diff options
Diffstat (limited to '')
| -rw-r--r-- | docs/manual/dns-caveats.html | 21 | ||||
| -rw-r--r-- | docs/manual/dns-caveats.html.en | 217 | ||||
| -rw-r--r-- | docs/manual/dns-caveats.html.fr.utf8 | 226 | ||||
| -rw-r--r-- | docs/manual/dns-caveats.html.ja.utf8 | 279 | ||||
| -rw-r--r-- | docs/manual/dns-caveats.html.ko.euc-kr | 253 | ||||
| -rw-r--r-- | docs/manual/dns-caveats.html.tr.utf8 | 207 |
6 files changed, 1203 insertions, 0 deletions
diff --git a/docs/manual/dns-caveats.html b/docs/manual/dns-caveats.html new file mode 100644 index 0000000..f4a35c2 --- /dev/null +++ b/docs/manual/dns-caveats.html @@ -0,0 +1,21 @@ +# GENERATED FROM XML -- DO NOT EDIT + +URI: dns-caveats.html.en +Content-Language: en +Content-type: text/html; charset=UTF-8 + +URI: dns-caveats.html.fr.utf8 +Content-Language: fr +Content-type: text/html; charset=UTF-8 + +URI: dns-caveats.html.ja.utf8 +Content-Language: ja +Content-type: text/html; charset=UTF-8 + +URI: dns-caveats.html.ko.euc-kr +Content-Language: ko +Content-type: text/html; charset=EUC-KR + +URI: dns-caveats.html.tr.utf8 +Content-Language: tr +Content-type: text/html; charset=UTF-8 diff --git a/docs/manual/dns-caveats.html.en b/docs/manual/dns-caveats.html.en new file mode 100644 index 0000000..ac35fe4 --- /dev/null +++ b/docs/manual/dns-caveats.html.en @@ -0,0 +1,217 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Issues Regarding DNS and Apache HTTP Server - Apache HTTP Server Version 2.4</title> +<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" /> +<script src="./style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="./images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="./images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Issues Regarding DNS and Apache HTTP Server</h1> +<div class="toplang"> +<p><span>Available Languages: </span><a href="./en/dns-caveats.html" title="English"> en </a> | +<a href="./fr/dns-caveats.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="./ja/dns-caveats.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | +<a href="./ko/dns-caveats.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="./tr/dns-caveats.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div> + + <p>This page could be summarized with the statement: don't + configure Apache HTTP Server in such a way that it relies on DNS resolution + for parsing of the configuration files. If httpd requires DNS + resolution to parse the configuration files then your server + may be subject to reliability problems (ie. it might not start up), + or denial and theft of service attacks (including virtual hosts able + to steal hits from other virtual hosts).</p> + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#example">A Simple Example</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#denial">Denial of Service</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#main">The "main server" Address</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#tips">Tips to Avoid These Problems</a></li> +</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="example" id="example">A Simple Example</a></h2> + + + <pre class="prettyprint lang-config"># This is a misconfiguration example, do not use on your server +<VirtualHost www.example.dom> + ServerAdmin webgirl@example.dom + DocumentRoot "/www/example" +</VirtualHost></pre> + + + <p>In order for the server to function properly, it absolutely needs + to have two pieces of information about each virtual host: the + <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> and at least one + IP address that the server will bind and respond to. The above + example does not include the IP address, so httpd must use DNS + to find the address of <code>www.example.dom</code>. If for some + reason DNS is not available at the time your server is parsing + its config file, then this virtual host <strong>will not be + configured</strong>. It won't be able to respond to any hits + to this virtual host.</p> + + <p>Suppose that <code>www.example.dom</code> has address 192.0.2.1. + Then consider this configuration snippet:</p> + + <pre class="prettyprint lang-config"># This is a misconfiguration example, do not use on your server +<VirtualHost 192.0.2.1> + ServerAdmin webgirl@example.dom + DocumentRoot "/www/example" +</VirtualHost></pre> + + + <p>This time httpd needs to use reverse DNS to find the + <code>ServerName</code> for this virtualhost. If that reverse + lookup fails then it will partially disable the virtualhost. + If the virtual host is name-based then it will effectively be + totally disabled, but if it is IP-based then it will mostly + work. However, if httpd should ever have to generate a full + URL for the server which includes the server name (such as when a + Redirect is issued), then it will fail to generate a valid URL.