KeepAliveTimeout directive
Syntax: KeepAliveTimeout seconds
Default: KeepAliveTimeout 15
Context: server config
Status: Core
Compatibility: KeepAliveTimeout is only available in Apache 1.1 and later.
The number of seconds Apache will wait for a subsequent request before closing the connection. Once a request has been received, the timeout value specified by the Timeout directive applies.
--------------------------------------------------------------------------------
<Limit> directive
Syntax: <Limit method method ... > ... </Limit>
Context: any
Status: core
Access controls are normally effective for all access methods, and this is the usual desired behaviour. In the general case, access control directives should not be placed within a <limit> section.
The purpose of the <Limit> directive is to restrict the effect of the access controls to the nominated HTTP methods. For all other methods, the access restrictions that are enclosed in the <Limit> bracket will have no effect. The following example applies the access control only to the methods POST, PUT, and DELETE, leaving all other methods unprotected:
<Limit POST PUT DELETE>
require valid-user
</Limit>
The method names listed can be one or more of: GET, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. The method name is case-sensitive. If GET is used it will also restrict HEAD requests.
--------------------------------------------------------------------------------
<LimitExcept> directive
Syntax: <LimitExcept method method ... > ... </LimitExcept>
Context: any
Status: core
Compatibility: Available in Apache 1.3.5 and later
<LimitExcept> and </LimitExcept> are used to enclose a group of access control directives which will then apply to any HTTP access method not listed in the arguments; i.e., it is the opposite of a <Limit> section and can be used to control both standard and nonstandard/unrecognized methods. See the documentation for <Limit> for more details.
--------------------------------------------------------------------------------
LimitRequestBody directive
Syntax: LimitRequestBody number
Default: LimitRequestBody 0
Context: server config, virtual host, directory, .htaccess
Status: core
Compatibility: LimitRequestBody is only available in Apache 1.3.2 and later.
Number is a long integer from 0 (meaning unlimited) to 2147483647 (2GB). The default value is defined by the compile-time constant DEFAULT_LIMIT_REQUEST_BODY (0 as distributed).
The LimitRequestBody directive allows the user to set a limit on the allowed size of an HTTP request message body within the context in which the directive is given (server, per-directory, per-file or per-location). If the client request exceeds that limit, the server will return an error response instead of servicing the request. The size of a normal request message body will vary greatly depending on the nature of the resource and the methods allowed on that resource. CGI scripts typically use the message body for passing form information to the server. Implementations of the PUT method will require a value at least as large as any representation that the server wishes to accept for that resource.
This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.
--------------------------------------------------------------------------------
LimitRequestFields directive
Syntax: LimitRequestFields number
Default: LimitRequestFields 100
Context: server config
Status: core
Compatibility: LimitRequestFields is only available in Apache 1.3.2 and later.
Number is an integer from 0 (meaning unlimited) to 32767. The default value is defined by the compile-time constant DEFAULT_LIMIT_REQUEST_FIELDS (100 as distributed).
The LimitRequestFields directive allows the server administrator to modify the limit on the number of request header fields allowed in an HTTP request. A server needs this value to be larger than the number of fields that a normal client request might include. The number of request header fields used by a client rarely exceeds 20, but this may vary among different client implementations, often depending upon the extent to which a user has configured their browser to support detailed content negotiation. Optional HTTP extensions are often expressed using request header fields.
This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request.
--------------------------------------------------------------------------------
LimitRequestFieldsize directive
Syntax: LimitRequestFieldsize number
Default: LimitRequestFieldsize 8190
Context: server config
Status: core
Compatibility: LimitRequestFieldsize is only available in Apache 1.3.2 and later.
Number is an integer size in bytes from 0 to the value of the compile-time constant DEFAULT_LIMIT_REQUEST_FIELDSIZE (8190 as distributed).
The LimitRequestFieldsize directive allows the server administrator to reduce the limit on the allowed size of an HTTP request header field below the normal input buffer size compiled with the server. A server needs this value to be large enough to hold any one header field from a normal client request. The size of a normal request header field will vary greatly among different client implementations, often depending upon the extent to which a user has configured their browser to support detailed content negotiation.
This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. Under normal conditions, the value should not be changed from the default.
--------------------------------------------------------------------------------
LimitRequestLine directive
Syntax: LimitRequestLine number
Default: LimitRequestLine 8190
Context: server config
Status: core
Compatibility: LimitRequestLine is only available in Apache 1.3.2 and later.
Number is an integer size in bytes from 0 to the value of the compile-time constant DEFAULT_LIMIT_REQUEST_LINE (8190 as distributed).
The LimitRequestLine directive allows the server administrator to reduce the limit on the allowed size of a client's HTTP request-line below the normal input buffer size compiled with the server. Since the request-line consists of the HTTP method, URI, and protocol version, the LimitRequestLine directive places a restriction on the length of a request-URI allowed for a request on the server. A server needs this value to be large enough to hold any of its resource names, including any information that might be passed in the query part of a GET request.
This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. Under normal conditions, the value should not be changed from the default.
--------------------------------------------------------------------------------
Listen directive
Syntax: Listen [IP address:]port number
Context: server config
Status: core
Compatibility: Listen is only available in Apache 1.1 and later.
The Listen directive instructs Apache to listen to more than one IP address or port; by default it responds to requests on all IP interfaces, but only on the port given by the Port directive.
Listen can be used instead of BindAddress and Port. It tells the server to accept incoming requests on the specified port or address-and-port combination. If the first format is used, with a port number only, the server listens to the given port on all interfaces, instead of the port given by the Port directive. If an IP address is given as well as a port, the server will listen on the given port and interface.
Note that you may still require a Port directive so that URLs that Apache generates that point to your server still work.
Multiple Listen directives may be used to specify a number of addresses and ports to listen to. The server will respond to requests from any of the listed addresses and ports.
For example, to make the server accept connections on both port 80 and port 8000, use:
Listen 80
Listen 8000
To make the server accept connections on two specified interfaces and port numbers, use
Listen 192.170.2.1:80
Listen 192.170.2.5:8000
See Also: DNS Issues
See Also: Setting which addresses and ports Apache uses
See Also: Known Bugs
--------------------------------------------------------------------------------
ListenBacklog directive
Syntax: ListenBacklog backlog
Default: ListenBacklog 511
Context: server config
Status: Core
Compatibility: ListenBacklog is only available in Apache versions after 1.2.0.
The maximum length of the queue of pending connections. Generally no tuning is needed or desired, however on some systems it is desirable to increase this when under a TCP SYN flood attack. See the backlog parameter to the listen(2) system call.
This will often be limited to a smaller number by the operating system. This varies from OS to OS. Also note that many OSes do not use exactly what is specified as the backlog, but use a number based on (but normally larger than) what is set.