日期:2011-02-11  浏览次数:20571 次

<FilesMatch>
Syntax: <FilesMatch regex> ... </FilesMatch>
Context: server config, virtual host, .htaccess
Status: core
Compatibility: only available in Apache 1.3 and above.

The <FilesMatch> directive provides for access control by filename, just as the <Files> directive does. However, it accepts a regular expression. For example:

   <FilesMatch "\.(gif|jpe?g|png)$">

would match most common Internet graphics formats.

See also: How Directory, Location and Files sections work for an explanation of how these different sections are combined when a request is received
--------------------------------------------------------------------------------

Group directive
Syntax: Group unix-group
Default: Group #-1
Context: server config, virtual host
Status: core
The Group directive sets the group under which the server will answer requests. In order to use this directive, the stand-alone server must be run initially as root. Unix-group is one of:

A group name
Refers to the given group by name.
# followed by a group number.
Refers to a group by its number.
It is recommended that you set up a new group specifically for running the server. Some admins use user nobody, but this is not always possible or desirable.
Note: if you start the server as a non-root user, it will fail to change to the specified group, and will instead continue to run as the group of the original user.

Special note: Use of this directive in <VirtualHost> requires a properly configured suEXEC wrapper. When used inside a <VirtualHost> in this manner, only the group that CGIs are run as is affected. Non-CGI requests are still processed as the group specified in the main Group directive.

SECURITY: See User for a discussion of the security considerations.



--------------------------------------------------------------------------------

HostNameLookups directive
Syntax: HostNameLookups on | off | double
Default: HostNameLookups off
Context: server config, virtual host, directory
Status: core
Compatibility: double available only in Apache 1.3 and above.
Compatibility: Default was on prior to Apache 1.3.
This directive enables DNS lookups so that host names can be logged (and passed to CGIs/SSIs in REMOTE_HOST). The value double refers to doing double-reverse DNS. That is, after a reverse lookup is performed, a forward lookup is then performed on that result. At least one of the ip addresses in the forward lookup must match the original address. (In "tcpwrappers" terminology this is called PARANOID.)

Regardless of the setting, when mod_access is used for controlling access by hostname, a double reverse lookup will be performed. This is necessary for security. Note that the result of this double-reverse isn't generally available unless you set HostnameLookups double. For example, if only HostnameLookups on and a request is made to an object that is protected by hostname restrictions, regardless of whether the double-reverse fails or not, CGIs will still be passed the single-reverse result in REMOTE_HOST.

The default for this directive was previously on in versions of Apache prior to 1.3. It was changed to off in order to save the network traffic for those sites that don't truly need the reverse lookups done. It is also better for the end users because they don't have to suffer the extra latency that a lookup entails. Heavily loaded sites should leave this directive off, since DNS lookups can take considerable amounts of time. The utility logresolve, provided in the /support directory, can be used to look up host names from logged IP addresses offline.



--------------------------------------------------------------------------------

IdentityCheck directive<