</p> + + <p>Here is a snippet that avoids both of these problems:</p> + + <pre class="prettyprint lang-config"><VirtualHost 192.0.2.1> + ServerName www.example.dom + ServerAdmin webgirl@example.dom + DocumentRoot "/www/example" +</VirtualHost></pre> + + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="denial" id="denial">Denial of Service</a></h2> + + + <p>Consider this configuration snippet:</p> + + <pre class="prettyprint lang-config"><VirtualHost www.example1.dom> + ServerAdmin webgirl@example1.dom + DocumentRoot "/www/example1" +</VirtualHost> +<VirtualHost www.example2.dom> + ServerAdmin webguy@example2.dom + DocumentRoot "/www/example2" +</VirtualHost></pre> + + + <p>Suppose that you've assigned 192.0.2.1 to + <code>www.example1.dom</code> and 192.0.2.2 to + <code>www.example2.dom</code>. Furthermore, suppose that + <code>example1.dom</code> has control of their own DNS. With this + config you have put <code>example1.dom</code> into a position where + they can steal all traffic destined to <code>example2.dom</code>. To + do so, all they have to do is set <code>www.example1.dom</code> to + 192.0.2.2. Since they control their own DNS you can't stop them + from pointing the <code>www.example1.dom</code> record wherever they + wish.</p> + + <p>Requests coming in to 192.0.2.2 (including all those where + users typed in URLs of the form + <code>http://www.example2.dom/whatever</code>) will all be served by + the <code>example1.dom</code> virtual host. To better understand why + this happens requires a more in-depth discussion of how httpd + matches up incoming requests with the virtual host that will + serve it. A rough document describing this <a href="vhosts/details.html">is available</a>.</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="main" id="main">The "main server" Address</a></h2> + + + <p><a href="vhosts/name-based.html">Name-based + virtual host support</a> requires httpd to know + the IP address(es) of the host that <code class="program"><a href="./programs/httpd.html">httpd</a></code> + is running on. To get this address it uses either the global + <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> + (if present) or calls the C function <code>gethostname</code> + (which should return the same as typing "hostname" at the + command prompt). Then it performs a DNS lookup on this address. + At present there is no way to avoid this lookup.</p> + + <p>If you fear that this lookup might fail because your DNS + server is down then you can insert the hostname in + <code>/etc/hosts</code> (where you probably already have it so + that the machine can boot properly). Then ensure that your + machine is configured to use <code>/etc/hosts</code> in the + event that DNS fails. Depending on what OS you are using this + might be accomplished by editing <code>/etc/resolv.conf</code>, + or maybe <code>/etc/nsswitch.conf</code>.</p> + + <p>If your server doesn't have to perform DNS for any other + reason then you might be able to get away with running httpd + with the <code>HOSTRESORDER</code> environment variable set to + "local". This all depends on what OS and resolver libraries you + are using. It also affects CGIs unless you use + <code class="module"><a href="./mod/mod_env.html">mod_env</a></code> to control the environment. It's best + to consult the man pages or FAQs for your OS.</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="tips" id="tips">Tips to Avoid These Problems</a></h2> + + + <ul> + <li> + use IP addresses in + <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> + </li> + + <li> + use IP addresses in + <code class="directive"><a href="./mod/mpm_common.html#listen">Listen</a></code> + </li> + + <li> + ensure all virtual hosts have an explicit + <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> + </li> + + <li>create a <code><VirtualHost _default_:*></code> + server that has no pages to serve</li> + </ul> + </div></div> +<div class="bottomlang"> +<p><span>Available Languages: </span><a href="./en/dns-caveats.html" title="English"> en </a> | +<a href="./fr/dns-caveats.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="./ja/dns-caveats.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | +<a href="./ko/dns-caveats.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="./tr/dns-caveats.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/dns-caveats.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossary</a> | <a href="./sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/dns-caveats.html.fr.utf8 b/docs/manual/dns-caveats.html.fr.utf8 new file mode 100644 index 0000000..082a639 --- /dev/null +++ b/docs/manual/dns-caveats.html.fr.utf8 @@ -0,0 +1,226 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Problèmes liés au DNS avec le serveur HTTP Apache - Serveur HTTP Apache Version 2.4</title> +<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" /> +<script src="./style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="./images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossaire</a> | <a href="./sitemap.html">Plan du site</a></p> +<p class="apache">Serveur HTTP Apache Version 2.4</p> +<img alt="" src="./images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">Serveur HTTP</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Problèmes liés au DNS avec le serveur HTTP Apache</h1> +<div class="toplang"> +<p><span>Langues Disponibles: </span><a href="./en/dns-caveats.