact that a response has no Last Modified header. | |||
| CacheIgnoreQueryString On|Off | Off | sv | E | 
| Ignore query string when caching | |||
| CacheIgnoreURLSessionIdentifiers identifier [identifier] ... | None | sv | E | 
| Ignore defined session identifiers encoded in the URL when caching | |||
| CacheKeyBaseURL URL | sv | E | |
| Override the base URL of reverse proxied cache keys. | |||
| CacheLastModifiedFactor float | 0.1 | svdh | E | 
| The factor used to compute an expiry date based on the LastModified date. | |||
| CacheLock on|off | off | sv | E | 
| Enable the thundering herd lock. | |||
| CacheLockMaxAge integer | 5 | sv | E | 
| Set the maximum possible age of a cache lock. | |||
| CacheLockPath directory | /tmp/mod_cache-lock + | sv | E | 
| Set the lock path directory. | |||
| CacheMaxExpire seconds | 86400 (one day) | svdh | E | 
| The maximum time in seconds to cache a document | |||
| CacheMaxFileSize bytes | 1000000 | svdh | E | 
| The maximum size (in bytes) of a document to be placed in the cache | |||
| CacheMinExpire seconds | 0 | svdh | E | 
| The minimum time in seconds to cache a document | |||
| CacheMinFileSize bytes | 1 | svdh | E | 
| The minimum size (in bytes) of a document to be placed in the cache | |||
| CacheNegotiatedDocs On|Off | Off | sv | B | 
| Allows content-negotiated documents to be cached by proxy servers | |||
| CacheQuickHandler on|off | on | sv | E | 
| Run the cache from the quick handler. | |||
| CacheReadSize bytes | 0 | svdh | E | 
| The minimum size (in bytes) of the document to read and be cached before sending the data downstream | |||
| CacheReadTime milliseconds | 0 | svdh | E | 
| The minimum time (in milliseconds) that should elapse while reading before data is sent downstream | |||
| CacheRoot directory | sv | E | |
| The directory root under which cache files are stored | |||
| CacheSocache type[:args] | sv | E | |
| The shared object cache implementation to use | |||
| CacheSocacheMaxSize bytes | 102400 | svdh | E | 
| The maximum size (in bytes) of an entry to be placed in the cache | |||
| CacheSocacheMaxTime seconds | 86400 | svdh | E | 
| The maximum time (in seconds) for a document to be placed in the cache | |||
| CacheSocacheMinTime seconds | 600 | svdh | E | 
| The minimum time (in seconds) for a document to be placed in the cache | |||
| CacheSocacheReadSize bytes | 0 | svdh | E | 
| The minimum size (in bytes) of the document to read and be cached before sending the data downstream | |||
| CacheSocacheReadTime milliseconds | 0 | svdh | E | 
| The minimum time (in milliseconds) that should elapse while reading before data is sent downstream | |||
| CacheStaleOnError on|off | on | svdh | E | 
| Serve stale content in place of 5xx responses. | |||
| CacheStoreExpired On|Off | Off | svdh | E | 
| Attempt to cache responses that the server reports as expired | |||
| CacheStoreNoStore On|Off | Off | svdh | E | 
| Attempt to cache requests or responses that have been marked as no-store. | |||
| CacheStorePrivate On|Off | Off | svdh | E | 
| Attempt to cache responses that the server has marked as private | |||
| CGIDScriptTimeout time[s|ms] | svdh | B | |
| The length of time to wait for more output from the CGI program | |||
| CGIMapExtension cgi-path .extension | dh | C | |
| Technique for locating the interpreter for CGI scripts | |||
| CGIPassAuth On|Off | Off | dh | C | 
| Enables passing HTTP authorization headers to scripts as CGI variables | |||
| CGIVar variable rule | dh | C | |
| Controls how some CGI variables are set | |||
| CharsetDefault charset | svdh | E | |
| Charset to translate into | |||
| CharsetOptions option [option] ... | ImplicitAdd | svdh | E | 
| Configures charset translation behavior | |||
| CharsetSourceEnc charset | svdh | E | |
| Source charset of files | |||
| CheckBasenameMatch on|off | On | svdh | E | 
| Also match files with differing file name extensions. | |||
| CheckCaseOnly on|off | Off | svdh | E | 
| Limits the action of the speling module to case corrections | |||
| CheckSpelling on|off | Off | svdh | E | 
| Enables the spelling module | |||
| ChrootDir /path/to/directory | s | B | |
| Directory for apache to run chroot(8) after startup. | |||
| ContentDigest On|Off | Off | svdh | C | 
| Enables the generation of Content-MD5HTTP Response
headers | |||
| CookieDomain domain | svdh | E | |
| The domain to which the tracking cookie applies | |||
| CookieExpires expiry-period | svdh | E | |
| Expiry time for the tracking cookie | |||
| CookieHTTPOnly on|off | off | svdh | E | 
| Adds the 'HTTPOnly' attribute to the cookie | |||
| CookieName token | Apache | svdh | E | 
| Name of the tracking cookie | |||
| CookieSameSite None|Lax|Strict | svdh | E | |
| Adds the 'SameSite' attribute to the cookie | |||
| CookieSecure on|off | off | svdh | E | 
| Adds the 'Secure' attribute to the cookie | |||
| CookieStyle Netscape|Cookie|Cookie2|RFC2109|RFC2965 | Netscape | svdh | E | 
| Format of the cookie header field | |||
| CookieTracking on|off | off | svdh | E | 
| Enables tracking cookie | |||
| CoreDumpDirectory directory | s | M | |
| Directory where Apache HTTP Server attempts to switch before dumping core | |||
| CustomLog file|pipe format|nickname [env=[!]environment-variable| expr=expression] | sv | B | |
| Sets filename and format of log file | |||
| Dav On|Off|provider-name | Off | d | E | 
| Enable WebDAV HTTP methods | |||
| DavDepthInfinity on|off | off | svd | E | 
| Allow PROPFIND, Depth: Infinity requests | |||
| DavGenericLockDB file-path | svd | E | |
| Location of the DAV lock database | |||
| DavLockDB file-path | sv | E | |
| Location of the DAV lock database | |||
| DavLockDiscovery on|off | on | svdh | E | 
| Enable lock discovery | |||
| DavMinTimeout seconds | 0 | svd | E | 
| Minimum amount of time the server holds a lock on a DAV resource | |||
| DBDExptime time-in-seconds | 300 | sv | E | 
| Keepalive time for idle connections | |||
| DBDInitSQL "SQL statement" | sv | E | |
| Execute an SQL statement after connecting to a database | |||
| DBDKeep number | 2 | sv | E | 
| Maximum sustained number of connections | |||
| DBDMax number | 10 | sv | E | 
| Maximum number of connections | |||
| DBDMin number | 1 | sv | E | 
| Minimum number of connections | |||
| DBDParams param1=value1[,param2=value2] | sv | E | |
| Parameters for database connection | |||
| DBDPersist On|Off | sv | E | |
| Whether to use persistent connections | |||
| DBDPrepareSQL "SQL statement" label | sv | E | |
| Define an SQL prepared statement | |||
| DBDriver name | sv | E | |
| Specify an SQL driver | |||
| DefaultIcon url-path | svdh | B | |
| Icon to display for files when no specific icon is configured | |||
| DefaultLanguage language-tag | svdh | B | |
| Defines a default language-tag to be sent in the Content-Language header field for all resources in the current context that have not been assigned a language-tag by some other means. | |||
| DefaultRuntimeDir directory-path | DEFAULT_REL_RUNTIME + | s | C | 
| Base directory for the server run-time files | |||
| DefaultType media-type|none | none | svdh | C | 
| This directive has no effect other than to emit warnings
if the value is not none. In prior versions, DefaultType
would specify a default media type to assign to response content for
which no other media type configuration could be found. | |||
| Define parameter-name [parameter-value] | svd | C | |
| Define a variable | |||
| DeflateBufferSize value | 8096 | sv | E | 
| Fragment size to be compressed at one time by zlib | |||
| DeflateCompressionLevel value | sv | E | |
| How much compression do we apply to the output | |||
| DeflateFilterNote [type] notename | sv | E | |
| Places the compression ratio in a note for logging | |||
| DeflateInflateLimitRequestBody value | svdh | E | |
| Maximum size of inflated request bodies | |||
| DeflateInflateRatioBurst value | 3 | svdh | E | 
| Maximum number of times the inflation ratio for request bodies can be crossed | |||
| DeflateInflateRatioLimit value | 200 | svdh | E | 
| Maximum inflation ratio for request bodies | |||
| DeflateMemLevel value | 9 | sv | E | 
| How much memory should be used by zlib for compression | |||
| DeflateWindowSize value | 15 | sv | E | 
| Zlib compression window size | |||
| Deny from all|host|env=[!]env-variable [host|env=[!]env-variable] ... | dh | E | |
| Controls which hosts are denied access to the server | |||
| <Directory directory-path> ... </Directory> | sv | C | |
| Enclose a group of directives that apply only to the named file-system directory, sub-directories, and their contents. | |||
| DirectoryCheckHandler On|Off | Off | svdh | B | 
| Toggle how this module responds when another handler is configured | |||