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="./fr/dns-caveats.html" title="Français"> fr </a> | +<a href="./ja/dns-caveats.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | +<a href="./ko/dns-caveats.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="./tr/dns-caveats.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div> + + <p>Cette page pourrait se résumer ainsi : configurez le + serveur HTTP Apache de façon + à ce qu'il n'ait pas besoin de résolution DNS pour interpréter les + fichiers de configuration. Si httpd doit effectuer des résolutions + DNS pour interpréter les fichiers de configuration, votre serveur + pourra présenter des problèmes de fiabilité (en d'autres termes, + il est possible qu'il refuse de démarrer), ou d'attaques par déni ou + usurpation de service (y compris l'attribution de requêtes à un + serveur virtuel autre que le serveur virtuel voulu).</p> + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#example">Un exemple simple</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#denial">Déni de service</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#main">L'adresse du "serveur principal"</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#tips">Conseils pour éviter ce genre de problème</a></li> +</ul><h3>Voir aussi</h3><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="example" id="example">Un exemple simple</a></h2> + + + <pre class="prettyprint lang-config"># Ceci est un exemple de mauvaise configuration ; ne l'utilisez pas comme base +# de configuration +<VirtualHost www.example.dom> + ServerAdmin webgirl@example.dom + DocumentRoot "/www/example" +</VirtualHost></pre> + + + <p>Pour fonctionner correctement, le serveur a absolument besoin de deux + informations à propos de chaque serveur virtuel : le nom du serveur + défini par la directive <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code>, et au moins une adresse IP à + laquelle le serveur va se rattacher et répondre. L'exemple ci-dessus + ne comporte pas d'adresse IP, si bien que httpd devra utiliser le + DNS pour trouver l'adresse IP de <code>www.example.dom</code>. Si pour + une raison quelconque, le DNS n'est pas disponible au moment où + votre serveur interprète son fichier de configuration, ce serveur + virtuel <strong>ne sera pas pris en compte dans la + configuration</strong>. Il sera incapable de + répondre à toute requête pour ce serveur virtuel.</p> + + <p>Supposons que l'adresse de <code>www.example.dom</code> soit + 192.0.2.1, et examinons cet extrait de configuration :</p> + + <pre class="prettyprint lang-config"># Ceci est un exemple de mauvaise configuration ; ne l'utilisez pas comme base +# de configuration +<VirtualHost 192.0.2.1> + ServerAdmin webgirl@example.dom + DocumentRoot "/www/example" +</VirtualHost></pre> + + + <p>Cette fois, httpd doit effectuer une recherche DNS inverse pour + trouver le nom <code>ServerName</code> de ce serveur virtuel. Si + cette recherche inverse échoue, le serveur virtuel sera + partiellement désactivé. Si le serveur + virtuel est à base de nom, il sera en fait totalement désactivé, + mais s'il est à base d'adresse IP, il fonctionnera probablement. + Cependant, httpd échouera s'il doit générer une URL complète pour + le serveur qui inclut ce nom de serveur (comme dans le cas d'une + redirection).</p> + + <p>Voici un extrait de configuration qui permet d'éviter ces deux + types de problèmes :</p> + + <pre class="prettyprint lang-config"><VirtualHost 192.0.2.1> + ServerName www.example.dom + ServerAdmin webgirl@example.dom + DocumentRoot "/www/example" +</VirtualHost></pre> + + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="denial" id="denial">Déni de service</a></h2> + + + <p>Considérons cet extrait de configuration :</p> + + <pre class="prettyprint lang-config"><VirtualHost www.example1.dom> + ServerAdmin webgirl@example1.dom + DocumentRoot "/www/example1" +</VirtualHost> +<VirtualHost www.example2.dom> + ServerAdmin webguy@example2.dom + DocumentRoot "/www/example2" +</VirtualHost></pre> + + + <p>Supposons que vous ayez assigné 192.0.2.1 à + <code>www.example1.dom</code> et 192.0.2.2 à <code>www.example2.dom</code>. En + outre, supposons que <code>example1.dom</code> gère son propre DNS. Avec + cette configuration, <code>example1.dom</code> sera en mesure de + détourner tout trafic destiné à <code>example2.dom</code>. Pour y + parvenir, tout ce qu'ils ont à faire consiste à + assigner 192.0.2.2 à + <code>www.example1.dom</code>. Comme ils gèrent leur propre DNS, vous ne + pouvez pas les empêcher de faire pointer l'enregistrement + <code>www.example1.dom</code> vers l'adresse qu'ils veulent.</p> + + <p>Les requêtes à destination de 192.0.2.2 (y compris toutes celles + où l'utilisateur à tapé une URL de la forme + <code>http://www.example2.dom/quelquepart</code>), seront toutes servies + par le serveur virtuel <code>example1.dom</code>. Une meilleur + compréhension de la raison pour laquelle ceci peut se produire + nécessite une discussion plus approfondie à propos de la manière + dont httpd associe les requêtes entrantes aux différents serveurs + virtuels qui vont les servir. Un document de base décrivant ceci <a href="vhosts/details.html">est disponible</a>.</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="main" id="main">L'adresse du "serveur principal"</a></h2> + + + <p><a href="vhosts/name-based.html">Le support des + serveurs virtuels à base de nom</a> oblige httpd à + connaître la/les adresse(s) IP de l'hôte sur + lequel <code class="program"><a href="./programs/httpd.html">httpd</a></code> s'exécute. Pour obtenir cette + adresse, soit il utilise la directive <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> globale (si elle est présente), + soit il fait appel à la fonction C <code>gethostname</code> (qui + doit renvoyer le même nom que la commande shell "hostname"). Il + effectue ensuite une recherche DNS sur cette adresse. Pour le + moment, il n'existe aucun moyen d'éviter cette recherche DNS.</p> + + <p>Si vous craignez que cette recherche DNS échoue parce que votre + serveur DNS est arrêté, vous pouvez insérer le nom d'hôte dans le + fichier <code>/etc/hosts</code> (où il est probablement déjà + enregistré afin que la machine démarre correctement). Assurez-vous + ensuite que la machine est configurée pour utiliser + <code>/etc/hosts</code> dans le cas où la recherche DNS échoue. + Suivant le système d'exploitation que vous utilisez, vous y + parviendrez en éditant <code>/etc/resolv.conf</code>, ou + <code>/etc/nsswitch.conf</code>.</p> + + <p>Si votre serveur n'a aucune autre raison d'effectuer des + recherches DNS, vous pouvez définir la variable d'environnement + <code>HOSTRESORDER</code> à "local", et vous serez alors en mesure + d'exécuter httpd. Tout dépend du système d'exploitation et des + bibliothèques de résolution de noms que vous utilisez. Elle affecte + aussi les programmes CGI, à moins que vous n'utilisiez + <code class="module"><a href="./mod/mod_env.html">mod_env</a></code> pour contrôler l'environnement. Il est + conseillé de consulter les pages de manuel ou les FAQs de votre + système d'exploitation.</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="tips" id="tips">Conseils pour éviter ce genre de problème</a></h2> + + + <ul> + <li> + utilisez des adresses IP au sein des <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> + </li> + + <li> + utilisez des adresses IP avec la directive <code class="directive"><a href="./mod/mpm_common.html#listen">Listen</a></code> + </li> + + <li> + vérifiez que tous les serveurs virtuels possèdent un nom + <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> explicite + </li> + + <li>créez un serveur virtuel <code><VirtualHost + _default_:*></code> qui n'a aucune page à servir</li> + </ul> + </div></div> +<div class="bottomlang"> +<p><span>Langues Disponibles: </span><a href="./en/dns-caveats.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="./fr/dns-caveats.html" title="Français"> fr </a> | +<a href="./ja/dns-caveats.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | +<a href="./ko/dns-caveats.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="./tr/dns-caveats.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/dns-caveats.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="./mod/">Modules</a> | <a href="./mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossaire</a> | <a href="./sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/dns-caveats.html.ja.utf8 b/docs/manual/dns-caveats.html.ja.utf8 new file mode 100644 index 0000000..553a02d --- /dev/null +++ b/docs/manual/dns-caveats.html.ja.utf8 @@ -0,0 +1,279 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="ja" xml:lang="ja"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>DNS と Apache にまつわる注意事項 - Apache HTTP サーバ バージョン 2.4</title> +<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" /> +<script src="./style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="./images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="./mod/">モジュール</a> | <a href="./mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">用語</a> | <a href="./sitemap.html">サイトマップ</a></p> +<p class="apache">Apache HTTP サーバ バージョン 2.4</p> +<img alt="" src="./images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP サーバ</a> > <a href="http://httpd.apache.org/docs/">ドキュメンテーション</a> > <a href="./">バージョン 2.4</a></div><div id="page-content"><div id="preamble"><h1>DNS と Apache にまつわる注意事項</h1> +<div class="toplang"> +<p><span>翻訳済み言語: </span><a href="./en/dns-caveats.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="./fr/dns-caveats.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="./ja/dns-caveats.html" title="Japanese"> ja </a> | +<a href="./ko/dns-caveats.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="./tr/dns-caveats.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div> +<div class="outofdate">この日本語訳はすでに古くなっている + 可能性があります。 + 最近更新された内容を見るには英語版をご覧下さい。 + </div> + + <p>本文書の内容は次の一言に尽きます。「Apache が設定ファイルを読み込むときに + DNS を使用する必要がないようにして下さい」。