| DirectoryIndex disabled | local-url [local-url] ... | index.html | svdh | B | 
| List of resources to look for when the client requests a directory | |||
| DirectoryIndexRedirect on | off | permanent | temp | seeother | 3xx-code | off | svdh | B | 
| Configures an external redirect for directory indexes. | |||
| <DirectoryMatch regex> ... </DirectoryMatch> | sv | C | |
| Enclose directives that apply to the contents of file-system directories matching a regular expression. | |||
| DirectorySlash On|Off | On | svdh | B | 
| Toggle trailing slash redirects on or off | |||
| DocumentRoot directory-path | "/usr/local/apache/ + | sv | C | 
| Directory that forms the main document tree visible from the web | |||
| DTracePrivileges On|Off | Off | s | X | 
| Determines whether the privileges required by dtrace are enabled. | |||
| DumpIOInput On|Off | Off | s | E | 
| Dump all input data to the error log | |||
| DumpIOOutput On|Off | Off | s | E | 
| Dump all output data to the error log | |||
| <Else> ... </Else> | svdh | C | |
| Contains directives that apply only if the condition of a
previous <If>or<ElseIf>section is not
satisfied by a request at runtime | |||
| <ElseIf expression> ... </ElseIf> | svdh | C | |
| Contains directives that apply only if a condition is satisfied
by a request at runtime while the condition of a previous <If>or<ElseIf>section is not
satisfied | |||
| EnableExceptionHook On|Off | Off | s | M | 
| Enables a hook that runs exception handlers after a crash | |||
| EnableMMAP On|Off | On | svdh | C | 
| Use memory-mapping to read files during delivery | |||
| EnableSendfile On|Off | Off | svdh | C | 
| Use the kernel sendfile support to deliver files to the client | |||
| Error message | svdh | C | |
| Abort configuration parsing with a custom error message | |||
| ErrorDocument error-code document | svdh | C | |
| What the server will return to the client in case of an error | |||
| ErrorLog file-path|syslog[:[facility][:tag]] | logs/error_log (Uni + | sv | C | 
| Location where the server will log errors | |||
| ErrorLogFormat [connection|request] format | sv | C | |
| Format specification for error log entries | |||
| Example | svdh | X | |
| Demonstration directive to illustrate the Apache module API | |||
| ExpiresActive On|Off | Off | svdh | E | 
| Enables generation of Expiresheaders | |||
| ExpiresByType MIME-type <code>seconds | svdh | E | |
| Value of the Expiresheader configured
by MIME type | |||
| ExpiresDefault <code>seconds | svdh | E | |
| Default algorithm for calculating expiration time | |||
| ExtendedStatus On|Off | Off[*] | s | C | 
| Keep track of extended status information for each request | |||
| ExtFilterDefine filtername parameters | s | E | |
| Define an external filter | |||
| ExtFilterOptions option [option] ... | NoLogStderr | d | E | 
| Configure mod_ext_filteroptions | |||
| FallbackResource disabled | local-url | svdh | B | |
| Define a default URL for requests that don't map to a file | |||
| FileETag component ... | MTime Size | svdh | C | 
| File attributes used to create the ETag HTTP response header for static files | |||
| <Files filename> ... </Files> | svdh | C | |
| Contains directives that apply to matched filenames | |||
| <FilesMatch regex> ... </FilesMatch> | svdh | C | |
| Contains directives that apply to regular-expression matched filenames | |||
| FilterChain [+=-@!]filter-name ... | svdh | B | |
| Configure the filter chain | |||
| FilterDeclare filter-name [type] | svdh | B | |
| Declare a smart filter | |||
| FilterProtocol filter-name [provider-name] proto-flags | svdh | B | |
| Deal with correct HTTP protocol handling | |||
| FilterProvider filter-name provider-name expression | svdh | B | |
| Register a content filter | |||
| FilterTrace filter-name level | svd | B | |
| Get debug/diagnostic information from mod_filter | |||
| FlushMaxPipelined number | 5 | sv | C | 
| Maximum number of pipelined responses above which they are flushed to the network | |||
| FlushMaxThreshold number-of-bytes | 65536 | sv | C | 
| Threshold above which pending data are flushed to the network | |||
| ForceLanguagePriority None|Prefer|Fallback [Prefer|Fallback] | Prefer | svdh | B | 
| Action to take if a single acceptable document is not found | |||
| ForceType media-type|None | dh | C | |
| Forces all matching files to be served with the specified media type in the HTTP Content-Type header field | |||
| ForensicLog filename|pipe | sv | E | |
| Sets filename of the forensic log | |||
| GlobalLogfile|pipe format|nickname [env=[!]environment-variable| expr=expression] | s | B | |
| Sets filename and format of log file | |||
| GprofDir /tmp/gprof/|/tmp/gprof/% | sv | C | |
| Directory to write gmon.out profiling data to. | |||
| GracefulShutdownTimeout seconds | 0 | s | M | 
| Specify a timeout after which a gracefully shutdown server will exit. | |||
| Group unix-group | #-1 | s | B | 
| Group under which the server will answer requests | |||
| H2CopyFiles on|off | off | svdh | E | 
| Determine file handling in responses | |||
| H2Direct on|off | on for h2c, off for + | sv | E | 
| H2 Direct Protocol Switch | |||
| H2EarlyHints on|off | off | sv | E | 
| Determine sending of 103 status codes | |||
| H2MaxSessionStreams n | 100 | sv | E | 
| Maximum number of active streams per HTTP/2 session. | |||
| H2MaxWorkerIdleSeconds n | 600 | s | E | 
| Maximum number of seconds h2 workers remain idle until shut down. | |||
| H2MaxWorkers n | s | E | |
| Maximum number of worker threads to use per child process. | |||
| H2MinWorkers n | s | E | |
| Minimal number of worker threads to use per child process. | |||
| H2ModernTLSOnly on|off | on | sv | E | 
| Require HTTP/2 connections to be "modern TLS" only | |||
| H2OutputBuffering on|off | on | sv | E | 
| Determine buffering behaviour of output | |||
| H2Padding numbits | 0 | sv | E | 
| Determine the range of padding bytes added to payload frames | |||
| H2Push on|off | on | svdh | E | 
| H2 Server Push Switch | |||
| H2PushDiarySize n | 256 | sv | E | 
| H2 Server Push Diary Size | |||
| H2PushPriority mime-type [after|before|interleaved] [weight] | * After 16 | sv | E | 
| H2 Server Push Priority | |||
| H2PushResource [add] path [critical] | svdh | E | |
| Declares resources for early pushing to the client | |||
| H2SerializeHeaders on|off | off | sv | E | 
| Serialize Request/Response Processing Switch | |||
| H2StreamMaxMemSize bytes | 65536 | sv | E | 
| Maximum amount of output data buffered per stream. | |||
| H2TLSCoolDownSecs seconds | 1 | sv | E | 
| Configure the number of seconds of idle time on TLS before shrinking writes | |||
| H2TLSWarmUpSize amount | 1048576 | sv | E | 
| Configure the number of bytes on TLS connection before doing max writes | |||
| H2Upgrade on|off | on for h2c, off for + | svdh | E | 
| H2 Upgrade Protocol Switch | |||
| H2WindowSize bytes | 65535 | sv | E | 
| Size of Stream Window for upstream data. | |||
| Header [condition] add|append|echo|edit|edit*|merge|set|setifempty|unset|note header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] | svdh | E | |
| Configure HTTP response headers | |||
| HeaderName filename | svdh | B | |
| Name of the file that will be inserted at the top of the index listing | |||
| HeartbeatAddress addr:port | s | X | |
| Multicast address for heartbeat packets | |||
| HeartbeatListen addr:port | s | X | |
| multicast address to listen for incoming heartbeat requests | |||
| HeartbeatMaxServers number-of-servers | 10 | s | X | 
| Specifies the maximum number of servers that will be sending heartbeat requests to this server | |||
| HeartbeatStorage file-path | logs/hb.dat | s | X | 
| Path to store heartbeat data when using flat-file storage | |||
| HeartbeatStorage file-path | logs/hb.dat | s | X | 
| Path to read heartbeat data | |||
| HostnameLookups On|Off|Double | Off | svd | C | 
| Enables DNS lookups on client IP addresses | |||
| HttpProtocolOptions [Strict|Unsafe] [RegisteredMethods|LenientMethods] [Allow0.9|Require1.0] | Strict LenientMetho + | sv | C | 
| Modify restrictions on HTTP Request Messages | |||
| IdentityCheck On|Off | Off | svd | E | 
| Enables logging of the RFC 1413 identity of the remote user | |||
| IdentityCheckTimeout seconds | 30 | svd | E | 
| Determines the timeout duration for ident requests | |||
| <If expression> ... </If> | svdh | C | |
| Contains directives that apply only if a condition is satisfied by a request at runtime | |||
| <IfDefine [!]parameter-name> ... </IfDefine> | svdh | C | |
| Encloses directives that will be processed only if a test is true at startup | |||
| <IfDirective [!]directive-name> ... </IfDirective> | svdh | C | |