Apache が設定ファイルを + 読み込むときに DNS を使用する必要がある場合、信頼性の問題 + (起動しないかもしれません) やサービス拒否や盗用アタック + (他のユーザからヒットを盗むことを含みます) + の問題に直面するかもしれません。</p> + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#example">簡単な例</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#denial">サービス拒否</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#main">「主サーバ」アドレス</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#tips">以上の問題を解決する方法</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#appendix">付録: 将来的な方向性</a></li> +</ul><h3>参照</h3><ul class="seealso"><li><a href="#comments_section">コメント</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="example" id="example">簡単な例</a></h2> + + + <div class="example"><p><code> + <VirtualHost www.abc.dom> <br /> + ServerAdmin webgirl@abc.dom <br /> + DocumentRoot /www/abc <br /> + </VirtualHost> + </code></p></div> + + <p>Apache が正常に機能するには、バーチャルホスト毎に必ず二つの + 情報が必要になります。それは、 + <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> + と、そのサーバが応答するための IP (最低一つ) です。 + 上記例では IP アドレスを含んでいませんので、Apache は DNS + を使用して <code>www.abc.dom</code> を見つけなければなりません。 + 何らかの理由で設定ファイルを読み込んでいるときに DNS + が利用できなかった場合、 + バーチャルホストは<strong>設定されません</strong>。 + そして、そのバーチャルホストに対するヒットには応答がなされません + (Apache 1.2 以前では起動すらしません)。</p> + + <p><code>www.abc.dom</code> のアドレスが 192.0.2.1 + だとします。では、次の設定について考えてみましょう。</p> + + <div class="example"><p><code> + <VirtualHost 192.0.2.1> <br /> + ServerAdmin webgirl@abc.dom <br /> + DocumentRoot /www/abc <br /> + </VirtualHost> + </code></p></div> + + <p>現在のリリースでは Apache は DNS 逆引きを使用して + このバーチャルホストの <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> + を見つけます。 + その逆引きが失敗した場合は部分的にバーチャルホストを無効にします + (Apache 1.2 より前では起動すらしません)。 + バーチャルホストが名前ベースであれば完全に無効になりますが、 + IP ベースであれば概ね動作します。しかしながら、サーバ名を + 含む完全な URL を生成しなければならない場合は、正しい URL + の生成ができません。</p> + + <p>次の例は上記の問題を解決しています。</p> + + <div class="example"><p><code> + <VirtualHost 192.0.2.1> <br /> + ServerName www.abc.dom <br /> + ServerAdmin webgirl@abc.dom <br /> + DocumentRoot /www/abc <br /> + </VirtualHost> + </code></p></div> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="denial" id="denial">サービス拒否</a></h2> + + + <p>サービス拒否が起こる場合、(少なくとも) 二つのケースがあります。 + Apache 1.2 より前を実行している場合、バーチャルホストのための + 上記の二つの DNS 検索のうち一つ失敗すれば起動すらしません。 + そしてこの DNS 検索が自分の制御下にすらない場合もありえます。 + 例えば、<code>abc.dom</code> が顧客のサーバの一つで、 + DNS は顧客自身で管理している場合、単に + <code>www.abc.dom</code> レコードを削除するだけで、 + (1.2 より前の) サーバを起動不能にすることができます。</p> + + <p>もう一つのケースは、より気付きにくいものです。 + 次の設定について考えてみましょう。</p> + + <div class="example"><p><code> + <VirtualHost www.abc.dom> <br /> + <span class="indent"> + ServerAdmin webgirl@abc.dom <br /> + DocumentRoot /www/abc <br /> + </span> + </VirtualHost> <br /> + <br /> + <VirtualHost www.def.dom> <br /> + <span class="indent"> + ServerAdmin webguy@def.dom <br /> + DocumentRoot /www/def <br /> + </span> + </VirtualHost> + </code></p></div> + + <p>192.0.2.1 を <code>www.abc.dom</code> に、 + 192.0.2.2 を <code>www.def.dom</code> に割り当てているとします。 + また、<code>def.dom</code> は顧客自身の DNS + の制御下にあるとします。この設定で、<code>abc.dom</code> + に向けられたトラフィック全てを奪うことができる位置に + <code>def.dom</code> を設置できています。後は単に + <code>www.def.dom</code> が 192.0.2.1 を参照するように + 設定するだけです。DNS は顧客側の DNS でコントロールされているので、 + <code>www.def.dom</code> レコードが好きな場所を指すように + 設定できてしまうのを止めさせることができません。</p> + + <p>192.0.2.1 に対するリクエスト + (<code>http://www.abc.dom/whatever</code> 形式の URL + を入力したユーザからのもの全てを含みます) + は、<code>def.dom</code> バーチャルホストで応答されます。 + このようなことが何故起こるかもっと良く知るためには、 + 応答の必要なバーチャルホストへのリクエストに対して、 + Apache がどのように整合性を確保するかについて、 + 深い議論が必要になります。おおざっぱな説明は<a href="vhosts/details.html">こちら</a>に記述されています。</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="main" id="main">「主サーバ」アドレス</a></h2> + + + <p>Apache 1.1 での <a href="vhost/name-based.html">名前ベースのバーチャルホストのサポート</a> 追加の際に、 + Apache は <code class="program"><a href="./programs/httpd.html">httpd</a></code> の実行されているホストの IP + アドレスを知る必要が出てきました。このアドレスを得るために、 + (もしあれば) グローバルな + <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> を使用するか、 + C 言語の関数 <code>gethostname</code> (コマンドプロンプトで + <code>hostname</code> とタイプしたときと同じものを返します) + を呼び出すかをします。 + その後、得られたアドレスで DNS 検索を行ないます。 + 現在のところ、この DNS 検索を回避する方法はありません。</p> + + <p>DNS サーバがダウンして、この検索ができない事態が起こることを + 恐れているのであれば、<code>/etc/hosts</code> + にホスト名を記述しておくことができます + (マシンが正常に起動するように既に設定されているかもしれません)。 + その場合、DNS 参照が失敗した場合にマシンが <code>/etc/hosts</code> + を使用するように設定していることを確認してください。 + その方法は、どの OS を使用しているかに依存しますが、 + <code>/etc/resolv.conf</code> か <code>/etc/nsswitch.conf</code> + を編集することで設定できます。</p> + + <p>もし他の理由で DNS を利用する必要がない場合は、 + <code>HOSTRESORDER</code> 環境変数を「 <code>local</code> + 」に設定することでそのようにできます。以上これらの事柄は、どんな + OS 、レゾルバライブラリを使用しているかに依存します。また、 + <code class="module"><a href="./mod/mod_env.html">mod_env</a></code> を使用して環境変数を制御しない限り、 + CGI にも影響を与えます。man ページや使用している OS + の FAQ で調べると良いでしょう。</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="tips" id="tips">以上の問題を解決する方法</a></h2> + + + <ul> + <li> + <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> + で IP アドレスを使用する。 + </li> + + <li> + <code class="directive"><a href="./mod/mpm_common.html#listen">Listen</a></code> + で IP アドレスを使用する。 + </li> + + <li> + 全てのバーチャルホストが明示的に + <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> + を持つようにする。 + </li> + + <li>何も応答しない + <code><VirtualHost _default_:*></code> + サーバを作る。</li> + </ul> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="appendix" id="appendix">付録: 将来的な方向性</a></h2> + + + <p>DNS に関して、現状は全く宜しくありません。Apache 1.2 で、 + DNS のイベントが失敗しても少なくとも起動プロセスが続くようにしましたが、 + これが最高の解決方法ではないでしょう。アドレスの再割り当てが必要不可避 + となっている今日のインターネットにおいては、 + 設定ファイルの中で明示的な IP アドレスを要求する仕様は、 + 全く宜しくありません。</p> + + <p>盗用のサービスアタックに関して行なうべき事は、 + DNS 順引きを行なって得られたアドレスに対する DNS + 逆引きを行なって、二つの名前を比較することです。 + この二つが一致しなければバーチャルホストは無効になるようにします。 + こうするためには逆引き DNS が適切に設定されている必要があります + (FTP サーバや TCP ラッパーのおかげで「二重逆引き」DNS は一般的に + なっていますので、管理者にはお馴染みものでしょう)。</p> + + <p>IP アドレスが使用されていなくて DNS が失敗した場合は、 + どうしてもバーチャルホストウェブサーバを信頼性を確保して + 起動させることは不可能のようです。 + 設定の一部を無効にするというような部分的な解決では、 + サーバが何をするようにするかにもよりますが、 + そのサーバが起動しないより確実に悪い状況になるでしょう。</p> + + <p>HTTP/1.1 が開発され、ブラウザやプロキシが <code>Host</code> + ヘッダを発行するようになったので、IP ベースのバーチャルホストを + 全く使用しなくても済むようになるかもしれません。 + この場合、ウェブサーバは設定中に DNS 参照をしなくても済みます。 + しかし 1997 年 3 月時点の状況では、 + 商用レベルのウェブサーバで使用できるほどには、 + これらの機能は広く開発が進んでいません。</p> + </div></div> +<div class="bottomlang"> +<p><span>翻訳済み言語: </span><a href="./en/dns-caveats.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="./fr/dns-caveats.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="./ja/dns-caveats.html" title="Japanese"> ja </a> | +<a href="./ko/dns-caveats.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="./tr/dns-caveats.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">コメント</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/dns-caveats.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2023 The Apache Software Foundation.<br />この文書は <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> のライセンスで提供されています。.</p> +<p class="menu"><a href="./mod/">モジュール</a> | <a href="./mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">用語</a> | <a href="./sitemap.html">サイトマップ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/dns-caveats.html.ko.euc-kr b/docs/manual/dns-caveats.html.ko.euc-kr new file mode 100644 index 0000000..f399a36 --- /dev/null +++ b/docs/manual/dns-caveats.html.ko.euc-kr @@ -0,0 +1,253 @@ +<?xml version="1.0" encoding="EUC-KR"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head> +<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>DNS ġ õ - Apache HTTP Server Version 2.4</title> +<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" /> +<script src="./style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="./images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="./mod/"></a> | <a href="./mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html"></a> | <a href="./sitemap.html">Ʈ</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="./images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>DNS ġ õ </h1> +<div class="toplang"> +<p><span> : </span><a href="./en/dns-caveats.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="./fr/dns-caveats.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="./ja/dns-caveats.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | +<a href="./ko/dns-caveats.html" title="Korean"> ko </a> | +<a href="./tr/dns-caveats.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div> +<div class="outofdate"> ֽ ƴմϴ. + ֱٿ ϼ.</div> + + <p> ִ. ġ + DNS ʵ ϶. ġ дµ + DNS ʿϴٸ ŷڼ ( ȵ ִ) + Ȥ ź ݰ (ڰ ٸ ڿ + ä Ͽ) (theft of service) ݿ + ô ִ.</p> + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#example"> </a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#denial">ź (Denial of Service)</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#main">"ּ" ּ</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#tips"> ϱ </a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#appendix">η: δ</a></li> +</ul><h3></h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="example" id="example"> </a></h2> + + + <div class="example"><p><code> + <VirtualHost www.abc.dom> <br /> + ServerAdmin webgirl@abc.dom <br /> + DocumentRoot /www/abc <br /> + </VirtualHost> + </code></p></div> + + <p>ġ ϱؼ ȣƮ + ΰ ʿϴ. + <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> + ٸ ּ Ѱ IP ̴ּ. IP ּҰ + , ġ DNS Ͽ <code>www.abc.dom</code> + ּҸ ãƾ Ѵ. + DNS ٸ ȣƮ <strong> </strong>. + ȣƮ û . (ġ 1.2 + õ Ѵ.)</p> + + <p><code>www.abc.dom</code> ּҰ 192.0.2.1̶ . + :</p> + + <div class="example"><p><code> + <VirtualHost 192.0.2.1> <br /> + ServerAdmin webgirl@abc.dom <br /> + DocumentRoot /www/abc <br /> + </VirtualHost> + </code></p></div> + + <p> ġ ȣƮ <code>ServerName</code> + ã DNS ؾ Ѵ. ãⰡ ϸ ġ + ȣƮ κ . (ġ 1.2 + õ Ѵ.) , ̸ + ȣƮ ȣƮ ʰ, ip̶ + κ Ѵ. ġ Ͽ + ü URL Ѵٸ URL Ѵ.</p> + + <p>Ʒ ΰ .</p> + + <div class="example"><p><code> + <VirtualHost 192.0.2.1> <br /> + ServerName www.abc.dom <br /> + ServerAdmin webgirl@abc.dom <br /> + DocumentRoot /www/abc <br /> + </VirtualHost> + </code></p></div> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="denial" id="denial">ź (Denial of Service)</a></h2> + + + <p>(ּ) ΰ źΰ ִ. + ġ 1.2 ȣƮ + DNS ˻ ϸ ʴ´. + DNS ִ. , + <code>abc.dom</code> Ʈ̰ ڽ DNS + Ѵٸ, <code>www.abc.dom</code> ڵ带 ⸸ ص + (1.2 ) Ѵ.</p> + + <p>ξ Ȱ ִ. 