| Encloses directives that are processed conditional on the presence or absence of a specific directive | |||
| <IfFile [!]filename> ... </IfFile> | svdh | C | |
| Encloses directives that will be processed only if file exists at startup | |||
| <IfModule [!]module-file|module-identifier> ... </IfModule> | svdh | C | |
| Encloses directives that are processed conditional on the presence or absence of a specific module | |||
| <IfSection [!]section-name> ... </IfSection> | svdh | C | |
| Encloses directives that are processed conditional on the presence or absence of a specific section directive | |||
| <IfVersion [[!]operator] version> ... </IfVersion> | svdh | E | |
| contains version dependent configuration | |||
| ImapBase map|referer|URL | http://servername/ | svdh | B | 
| Default basefor imagemap files | |||
| ImapDefault error|nocontent|map|referer|URL | nocontent | svdh | B | 
| Default action when an imagemap is called with coordinates that are not explicitly mapped | |||
| ImapMenu none|formatted|semiformatted|unformatted | formatted | svdh | B | 
| Action if no coordinates are given when calling an imagemap | |||
| Include file-path|directory-path|wildcard | svd | C | |
| Includes other configuration files from within the server configuration files | |||
| IncludeOptional file-path|directory-path|wildcard | svd | C | |
| Includes other configuration files from within the server configuration files | |||
| IndexHeadInsert "markup ..." | svdh | B | |
| Inserts text in the HEAD section of an index page. | |||
| IndexIgnore file [file] ... | "." | svdh | B | 
| Adds to the list of files to hide when listing a directory | |||
| IndexIgnoreReset ON|OFF | svdh | B | |
| Empties the list of files to hide when listing a directory | |||
| IndexOptions [+|-]option [[+|-]option] ... | svdh | B | |
| Various configuration settings for directory indexing | |||
| IndexOrderDefault Ascending|Descending Name|Date|Size|Description | Ascending Name | svdh | B | 
| Sets the default ordering of the directory index | |||
| IndexStyleSheet url-path | svdh | B | |
| Adds a CSS stylesheet to the directory index | |||
| InputSed sed-command | dh | X | |
| Sed command to filter request data (typically POSTdata) | |||
| ISAPIAppendLogToErrors on|off | off | svdh | B | 
| Record HSE_APPEND_LOG_PARAMETERrequests from
ISAPI extensions to the error log | |||
| ISAPIAppendLogToQuery on|off | on | svdh | B | 
| Record HSE_APPEND_LOG_PARAMETERrequests from
ISAPI extensions to the query field | |||
| ISAPICacheFile file-path [file-path] ... | sv | B | |
| ISAPI .dll files to be loaded at startup | |||
| ISAPIFakeAsync on|off | off | svdh | B | 
| Fake asynchronous support for ISAPI callbacks | |||
| ISAPILogNotSupported on|off | off | svdh | B | 
| Log unsupported feature requests from ISAPI extensions | |||
| ISAPIReadAheadBuffer size | 49152 | svdh | B | 
| Size of the Read Ahead Buffer sent to ISAPI extensions | |||
| KeepAlive On|Off | On | sv | C | 
| Enables HTTP persistent connections | |||
| KeepAliveTimeout num[ms] | 5 | sv | C | 
| Amount of time the server will wait for subsequent requests on a persistent connection | |||
| KeptBodySize maximum size in bytes | 0 | d | B | 
| Keep the request body instead of discarding it up to the specified maximum size, for potential use by filters such as mod_include. | |||
| LanguagePriority MIME-lang [MIME-lang] ... | svdh | B | |
| The precedence of language variants for cases where the client does not express a preference | |||
| LDAPCacheEntries number | 1024 | s | E | 
| Maximum number of entries in the primary LDAP cache | |||
| LDAPCacheTTL seconds | 600 | s | E | 
| Time that cached items remain valid | |||
| LDAPConnectionPoolTTL n | -1 | sv | E | 
| Discard backend connections that have been sitting in the connection pool too long | |||
| LDAPConnectionTimeout seconds | s | E | |
| Specifies the socket connection timeout in seconds | |||
| LDAPLibraryDebug 7 | s | E | |
| Enable debugging in the LDAP SDK | |||
| LDAPOpCacheEntries number | 1024 | s | E | 
| Number of entries used to cache LDAP compare operations | |||
| LDAPOpCacheTTL seconds | 600 | s | E | 
| Time that entries in the operation cache remain valid | |||
| LDAPReferralHopLimit number | dh | E | |
| The maximum number of referral hops to chase before terminating an LDAP query. | |||
| LDAPReferrals On|Off|default | On | dh | E | 
| Enable referral chasing during queries to the LDAP server. | |||
| LDAPRetries number-of-retries | 3 | s | E | 
| Configures the number of LDAP server retries. | |||
| LDAPRetryDelay seconds | 0 | s | E | 
| Configures the delay between LDAP server retries. | |||
| LDAPSharedCacheFile directory-path/filename | s | E | |
| Sets the shared memory cache file | |||
| LDAPSharedCacheSize bytes | 500000 | s | E | 
| Size in bytes of the shared-memory cache | |||
| LDAPTimeout seconds | 60 | s | E | 
| Specifies the timeout for LDAP search and bind operations, in seconds | |||
| LDAPTrustedClientCert type directory-path/filename/nickname [password] | dh | E | |
| Sets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates. | |||
| LDAPTrustedGlobalCert type directory-path/filename [password] | s | E | |
| Sets the file or database containing global trusted Certificate Authority or global client certificates | |||
| LDAPTrustedMode type | sv | E | |
| Specifies the SSL/TLS mode to be used when connecting to an LDAP server. | |||
| LDAPVerifyServerCert On|Off | On | s | E | 
| Force server certificate verification | |||
| <Limit method [method] ... > ... </Limit> | dh | C | |
| Restrict enclosed access controls to only certain HTTP methods | |||
| <LimitExcept method [method] ... > ... </LimitExcept> | dh | C | |
| Restrict access controls to all HTTP methods except the named ones | |||
| LimitInternalRecursion number [number] | 10 | sv | C | 
| Determine maximum number of internal redirects and nested subrequests | |||
| LimitRequestBody bytes | 1073741824 | svdh | C | 
| Restricts the total size of the HTTP request body sent from the client | |||
| LimitRequestFields number | 100 | sv | C | 
| Limits the number of HTTP request header fields that will be accepted from the client | |||
| LimitRequestFieldSize bytes | 8190 | sv | C | 
| Limits the size of the HTTP request header allowed from the client | |||
| LimitRequestLine bytes | 8190 | sv | C | 
| Limit the size of the HTTP request line that will be accepted from the client | |||
| LimitXMLRequestBody bytes | 1000000 | svdh | C | 
| Limits the size of an XML-based request body | |||
| Listen [IP-address:]portnumber [protocol] | s | M | |
| IP addresses and ports that the server listens to | |||
| ListenBackLog backlog | 511 | s | M | 
| Maximum length of the queue of pending connections | |||
| ListenCoresBucketsRatio ratio | 0 (disabled) | s | M | 
| Ratio between the number of CPU cores (online) and the number of listeners' buckets | |||
| LoadFile filename [filename] ... | sv | E | |
| Link in the named object file or library | |||
| LoadModule module filename | sv | E | |
| Links in the object file or library, and adds to the list of active modules | |||
| <Location URL-path|URL> ... </Location> | sv | C | |
| Applies the enclosed directives only to matching URLs | |||
| <LocationMatch regex> ... </LocationMatch> | sv | C | |
| Applies the enclosed directives only to regular-expression matching URLs | |||
| LogFormat format|nickname [nickname] | "%h %l %u %t \"%r\" + | sv | B | 
| Describes a format for use in a log file | |||
| LogIOTrackTTFB ON|OFF | OFF | svdh | E | 
| Enable tracking of time to first byte (TTFB) | |||
| LogLevel [module:]level [module:level] ... | warn | svd | C | 
| Controls the verbosity of the ErrorLog | |||
| LogMessage message [hook=hook] [expr=expression] | d | X | |
| Log user-defined message to error log | |||
| LuaAuthzProvider provider_name /path/to/lua/script.lua function_name | s | E | |
| Plug an authorization provider function into mod_authz_core | |||
| LuaCodeCache stat|forever|never | stat | svdh | E | 
| Configure the compiled code cache. | |||
| LuaHookAccessChecker /path/to/lua/script.lua hook_function_name [early|late] | svdh | E | |
| Provide a hook for the access_checker phase of request processing | |||
| LuaHookAuthChecker /path/to/lua/script.lua hook_function_name [early|late] | svdh | E | |
| Provide a hook for the auth_checker phase of request processing | |||
| LuaHookCheckUserID /path/to/lua/script.lua hook_function_name [early|late] | svdh | E | |
| Provide a hook for the check_user_id phase of request processing | |||
| LuaHookFixups /path/to/lua/script.lua hook_function_name | svdh | E | |
| Provide a hook for the fixups phase of a request processing | |||