캸:</p> + + <div class="example"><p><code> + <VirtualHost www.abc.dom> <br /> + ServerAdmin webgirl@abc.dom <br /> + DocumentRoot /www/abc <br /> + </VirtualHost> <br /> + <br /> + <VirtualHost www.def.dom> <br /> + ServerAdmin webguy@def.dom <br /> + DocumentRoot /www/def <br /> + </VirtualHost> + </code></p></div> + + <p> <code>www.abc.dom</code> 192.0.2.1, + <code>www.def.dom</code> 192.0.2.2 Ҵߴٰ . + , <code>def.dom</code> ü DNS Ѵٰ . + Բ <code>def.dom</code> <code>abc.dom</code> + ç ִ ҿ ξ. ٸ + <code>www.def.dom</code> 192.0.2.1 ϱ⸸ ϸ ȴ. + ü DNS ϱ ϴµ + <code>www.def.dom</code> ڵ带 ϴ + .</p> + + <p>(ڰ <code>http://www.abc.dom/whatever</code> + URL Էϴ 츦 Ͽ) 192.0.2.1 û + <code>def.dom</code> ȣƮ ϰ ȴ. ̷ + Ͼ Ϸ ġ ȣƮ + û óϴ ʿϴ. + <a href="vhosts/details.html"></a> 밭 ִ.</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="main" id="main">"ּ" ּ</a></h2> + + + <p>ġ 1.1 <a href="vhosts/name-based.html"≯ + ȣƮ </a> ԵǾ ġ + ϴ ȣƮ IP ּ() ʿ䰡 . ּҴ + (ִٸ) <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> + Ȥ C Լ <code>gethostname</code> (Ʈ + "hostname" Է ) ´. ּҷ + DNS ˻ Ѵ. ˻ .</p> + + <p>DNS ˻ ٸ + <code>/etc/hosts</code> ȣƮ ִ. + (ǻͰ õǾٸ Ƹ ̹ ̴.) + DNS ϸ <code>/etc/hosts</code> + ϴ Ȯ϶. ϴ ü + <code>/etc/resolv.conf</code> Ȥ <code>/etc/nsswitch.conf</code> + ϸ ̴.</p> + + <p> DNS ˻ϸ ȵȴٸ + <code>HOSTRESORDER</code> ȯ溯 "local" ϰ + ġ ִ. <code class="module"><a href="./mod/mod_env.html">mod_env</a></code> + Ͽ ȯ ʴ´ٸ ȯ溯 + CGI ش. ü manpage FAQ ϴ + .</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="tips" id="tips"> ϱ </a></h2> + + + <ul> + <li> + <code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> IP + ּҸ ϶ + </li> + + <li> + <code class="directive"><a href="./mod/mpm_common.html#listen">Listen</a></code> + IP ּҸ ϶ + </li> + + <li> + ȣƮ + <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> + ϶ + </li> + + <li> ʴ + <code><VirtualHost _default_:*></code> + </li> + </ul> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="appendix" id="appendix">η: δ</a></h2> + + + <p>DNS õ Ȳ ſ ٶ ϴ. ġ 1.2 + 츮 DNS 쿡 ּ + . · Ͽ IP ּҸ 䱸ϴ + ȣ ٽ ؾ ͳݿ ſ ٶ + ϴ.</p> + + <p> Ѱ ˻ + IP ּҿ ٽ DNS ˻ Ͽ ̸ ϴ ̴. + ٸ ȣƮ ִ. + DNS ùٷ Ǿ Ѵ. (FTP TCP wrapper + "ߺ-" DNS ˻ ϱ κ ڿ + ͼ ̴.)</p> + + <p>· IP ּҸ DNS ȣƮ + ְ . Ϻθ ϴ + Ͱ κ ذå ü ʴ ͺ + ִ.</p> + + <p>HTTP/1.1 Ͻð <code>Host</code> + Ƿ IP ȣƮ + ʴ ̴. ߿ + DNS ˻ ʿ䰡 . 1997 3 ߿ + ̸ ȣƮ θ + ʾҴ.</p> + </div></div> +<div class="bottomlang"> +<p><span> : </span><a href="./en/dns-caveats.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="./fr/dns-caveats.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="./ja/dns-caveats.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | +<a href="./ko/dns-caveats.html" title="Korean"> ko </a> | +<a href="./tr/dns-caveats.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/dns-caveats.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="./mod/"></a> | <a href="./mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html"></a> | <a href="./sitemap.html">Ʈ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/dns-caveats.html.tr.utf8 b/docs/manual/dns-caveats.html.tr.utf8 new file mode 100644 index 0000000..8dd1460 --- /dev/null +++ b/docs/manual/dns-caveats.html.tr.utf8 @@ -0,0 +1,207 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="tr" xml:lang="tr"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Apache HTTP Sunucusu ve DNS ile ilgili Konular - Apache HTTP Sunucusu Sürüm 2.4</title> +<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" /> +<script src="./style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="./images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="./mod/">Modüller</a> | <a href="./mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="./glossary.html">Terimler</a> | <a href="./sitemap.html">Site Haritası</a></p> +<p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p> +<img alt="" src="./images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Sunucusu</a> > <a href="http://httpd.apache.org/docs/">Belgeleme</a> > <a href="./">Sürüm 2.4</a></div><div id="page-content"><div id="preamble"><h1>Apache HTTP Sunucusu ve DNS ile ilgili Konular</h1> +<div class="toplang"> +<p><span>Mevcut Diller: </span><a href="./en/dns-caveats.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="./fr/dns-caveats.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="./ja/dns-caveats.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | +<a href="./ko/dns-caveats.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="./tr/dns-caveats.html" title="Türkçe"> tr </a></p> +</div> + + <p>Bu sayfanın konusu şöyle özetlenebilirdi: Yapılandırma dosyalarınızda + DNS sorguları yapılmasını gerektirecek ayarlamalardan kaçınınız. Eğer + yapılandırma dosyalarınızda DNS sorgusu yapılarak çözümlenebilecek + adresler bulunursa sunucunuz beklenmedik davranışlar (hiç + başlamayabilir) gösterebileceği gibi hizmet reddi veya hizmet + hırsızlığı (bazı sanal konakların diğerlerine giden sayfaları çalma + olasılığı dahil) saldırılarına açık hale gelebilir.