| LuaHookInsertFilter /path/to/lua/script.lua hook_function_name | svdh | E | |
| Provide a hook for the insert_filter phase of request processing | |||
| LuaHookLog /path/to/lua/script.lua log_function_name | svdh | E | |
| Provide a hook for the access log phase of a request processing | |||
| LuaHookMapToStorage /path/to/lua/script.lua hook_function_name | svdh | E | |
| Provide a hook for the map_to_storage phase of request processing | |||
| LuaHookPreTranslate /path/to/lua/script.lua hook_function_name | svdh | E | |
| Provide a hook for the pre_translate phase of a request processing | |||
| LuaHookTranslateName /path/to/lua/script.lua hook_function_name [early|late] | sv | E | |
| Provide a hook for the translate name phase of request processing | |||
| LuaHookTypeChecker /path/to/lua/script.lua hook_function_name | svdh | E | |
| Provide a hook for the type_checker phase of request processing | |||
| LuaInherit none|parent-first|parent-last | parent-first | svdh | E | 
| Controls how parent configuration sections are merged into children | |||
| LuaInputFilter filter_name /path/to/lua/script.lua function_name | s | E | |
| Provide a Lua function for content input filtering | |||
| LuaMapHandler uri-pattern /path/to/lua/script.lua [function-name] | svdh | E | |
| Map a path to a lua handler | |||
| LuaOutputFilter filter_name /path/to/lua/script.lua function_name | s | E | |
| Provide a Lua function for content output filtering | |||
| LuaPackageCPath /path/to/include/?.soa | svdh | E | |
| Add a directory to lua's package.cpath | |||
| LuaPackagePath /path/to/include/?.lua | svdh | E | |
| Add a directory to lua's package.path | |||
| LuaQuickHandler /path/to/script.lua hook_function_name | sv | E | |
| Provide a hook for the quick handler of request processing | |||
| LuaRoot /path/to/a/directory | svdh | E | |
| Specify the base path for resolving relative paths for mod_lua directives | |||
| LuaScope once|request|conn|thread|server [min] [max] | once | svdh | E | 
| One of once, request, conn, thread -- default is once | |||
| <Macro name [par1 .. parN]> ... </Macro> | svd | B | |
| Define a configuration file macro | |||
| MaxConnectionsPerChild number | 0 | s | M | 
| Limit on the number of connections that an individual child server will handle during its life | |||
| MaxKeepAliveRequests number | 100 | sv | C | 
| Number of requests allowed on a persistent connection | |||
| MaxMemFree KBytes | 2048 | s | M | 
| Maximum amount of memory that the main allocator is allowed
to hold without calling free() | |||
| MaxRangeOverlaps default | unlimited | none | number-of-ranges | 20 | svd | C | 
| Number of overlapping ranges (eg: 100-200,150-300) allowed before returning the complete
        resource | |||
| MaxRangeReversals default | unlimited | none | number-of-ranges | 20 | svd | C | 
| Number of range reversals (eg: 100-200,50-70) allowed before returning the complete
        resource | |||
| MaxRanges default | unlimited | none | number-of-ranges | 200 | svd | C | 
| Number of ranges allowed before returning the complete resource | |||
| MaxRequestWorkers number | s | M | |
| Maximum number of connections that will be processed simultaneously | |||
| MaxSpareServers number | 10 | s | M | 
| Maximum number of idle child server processes | |||
| MaxSpareThreads number | s | M | |
| Maximum number of idle threads | |||
| MaxThreads number | 2048 | s | M | 
| Set the maximum number of worker threads | |||
| MDActivationDelay duration | s | X | |
| - | |||
| MDBaseServer on|off | off | s | X | 
| Control if base server may be managed or only virtual hosts. | |||
| MDCAChallenges name [ name ... ] | tls-alpn-01 http-01 + | s | X | 
| Type of ACME challenge used to prove domain ownership. | |||
| MDCertificateAgreement accepted | s | X | |
| You confirm that you accepted the Terms of Service of the Certificate Authority. | |||
| MDCertificateAuthority url | letsencrypt | s | X | 
| The URL(s) of the ACME Certificate Authority to use. | |||
| MDCertificateCheck name url | s | X | |
| - | |||
| MDCertificateFile path-to-pem-file | s | X | |
| Specify a static certificate file for the MD. | |||
| MDCertificateKeyFile path-to-file | s | X | |
| Specify a static private key for for the static cerrtificate. | |||
| MDCertificateMonitor name url | crt.sh https://crt. + | s | X | 
| The URL of a certificate log monitor. | |||
| MDCertificateProtocol protocol | ACME | s | X | 
| The protocol to use with the Certificate Authority. | |||
| MDCertificateStatus on|off | on | s | X | 
| Exposes public certificate information in JSON. | |||
| MDChallengeDns01 path-to-command | s | X | |
| - | |||
| MDContactEmail address | s | X | |
| - | |||
| MDDriveMode always|auto|manual | auto | s | X | 
| former name of MDRenewMode. | |||
| MDExternalAccountBinding key-id hmac-64 | none | file | none | s | X | 
| - | |||
| MDHttpProxy url | s | X | |
| Define a proxy for outgoing connections. | |||
| MDMember hostname | s | X | |
| Additional hostname for the managed domain. | |||
| MDMembers auto|manual | auto | s | X | 
| Control if the alias domain names are automatically added. | |||
| MDMessageCmd path-to-cmd optional-args | s | X | |
| Handle events for Manage Domains | |||
| MDMustStaple on|off | off | s | X | 
| Control if new certificates carry the OCSP Must Staple flag. | |||
| MDNotifyCmd path [ args ] | s | X | |
| Run a program when a Managed Domain is ready. | |||
| MDomain dns-name [ other-dns-name... ] [auto|manual] | s | X | |
| Define list of domain names that belong to one group. | |||
| <MDomainSet dns-name [ other-dns-name... ]>...</MDomainSet> | s | X | |
| Container for directives applied to the same managed domains. | |||
| MDPortMap map1 [ map2 ] | http:80 https:443 | s | X | 
| Map external to internal ports for domain ownership verification. | |||
| MDPrivateKeys type [ params... ] | RSA 2048 | s | X | 
| Set type and size of the private keys generated. | |||
| MDRenewMode always|auto|manual | auto | s | X | 
| Controls if certificates shall be renewed. | |||
| MDRenewWindow duration | 33% | s | X | 
| Control when a certificate will be renewed. | |||
| MDRequireHttps off|temporary|permanent | off | s | X | 
| Redirects http: traffic to https: for Managed Domains. | |||
| MDRetryDelay duration | 5s | s | X | 
| - | |||
| MDRetryFailover number | 13 | s | X | 
| - | |||
| MDServerStatus on|off | on | s | X | 
| Control if Managed Domain information is added to server-status. | |||
| MDStapleOthers on|off | on | s | X | 
| Enable stapling for certificates not managed by mod_md. | |||
| MDStapling on|off | off | s | X | 
| Enable stapling for all or a particular MDomain. | |||
| MDStaplingKeepResponse duration | 7d | s | X | 
| Controls when old responses should be removed. | |||
| MDStaplingRenewWindow duration | 33% | s | X | 
| Control when the stapling responses will be renewed. | |||
| MDStoreDir path | md | s | X | 
| Path on the local file system to store the Managed Domains data. | |||
| MDStoreLocks on|off|duration | off | s | X | 
| - | |||
| MDWarnWindow duration | 10% | s | X | 
| Define the time window when you want to be warned about an expiring certificate. | |||
| MemcacheConnTTL num[units] | 15s | sv | E | 
| Keepalive time for idle connections | |||
| MergeSlashes ON|OFF | ON | sv | C | 
| Controls whether the server merges consecutive slashes in URLs. | |||
| MergeTrailers [on|off] | off | sv | C | 
| Determines whether trailers are merged into headers | |||
| MetaDir directory | .web | svdh | E | 
| Name of the directory to find CERN-style meta information files | |||
| MetaFiles on|off | off | svdh | E | 
| Activates CERN meta-file processing | |||
| MetaSuffix suffix | .meta | svdh | E | 
| File name suffix for the file containing CERN-style meta information | |||
| MimeMagicFile file-path | sv | E | |
| Enable MIME-type determination based on file contents using the specified magic file | |||
| MinSpareServers number | 5 | s | M | 
| Minimum number of idle child server processes | |||
| MinSpareThreads number | s | M | |
| Minimum number of idle threads available to handle request spikes | |||
| MMapFile file-path [file-path] ... | s | X | |
| Map a list of files into memory at startup time | |||
| ModemStandard V.21|V.26bis|V.32|V.34|V.92 | d | X | |
| Modem standard to simulate | |||
| ModMimeUsePathInfo On|Off | Off | d | B | 
| Tells mod_mimeto treatpath_infocomponents as part of the filename | |||
| MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers [Handlers|Filters] | NegotiatedOnly | svdh | B | 
| The types of files that will be included when searching for a matching file with MultiViews | |||
| Mutex mechanism [default|mutex-name] ... [OmitPID] | default | s | C | 
| Configures mutex mechanism and lock file directory for all or specified mutexes | |||
| NameVirtualHost addr[:port] | s | C | |
| DEPRECATED: Designates an IP address for name-virtual hosting | |||
| NoProxy host [host] ... | sv | E | |
| Hosts, domains, or networks that will be connected to directly | |||
| NWSSLTrustedCerts filename [filename] ... | s | B | |
| List of additional client certificates | |||
| NWSSLUpgradeable [IP-address:]portnumber | s | B | |
| Allows a connection to be upgraded to an SSL connection upon request | |||
| Options [+|-]option [[+|-]option] ... | FollowSymlinks | svdh | C | 
| Configures what features are available in a particular directory | |||
| Order ordering | Deny,Allow | dh | E | 
| Controls the default access state and the order in which AllowandDenyare
evaluated. | |||
| OutputSed sed-command | dh | X | |
| Sed command for filtering response content | |||
| PassEnv env-variable [env-variable] ... | svdh | B | |
| Passes environment variables from the shell | |||
| PidFile filename | logs/httpd.pid | s | M | 
| File where the server records the process ID of the daemon | |||
| PrivilegesMode FAST|SECURE|SELECTIVE | FAST | svd | X | 
| Trade off processing speed and efficiency vs security against malicious privileges-aware code. | |||
| Protocol protocol | sv | C | |
| Protocol for a listening socket | |||
| ProtocolEcho On|Off | Off | sv | X | 
| Turn the echo server on or off | |||
| Protocols protocol ... | http/1.1 | sv | C | 
| Protocols available for a server/virtual host | |||
| ProtocolsHonorOrder On|Off | On | sv | C | 
| Determines if order of Protocols determines precedence during negotiation | |||
| <Proxy wildcard-url> ...</Proxy> | sv | E | |
| Container for directives applied to proxied resources | |||
| Proxy100Continue Off|On | On | svd | E | 
| Forward 100-continue expectation to the origin server | |||
| ProxyAddHeaders Off|On | On | svd | E | 
| Add proxy information in X-Forwarded-* headers | |||
| ProxyBadHeader IsError|Ignore|StartBody | IsError | sv | E | 
| Determines how to handle bad header lines in a response | |||
| ProxyBlock *|word|host|domain [word|host|domain] ... | sv | E | |
| Words, hosts, or domains that are banned from being proxied | |||
| ProxyDomain Domain | sv | E | |
| Default domain name for proxied requests | |||
| ProxyErrorOverride Off|On [code ...] | Off | svd | E | 
| Override error pages for proxied content | |||
| ProxyExpressDBMFile pathname | sv | E | |
| Pathname to DBM file. | |||
| ProxyExpressDBMType type | default | sv | E | 
| DBM type of file. | |||
| ProxyExpressEnable on|off | off | sv | E | 
| Enable the module functionality. | |||
| ProxyFCGIBackendType FPM|GENERIC | FPM | svdh | E | 
| Specify the type of backend FastCGI application | |||
| ProxyFCGISetEnvIf conditional-expression [!]environment-variable-name [value-expression] | svdh | E | |
| Allow variables sent to FastCGI servers to be fixed up | |||
| ProxyFtpDirCharset character_set | ISO-8859-1 | svd | E | 
| Define the character set for proxied FTP listings | |||
| ProxyFtpEscapeWildcards on|off | on | svd | E | 
| Whether wildcards in requested filenames are escaped when sent to the FTP server | |||
| ProxyFtpListOnWildcard on|off | on | svd | E | 
| Whether wildcards in requested filenames trigger a file listing | |||
| ProxyHCExpr name {ap_expr expression} | sv | E | |
| Creates a named condition expression to use to determine health of the backend based on its response | |||
| ProxyHCTemplate name parameter=setting [...] | sv | E | |
| Creates a named template for setting various health check parameters | |||
| ProxyHCTPsize size | 16 | s | E | 
| Sets the total server-wide size of the threadpool used for the health check workers | |||
| ProxyHTMLBufSize bytes | 8192 | svd | B | 
| Sets the buffer size increment for buffering inline scripts and stylesheets. | |||
| ProxyHTMLCharsetOut Charset | * | svd | B | |
| Specify a charset for mod_proxy_html output. | |||
| ProxyHTMLDocType HTML|XHTML [Legacy] OR ProxyHTMLDocType fpi [SGML|XML] | svd | B | |
| Sets an HTML or XHTML document type declaration. | |||
| ProxyHTMLEnable On|Off | Off | svd | B | 
| Turns the proxy_html filter on or off. | |||
| ProxyHTMLEvents attribute [attribute ...] | svd | B | |
| Specify attributes to treat as scripting events. | |||
| ProxyHTMLExtended On|Off | Off | svd | B | 
| Determines whether to fix links in inline scripts, stylesheets, and scripting events. | |||
| ProxyHTMLFixups [lowercase] [dospath] [reset] | svd | B | |
| Fixes for simple HTML errors. | |||
| ProxyHTMLInterp On|Off | Off | svd | B | 
| Enables per-request interpolation of ProxyHTMLURLMaprules. | |||
| ProxyHTMLLinks element attribute [attribute2 ...] | svd | B | |
| Specify HTML elements that have URL attributes to be rewritten. | |||
| ProxyHTMLMeta On|Off | Off | svd | B | 
| Turns on or off extra pre-parsing of metadata in HTML <head>sections. | |||
| ProxyHTMLStripComments On|Off | Off | svd | B | 
| Determines whether to strip HTML comments. | |||
| ProxyHTMLURLMap from-pattern to-pattern [flags] [cond] | svd | B | |
| Defines a rule to rewrite HTML links | |||
| ProxyIOBufferSize bytes | 8192 | sv | E | 
| Determine size of internal data throughput buffer | |||
| <ProxyMatch regex> ...</ProxyMatch> | sv | E | |
| Container for directives applied to regular-expression-matched proxied resources | |||
| ProxyMaxForwards number | -1 | sv | E | 
| Maximum number of proxies that a request can be forwarded through | |||
| ProxyPass [path] !|url [key=value [key=value ...]] [nocanon] [interpolate] [noquery] | svd | E | |
| Maps remote servers into the local server URL-space | |||
| ProxyPassInherit On|Off | On | sv | E | 
| Inherit ProxyPass directives defined from the main server | |||
| ProxyPassInterpolateEnv On|Off | Off | svd | E | 
| Enable Environment Variable interpolation in Reverse Proxy configurations | |||
| ProxyPassMatch [regex] !|url [key=value [key=value ...]] | svd | E | |
| Maps remote servers into the local server URL-space using regular expressions | |||
| ProxyPassReverse [path] url [interpolate] | svd | E | |
| Adjusts the URL in HTTP response headers sent from a reverse proxied server | |||
| ProxyPassReverseCookieDomain internal-domain public-domain [interpolate] | svd | E | |
| Adjusts the Domain string in Set-Cookie headers from a reverse- proxied server | |||
| ProxyPassReverseCookiePath internal-path public-path [interpolate] | svd | E | |
| Adjusts the Path string in Set-Cookie headers from a reverse- proxied server | |||
| ProxyPreserveHost On|Off | Off | svd | E | 
| Use incoming Host HTTP request header for proxy request | |||
| ProxyReceiveBufferSize bytes | 0 | sv | E | 
| Network buffer size for proxied HTTP and FTP connections | |||
| ProxyRemote match remote-server | sv | E | |
| Remote proxy used to handle certain requests | |||
| ProxyRemoteMatch regex remote-server | sv | E | |
| Remote proxy used to handle requests matched by regular expressions | |||
| ProxyRequests On|Off | Off | sv | E | 
| Enables forward (standard) proxy requests | |||
| ProxySCGIInternalRedirect On|Off|Headername | On | svd | E | 
| Enable or disable internal redirect responses from the backend | |||
| ProxySCGISendfile On|Off|Headername | Off | svd | E | 
| Enable evaluation of X-Sendfile pseudo response header | |||
| ProxySet url key=value [key=value ...] | svd | E | |
| Set various Proxy balancer or member parameters | |||
| ProxySourceAddress address | sv | E | |
| Set local IP address for outgoing proxy connections | |||
| ProxyStatus Off|On|Full | Off | sv | E | 
| Show Proxy LoadBalancer status in mod_status | |||
| ProxyTimeout seconds | sv | E | |
| Network timeout for proxied requests | |||
| ProxyVia On|Off|Full|Block | Off | sv | E | 
| Information provided in the ViaHTTP response
header for proxied requests | |||
| ProxyWebsocketFallbackToProxyHttp On|Off | On | sv | E | 
| Instructs this module to let mod_proxy_httphandle the request | |||
| QualifyRedirectURL On|Off | Off | svd | C | 
| Controls whether the REDIRECT_URL environment variable is fully qualified | |||
| ReadBufferSize bytes | 8192 | svd | C | 
| Size of the buffers used to read data | |||
| ReadmeName filename | svdh | B | |
| Name of the file that will be inserted at the end of the index listing | |||
| ReceiveBufferSize bytes | 0 | s | M | 
| TCP receive buffer size | |||
| Redirect [status] [URL-path] URL | svdh | B | |
| Sends an external redirect asking the client to fetch a different URL | |||
| RedirectMatch [status] regex URL | svdh | B | |
| Sends an external redirect based on a regular expression match of the current URL | |||
| RedirectPermanent URL-path URL | svdh | B | |
| Sends an external permanent redirect asking the client to fetch a different URL | |||
| RedirectTemp URL-path URL | svdh | B | |
| Sends an external temporary redirect asking the client to fetch a different URL | |||
| RedisConnPoolTTL num[units] | 15s | sv | E | 
| TTL used for the connection pool with the Redis server(s) | |||
| RedisTimeout num[units] | 5s | sv | E | 
| R/W timeout used for the connection with the Redis server(s) | |||
| ReflectorHeader inputheader [outputheader] | svdh | B | |
| Reflect an input header to the output headers | |||
| RegexDefaultOptions [none] [+|-]option [[+|-]option] ... | DOTALL DOLLAR_ENDON + | s | C | 
| Allow to configure global/default options for regexes | |||
| RegisterHttpMethod method [method [...]] | s | C | |
| Register non-standard HTTP methods | |||
| RemoteIPHeader header-field | sv | B | |
| Declare the header field which should be parsed for useragent IP addresses | |||
| RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ... | sv | B | |
| Declare client intranet IP addresses trusted to present the RemoteIPHeader value | |||
| RemoteIPInternalProxyList filename | sv | B | |
| Declare client intranet IP addresses trusted to present the RemoteIPHeader value | |||
| RemoteIPProxiesHeader HeaderFieldName | sv | B | |
| Declare the header field which will record all intermediate IP addresses | |||
| RemoteIPProxyProtocol On|Off | sv | B | |
| Enable or disable PROXY protocol handling | |||
| RemoteIPProxyProtocolExceptions host|range [host|range] [host|range] | sv | B | |
| Disable processing of PROXY header for certain hosts or networks | |||
| RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ... | sv | B | |
| Declare client intranet IP addresses trusted to present the RemoteIPHeader value | |||
| RemoteIPTrustedProxyList filename | sv | B | |
| Declare client intranet IP addresses trusted to present the RemoteIPHeader value | |||
| RemoveCharset extension [extension] ... | vdh | B | |
| Removes any character set associations for a set of file extensions | |||
| RemoveEncoding extension [extension] ... | vdh | B | |
| Removes any content encoding associations for a set of file extensions | |||
| RemoveHandler extension [extension] ... | vdh | B | |
| Removes any handler associations for a set of file extensions | |||
| RemoveInputFilter extension [extension] ... | vdh | B | |
| Removes any input filter associations for a set of file extensions | |||
| RemoveLanguage extension [extension] ... | vdh | B | |
| Removes any language associations for a set of file extensions | |||
| RemoveOutputFilter extension [extension] ... | vdh | B | |
| Removes any output filter associations for a set of file extensions | |||
| RemoveType extension [extension] ... | vdh | B | |
| Removes any content type associations for a set of file extensions | |||
| RequestHeader add|append|edit|edit*|merge|set|setifempty|unset header [[expr=]value [replacement] [early|env=[!]varname|expr=expression]] | svdh | E | |
| Configure HTTP request headers | |||
| RequestReadTimeout [handshake=timeout[-maxtimeout][,MinRate=rate] [header=timeout[-maxtimeout][,MinRate=rate] [body=timeout[-maxtimeout][,MinRate=rate] | handshake=0 header= + | sv | E | 
| Set timeout values for completing the TLS handshake, receiving the request headers and/or body from client. | |||
| Require [not] entity-name [entity-name] ... | dh | B | |
| Tests whether an authenticated user is authorized by an authorization provider. | |||
| <RequireAll> ... </RequireAll> | dh | B | |
| Enclose a group of authorization directives of which none must fail and at least one must succeed for the enclosing directive to succeed. | |||
| <RequireAny> ... </RequireAny> | dh | B | |
| Enclose a group of authorization directives of which one must succeed for the enclosing directive to succeed. | |||
| <RequireNone> ... </RequireNone> | dh | B | |
| Enclose a group of authorization directives of which none must succeed for the enclosing directive to not fail. | |||
| RewriteBase URL-path | dh | E | |
| Sets the base URL for per-directory rewrites | |||
| RewriteCond TestString CondPattern [flags] | svdh | E | |
| Defines a condition under which rewriting will take place | |||
| RewriteEngine on|off | off | svdh | E | 
| Enables or disables runtime rewriting engine | |||
| RewriteMap MapName MapType:MapSource [MapTypeOptions] | sv | E | |
| Defines a mapping function for key-lookup | |||
| RewriteOptions Options | svdh | E | |
| Sets some special options for the rewrite engine | |||
| RewriteRule Pattern Substitution [flags] | svdh | E | |
| Defines rules for the rewriting engine | |||
| RLimitCPU seconds|max [seconds|max] | svdh | C | |
| Limits the CPU consumption of processes launched by Apache httpd children | |||
| RLimitMEM bytes|max [bytes|max] | svdh | C | |
| Limits the memory consumption of processes launched by Apache httpd children | |||
| RLimitNPROC number|max [number|max] | svdh | C | |
| Limits the number of processes that can be launched by processes launched by Apache httpd children | |||
| Satisfy Any|All | All | dh | E | 
| Interaction between host-level access control and user authentication | |||
| ScoreBoardFile file-path | logs/apache_runtime + | s | M | 
| Location of the file used to store coordination data for the child processes | |||
| Script method cgi-script | svd | B | |
| Activates a CGI script for a particular request method. | |||
| ScriptAlias [URL-path] file-path|directory-path | svd | B | |
| Maps a URL to a filesystem location and designates the target as a CGI script | |||
| ScriptAliasMatch regex file-path|directory-path | sv | B | |
| Maps a URL to a filesystem location using a regular expression and designates the target as a CGI script | |||
| ScriptInterpreterSource Registry|Registry-Strict|Script | Script | svdh | C | 
| Technique for locating the interpreter for CGI scripts | |||
| ScriptLog file-path | sv | B | |
| Location of the CGI script error logfile | |||
| ScriptLogBuffer bytes | 1024 | sv | B | 
| Maximum amount of PUT or POST requests that will be recorded in the scriptlog | |||
| ScriptLogLength bytes | 10385760 | sv | B | 
| Size limit of the CGI script logfile | |||
| ScriptSock file-path | cgisock | s | B | 
| The filename prefix of the socket to use for communication with the cgi daemon | |||
| SecureListen [IP-address:]portnumber Certificate-Name [MUTUAL] | s | B | |
| Enables SSL encryption for the specified port | |||
| SeeRequestTail On|Off | Off | s | C | 
| Determine if mod_status displays the first 63 characters of a request or the last 63, assuming the request itself is greater than 63 chars. | |||
| SendBufferSize bytes | 0 | s | M | 
| TCP buffer size | |||
| ServerAdmin email-address|URL | sv | C | |
| Email address that the server includes in error messages sent to the client | |||
| ServerAlias hostname [hostname] ... | v | C | |
| Alternate names for a host used when matching requests to name-virtual hosts | |||
| ServerLimit number | s | M | |
| Upper limit on configurable number of processes | |||
| ServerName [scheme://]domain-name|ip-address[:port] | sv | C | |
| Hostname and port that the server uses to identify itself | |||
| ServerPath URL-path | v | C | |
| Legacy URL pathname for a name-based virtual host that is accessed by an incompatible browser | |||
| ServerRoot directory-path | /usr/local/apache | s | C | 
| Base directory for the server installation | |||
| ServerSignature On|Off|EMail | Off | svdh | C | 
| Configures the footer on server-generated documents | |||
| ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full | Full | s | C | 
| Configures the ServerHTTP response
header | |||
| Session On|Off | Off | svdh | E | 
| Enables a session for the current directory or location | |||
| SessionCookieName name attributes | svdh | E | |
| Name and attributes for the RFC2109 cookie storing the session | |||
| SessionCookieName2 name attributes | svdh | E | |
| Name and attributes for the RFC2965 cookie storing the session | |||
| SessionCookieRemove On|Off | Off | svdh | E | 
| Control for whether session cookies should be removed from incoming HTTP headers | |||
| SessionCryptoCipher name | aes256 | svdh | X | 
| The crypto cipher to be used to encrypt the session | |||
| SessionCryptoDriver name [param[=value]] | s | X | |
| The crypto driver to be used to encrypt the session | |||
| SessionCryptoPassphrase secret [ secret ... ] | svdh | X | |
| The key used to encrypt the session | |||
| SessionCryptoPassphraseFile filename | svd | X | |
| File containing keys used to encrypt the session | |||
| SessionDBDCookieName name attributes | svdh | E | |
| Name and attributes for the RFC2109 cookie storing the session ID | |||
| SessionDBDCookieName2 name attributes | svdh | E | |
| Name and attributes for the RFC2965 cookie storing the session ID | |||
| SessionDBDCookieRemove On|Off | On | svdh | E | 
| Control for whether session ID cookies should be removed from incoming HTTP headers | |||
| SessionDBDDeleteLabel label | deletesession | svdh | E | 
| The SQL query to use to remove sessions from the database | |||
| SessionDBDInsertLabel label | insertsession | svdh | E | 
| The SQL query to use to insert sessions into the database | |||
| SessionDBDPerUser On|Off | Off | svdh | E | 
| Enable a per user session | |||
| SessionDBDSelectLabel label | selectsession | svdh | E | 
| The SQL query to use to select sessions from the database | |||
| SessionDBDUpdateLabel label | updatesession | svdh | E | 
| The SQL query to use to update existing sessions in the database | |||
| SessionEnv On|Off | Off | svdh | E | 
| Control whether the contents of the session are written to the HTTP_SESSION environment variable | |||
| SessionExclude path | svdh | E | |
| Define URL prefixes for which a session is ignored | |||
| SessionExpiryUpdateInterval interval | 0 (always update) | svdh | E | 
| Define the number of seconds a session's expiry may change without the session being updated | |||
| SessionHeader header | svdh | E | |
| Import session updates from a given HTTP response header | |||
| SessionInclude path | svdh | E | |
| Define URL prefixes for which a session is valid | |||
| SessionMaxAge maxage | 0 | svdh | E | 
| Define a maximum age in seconds for a session | |||
| SetEnv env-variable [value] | svdh | B | |
| Sets environment variables | |||
| SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ... | svdh | B | |
| Sets environment variables based on attributes of the request | |||
| SetEnvIfExpr expr [!]env-variable[=value] [[!]env-variable[=value]] ... | svdh | B | |
| Sets environment variables based on an ap_expr expression | |||
| SetEnvIfNoCase attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ... | svdh | B | |
| Sets environment variables based on attributes of the request without respect to case | |||
| SetHandler handler-name|none|expression | svdh | C | |
| Forces all matching files to be processed by a handler | |||
| SetInputFilter filter[;filter...] | svdh | C | |
| Sets the filters that will process client requests and POST input | |||
| SetOutputFilter filter[;filter...] | svdh | C | |
| Sets the filters that will process responses from the server | |||
| SSIEndTag tag | "-->" | sv | B | 
| String that ends an include element | |||
| SSIErrorMsg message | "[an error occurred + | svdh | B | 
| Error message displayed when there is an SSI error | |||
| SSIETag on|off | off | dh | B | 
| Controls whether ETags are generated by the server. | |||
| SSILastModified on|off | off | dh | B | 
| Controls whether Last-Modifiedheaders are generated by the
server. | |||
| SSILegacyExprParser on|off | off | dh | B | 
| Enable compatibility mode for conditional expressions. | |||
| SSIStartTag tag | "<!--#" | sv | B | 
| String that starts an include element | |||
| SSITimeFormat formatstring | "%A, %d-%b-%Y %H:%M + | svdh | B | 
| Configures the format in which date strings are displayed | |||
| SSIUndefinedEcho string | "(none)" | svdh | B | 
| String displayed when an unset variable is echoed | |||
| SSLCACertificateFile file-path | sv | E | |
| File of concatenated PEM-encoded CA Certificates for Client Auth | |||
| SSLCACertificatePath directory-path | sv | E | |
| Directory of PEM-encoded CA Certificates for Client Auth | |||
| SSLCADNRequestFile file-path | sv | E | |
| File of concatenated PEM-encoded CA Certificates for defining acceptable CA names | |||
| SSLCADNRequestPath directory-path | sv | E | |
| Directory of PEM-encoded CA Certificates for defining acceptable CA names | |||
| SSLCARevocationCheck chain|leaf|none [flags ...] | none | sv | E | 
| Enable CRL-based revocation checking | |||
| SSLCARevocationFile file-path | sv | E | |
| File of concatenated PEM-encoded CA CRLs for Client Auth | |||
| SSLCARevocationPath directory-path | sv | E | |
| Directory of PEM-encoded CA CRLs for Client Auth | |||
| SSLCertificateChainFile file-path | sv | E | |
| File of PEM-encoded Server CA Certificates | |||
| SSLCertificateFile file-path|certid | sv | E | |
| Server PEM-encoded X.509 certificate data file or token identifier | |||
| SSLCertificateKeyFile file-path|keyid | sv | E | |
| Server PEM-encoded private key file | |||
| SSLCipherSuite [protocol] cipher-spec | DEFAULT (depends on + | svdh | E | 
| Cipher Suite available for negotiation in SSL handshake | |||
| SSLCompression on|off | off | sv | E | 
| Enable compression on the SSL level | |||
| SSLCryptoDevice engine | builtin | s | E | 
| Enable use of a cryptographic hardware accelerator | |||
| SSLEngine on|off|optional | off | sv | E | 
| SSL Engine Operation Switch | |||
| SSLFIPS on|off | off | s | E | 
| SSL FIPS mode Switch | |||
| SSLHonorCipherOrder on|off | off | sv | E | 
| Option to prefer the server's cipher preference order | |||
| SSLInsecureRenegotiation on|off | off | sv | E | 
| Option to enable support for insecure renegotiation | |||
| SSLOCSPDefaultResponder uri | sv | E | |
| Set the default responder URI for OCSP validation | |||
| SSLOCSPEnable on|leaf|off | off | sv | E | 
| Enable OCSP validation of the client certificate chain | |||
| SSLOCSPNoverify on|off | off | sv | E | 
| skip the OCSP responder certificates verification | |||
| SSLOCSPOverrideResponder on|off | off | sv | E | 
| Force use of the default responder URI for OCSP validation | |||
| SSLOCSPProxyURL url | sv | E | |
| Proxy URL to use for OCSP requests | |||
| SSLOCSPResponderCertificateFile file | sv | E | |
| Set of trusted PEM encoded OCSP responder certificates | |||
| SSLOCSPResponderTimeout seconds | 10 | sv | E | 
| Timeout for OCSP queries | |||
| SSLOCSPResponseMaxAge seconds | -1 | sv | E | 
| Maximum allowable age for OCSP responses | |||
| SSLOCSPResponseTimeSkew seconds | 300 | sv | E | 
| Maximum allowable time skew for OCSP response validation | |||
| SSLOCSPUseRequestNonce on|off | on | sv | E | 
| Use a nonce within OCSP queries | |||
| SSLOpenSSLConfCmd command-name command-value | sv | E | |
| Configure OpenSSL parameters through its SSL_CONF API | |||
| SSLOptions [+|-]option ... | svdh | E | |
| Configure various SSL engine run-time options | |||
| SSLPassPhraseDialog type | builtin | s | E | 
| Type of pass phrase dialog for encrypted private keys | |||
| SSLProtocol [+|-]protocol ... | all -SSLv3 (up to 2 + | sv | E | 
| Configure usable SSL/TLS protocol versions | |||
| SSLProxyCACertificateFile file-path | svp | E | |
| File of concatenated PEM-encoded CA Certificates for Remote Server Auth | |||
| SSLProxyCACertificatePath directory-path | svp | E | |
| Directory of PEM-encoded CA Certificates for Remote Server Auth | |||
| SSLProxyCARevocationCheck chain|leaf|none | none | svp | E | 
| Enable CRL-based revocation checking for Remote Server Auth | |||
| SSLProxyCARevocationFile file-path | svp | E | |
| File of concatenated PEM-encoded CA CRLs for Remote Server Auth | |||
| SSLProxyCARevocationPath directory-path | svp | E | |
| Directory of PEM-encoded CA CRLs for Remote Server Auth | |||
| SSLProxyCheckPeerCN on|off | on | svp | E | 
| Whether to check the remote server certificate's CN field | |||
| SSLProxyCheckPeerExpire on|off | on | svp | E | 
| Whether to check if remote server certificate is expired | |||
| SSLProxyCheckPeerName on|off | on | svp | E | 
| Configure host name checking for remote server certificates | |||
| SSLProxyCipherSuite [protocol] cipher-spec | ALL:!ADH:RC4+RSA:+H + | svp | E | 
| Cipher Suite available for negotiation in SSL proxy handshake | |||
| SSLProxyEngine on|off | off | svp | E | 
| SSL Proxy Engine Operation Switch | |||
| SSLProxyMachineCertificateChainFile filename | svp | E | |
| File of concatenated PEM-encoded CA certificates to be used by the proxy for choosing a certificate | |||
| SSLProxyMachineCertificateFile filename | svp | E | |
| File of concatenated PEM-encoded client certificates and keys to be used by the proxy | |||
| SSLProxyMachineCertificatePath directory | svp | E | |
| Directory of PEM-encoded client certificates and keys to be used by the proxy | |||
| SSLProxyProtocol [+|-]protocol ... | all -SSLv3 (up to 2 + | svp | E | 
| Configure usable SSL protocol flavors for proxy usage | |||
| SSLProxyVerify level | none | svp | E | 
| Type of remote server Certificate verification | |||
| SSLProxyVerifyDepth number | 1 | svp | E | 
| Maximum depth of CA Certificates in Remote Server Certificate verification | |||
| SSLRandomSeed context source [bytes] | s | E | |
| Pseudo Random Number Generator (PRNG) seeding source | |||
| SSLRenegBufferSize bytes | 131072 | dh | E | 
| Set the size for the SSL renegotiation buffer | |||
| SSLRequire expression | dh | E | |
| Allow access only when an arbitrarily complex boolean expression is true | |||
| SSLRequireSSL | dh | E | |
| Deny access when SSL is not used for the HTTP request | |||
| SSLSessionCache type | none | s | E | 
| Type of the global/inter-process SSL Session Cache | |||
| SSLSessionCacheTimeout seconds | 300 | sv | E | 
| Number of seconds before an SSL session expires in the Session Cache | |||
| SSLSessionTicketKeyFile file-path | sv | E | |
| Persistent encryption/decryption key for TLS session tickets | |||
| SSLSessionTickets on|off | on | sv | E | 
| Enable or disable use of TLS session tickets | |||
| SSLSRPUnknownUserSeed secret-string | sv | E | |
| SRP unknown user seed | |||
| SSLSRPVerifierFile file-path | sv | E | |
| Path to SRP verifier file | |||
| SSLStaplingCache type | s | E | |
| Configures the OCSP stapling cache | |||
| SSLStaplingErrorCacheTimeout seconds | 600 | sv | E | 
| Number of seconds before expiring invalid responses in the OCSP stapling cache | |||
| SSLStaplingFakeTryLater on|off | on | sv | E | 
| Synthesize "tryLater" responses for failed OCSP stapling queries | |||
| SSLStaplingForceURL uri | sv | E | |
| Override the OCSP responder URI specified in the certificate's AIA extension | |||
| SSLStaplingResponderTimeout seconds | 10 | sv | E | 
| Timeout for OCSP stapling queries | |||
| SSLStaplingResponseMaxAge seconds | -1 | sv | E | 
| Maximum allowable age for OCSP stapling responses | |||
| SSLStaplingResponseTimeSkew seconds | 300 | sv | E | 
| Maximum allowable time skew for OCSP stapling response validation | |||
| SSLStaplingReturnResponderErrors on|off | on | sv | E | 
| Pass stapling related OCSP errors on to client | |||
| SSLStaplingStandardCacheTimeout seconds | 3600 | sv | E | 
| Number of seconds before expiring responses in the OCSP stapling cache | |||
| SSLStrictSNIVHostCheck on|off | off | sv | E | 
| Whether to allow non-SNI clients to access a name-based virtual host. | |||
| SSLUserName varname | sdh | E | |
| Variable name to determine user name | |||
| SSLUseStapling on|off | off | sv | E | 
| Enable stapling of OCSP responses in the TLS handshake | |||
| SSLVerifyClient level | none | svdh | E | 
| Type of Client Certificate verification | |||
| SSLVerifyDepth number | 1 | svdh | E | 
| Maximum depth of CA Certificates in Client Certificate verification | |||
| StartServers number | s | M | |
| Number of child server processes created at startup | |||
| StartThreads number | s | M | |
| Number of threads created on startup | |||
| StrictHostCheck ON|OFF | OFF | sv | C | 
| Controls whether the server requires the requested hostname be listed enumerated in the virtual host handling the request | |||
| Substitute s/pattern/substitution/[infq] | dh | E | |
| Pattern to filter the response content | |||
| SubstituteInheritBefore on|off | off | dh | E | 
| Change the merge order of inherited patterns | |||
| SubstituteMaxLineLength bytes(b|B|k|K|m|M|g|G) | 1m | dh | E | 
| Set the maximum line size | |||
| Suexec On|Off | s | B | |
| Enable or disable the suEXEC feature | |||
| SuexecUserGroup User Group | sv | E | |
| User and group for CGI programs to run as | |||
| ThreadLimit number | s | M | |
| Sets the upper limit on the configurable number of threads per child process | |||
| ThreadsPerChild number | s | M | |
| Number of threads created by each child process | |||
| ThreadStackSize size | s | M | |
| The size in bytes of the stack used by threads handling client connections | |||
| TimeOut seconds | 60 | sv | C | 
| Amount of time the server will wait for certain events before failing a request | |||
| TLSCertificate cert_file [key_file] | sv | X | |
| adds a certificate and key (PEM encoded) to a server/virtual host. | |||
| TLSCiphersPrefer cipher(-list) | sv | X | |
| defines ciphers that are preferred. | |||
| TLSCiphersSuppress cipher(-list) | sv | X | |
| defines ciphers that are not to be used. | |||
| TLSEngine [address:]port | s | X | |
| defines on which address+port the module shall handle incoming connections. | |||
| TLSHonorClientOrder on|off | on | sv | X | 
| determines if the order of ciphers supported by the client is honored | |||
| TLSOptions [+|-]option | svdh | X | |
| enables SSL variables for requests. | |||
| TLSProtocol version+ | v1.2+ | sv | X | 
| specifies the minimum version of the TLS protocol to use. | |||
| TLSProxyCA file.pem | svp | X | |
| sets the root certificates to validate the backend server with. | |||
| TLSProxyCiphersPrefer cipher(-list) | svp | X | |
| defines ciphers that are preferred for a proxy connection. | |||
| TLSProxyCiphersSuppress cipher(-list) | svp | X | |
| defines ciphers that are not to be used for a proxy connection. | |||
| TLSProxyEngine on|off | svp | X | |
| enables TLS for backend connections. | |||
| TLSProxyMachineCertificate cert_file [key_file] | svp | X | |
| adds a certificate and key file (PEM encoded) to a proxy setup. | |||
| TLSProxyProtocol version+ | v1.2+ | svp | X | 
| specifies the minimum version of the TLS protocol to use in proxy connections. | |||
| TLSSessionCache cache-spec | s | X | |
| specifies the cache for TLS session resumption. | |||
| TLSStrictSNI on|off | on | s | X | 
| enforces exact matches of client server indicators (SNI) against host names. | |||
| TraceEnable [on|off|extended] | on | sv | C | 
| Determines the behavior on TRACErequests | |||
| TransferLog file|pipe | sv | B | |
| Specify location of a log file | |||
| TypesConfig file-path | conf/mime.types | s | B | 
| The location of the mime.typesfile | |||
| UnDefine parameter-name | s | C | |
| Undefine the existence of a variable | |||
| UndefMacro name | svd | B | |
| Undefine a macro | |||
| UnsetEnv env-variable [env-variable] ... | svdh | B | |
| Removes variables from the environment | |||
| Use name [value1 ... valueN] | svd | B | |
| Use a macro | |||
| UseCanonicalName On|Off|DNS | Off | svd | C | 
| Configures how the server determines its own name and port | |||
| UseCanonicalPhysicalPort On|Off | Off | svd | C | 
| Configures how the server determines its own port | |||
| User unix-userid | #-1 | s | B | 
| The userid under which the server will answer requests | |||
| UserDir directory-filename [directory-filename] ... | sv | B | |
| Location of the user-specific directories | |||
| VHostCGIMode On|Off|Secure | On | v | X | 
| Determines whether the virtualhost can run subprocesses, and the privileges available to subprocesses. | |||
| VHostCGIPrivs [+-]?privilege-name [[+-]?privilege-name] ... | v | X | |
| Assign arbitrary privileges to subprocesses created by a virtual host. | |||
| VHostGroup unix-groupid | v | X | |
| Sets the Group ID under which a virtual host runs. | |||
| VHostPrivs [+-]?privilege-name [[+-]?privilege-name] ... | v | X | |
| Assign arbitrary privileges to a virtual host. | |||
| VHostSecure On|Off | On | v | X | 
| Determines whether the server runs with enhanced security for the virtualhost. | |||
| VHostUser unix-userid | v | X | |
| Sets the User ID under which a virtual host runs. | |||
| VirtualDocumentRoot interpolated-directory|none | none | sv | E | 
| Dynamically configure the location of the document root for a given virtual host | |||
| VirtualDocumentRootIP interpolated-directory|none | none | sv | E | 
| Dynamically configure the location of the document root for a given virtual host | |||
| <VirtualHost addr[:port] [addr[:port]] ...> ... </VirtualHost> | s | C | |
| Contains directives that apply only to a specific hostname or IP address | |||
| VirtualScriptAlias interpolated-directory|none | none | sv | E | 
| Dynamically configure the location of the CGI directory for a given virtual host | |||
| VirtualScriptAliasIP interpolated-directory|none | none | sv | E | 
| Dynamically configure the location of the CGI directory for a given virtual host | |||
| WatchdogInterval time-interval[s] | 1 | s | B | 
| Watchdog interval in seconds | |||
| XBitHack on|off|full | off | svdh | B | 
| Parse SSI directives in files with the execute bit set | |||
| xml2EncAlias charset alias [alias ...] | s | B | |
| Recognise Aliases for encoding values | |||
| xml2EncDefault name | svdh | B | |
| Sets a default encoding to assume when absolutely no information can be automatically detected | |||
| xml2StartParse element [element ...] | svdh | B | |
| Advise the parser to skip leading junk. | |||