</p> + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#example">Basit Bir Örnek</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#denial">Hizmet Reddi</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#main">"Ana Sunucu" Adresi</a></li> +<li><img alt="" src="./images/down.gif" /> <a href="#tips">Bu Sorunlardan Kaçınmak için İpuçları</a></li> +</ul><h3>Ayrıca bakınız:</h3><ul class="seealso"><li><a href="#comments_section">Yorumlar</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="example" id="example">Basit Bir Örnek</a></h2> + + + <pre class="prettyprint lang-config"># Bu yetersiz bir yapılandırma örneğidir, sunucunuzda kullanmayın. +<VirtualHost falan.fesmekan.dom> + ServerAdmin filanca@fesmekan.dom + DocumentRoot "/siteler/fesmekan" +</VirtualHost></pre> + + + <p>httpd’nin beklendiği gibi işlemesi için her sanal konak için iki + veriye mutlaka ihtiyacı vardır: <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> ve sunucunun bağlantı kabul edip hizmet + sunacağı en az bir IP adresi. Yukarıdaki örnekte IP adresi + bulunmamaktadır, dolayısıyla Apache, <code>falan.fesmekan.dom</code> + adresi için bir DNS sorgusu yapmak zorundadır. Eğer sunucu, + yapılandırma dosyasını çözümlediği sırada bir sebeple DNS sunucusuna + erişemezse bu sanal konak <em>yapılandırılmayacak</em> ve bu sanal konağa + yapılan isteklere yanıt verilemeyecektir.</p> + + <p><code>falan.fesmekan.dom</code>’un 192.168.2.1 IP adresine sahip + olduğunu varsayarsak yapılandırma şöyle olurdu:</p> + + <pre class="prettyprint lang-config"># Bu yetersiz bir yapılandırma örneğidir, sunucunuzda kullanmayın. +<VirtualHost 192.168.2.1> + ServerAdmin filanca@fesmekan.dom + DocumentRoot "/siteler/fesmekan" +</VirtualHost></pre> + + + <p>Ancak, bu sefer de bu sanal konağın sunucu ismini öğrenmek için + httpd’nin bir ters DNS sorgusu yapması gerekecektir. Eğer bu sorgu + başarısız olursa kısmi bir yapılandırmaya gidilir. + Eğer sanal konak isme dayalı ise sanal konak + kısmen bile yapılandırılmaz. IP’ye dayalı sanal konaklar büyük oranda + çalışır, fakat (örneğin, bir Redirect varlığında olduğu gibi) sunucu ismini + içeren tam bir adres üretilmesini gerektiren bir durumda, sunucu geçerli + bir adres üretemez.</p> + + <p>Her iki sorunu da çözen yapılandırma şöyle olurdu:</p> + + <pre class="prettyprint lang-config"><VirtualHost 192.168.2.1> + ServerName falan.fesmekan.dom + ServerAdmin filanca@fesmekan.dom + DocumentRoot "/siteler/fesmekan" +</VirtualHost></pre> + + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="denial" id="denial">Hizmet Reddi</a></h2> + + + <p>Şöyle bir yapılandırmanız olsun:</p> + + <pre class="prettyprint lang-config"><VirtualHost falan.fesmekan.dom> + ServerAdmin filanca@fesmekan.dom + DocumentRoot "/siteler/fesmekan" +</VirtualHost> + +<VirtualHost misal.mesela.dom> + ServerAdmin falanca@mesela.dom + DocumentRoot "/siteler/mesela" +</VirtualHost></pre> + + + <p><code>falan.fesmekan.dom</code>’a 192.168.2.1, + <code>misal.mesela.dom</code>’a 192.168.2.2 atadığınızı fakat, + <code>mesela.dom</code>’un DNS kaydının sizin denetiminizde olmadığını + varsayalım. Bu yapılandırmayla, <code>mesela.dom</code>’u + <code>fesmekan.dom</code>’a giden tüm trafiği çalabilecek duruma + getirirsiniz. Bunu gerçekleştirmek için DNS kaydında + <code>misal.mesela.dom</code>’a 192.168.2.1 adresinin atanması + yeterlidir. Kendi DNS’lerine sahip olduklarından dolayı + <code>misal.mesela.dom</code>’a istedikleri IP adresini atamaktan + onları alıkoyamazsınız.</p> + + <p>192.168.2.1’e gelen isteklerin hepsine + (<code>http://falan.fesmekan.dom/biryer</code> şeklinde yazılan + adresler dahil) <code>mesela.dom</code> sanal konağınca hizmet + sunulacaktır. Apache’nin gelen istekleri sunduğu sanal konaklarla nasıl + eşleştirdiğini bilirseniz bunun sebebini kolayca anlarsınız. Bunu + kabataslak açıklayan <a href="vhosts/details.html">bir belgemiz + mevcuttur</a>.</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="main" id="main">"Ana Sunucu" Adresi</a></h2> + + + <p><a href="vhosts/name-based.html">İsme dayalı sanal konak + desteği</a>, httpd’nin çalıştığı makinenin IP adres(ler)ini de bilmesini + gerektirir. Bu adresi elde etmek için sunucu, ya sunucu genelinde geçerli + <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> yönergesine bakar ya da bir + C işlevi olan <code>gethostname</code>’i kullanır (işlev, komut + isteminden <code>hostname</code> komutuna dönen yanıtın aynısını + döndürür) ve ardından bu adresle ilgili olarak bir DNS sorgusu yapar. + Bu sorgudan kaçınmanın henüz bir yolu yoktur.</p> + + <p>Eğer bu sorgunun (DNS sunucusunun çökmüş olması gibi bir nedenle) + başarısız olabileceğinden korkuyorsanız, makine ismini ve IP adresini + <code>/etc/hosts</code> dosyanıza yazabilirsiniz (Makinenizin düzgün + olarak açılabilmesi için zaten bu kaydı yapmış olmanız gerekir). + Kullandığınız işletim sistemine bağlı olarak bu kaydın + <code>/etc/resolv.conf</code> veya <code>/etc/nsswitch.conf</code> + dosyasında bulunması gerekebilir.</p> + + <p>Herhangi bir nedenle sunucunuz bir DNS sorgusu yapmıyorsa veya + yapmamalıysa, httpd’yi <code>HOSTRESORDER</code> ortam değişkenine + "<code>local</code>" değerini atadıktan sonra çalıştırabilirsiniz. Bu + tamamen işletim sistemine ve kullandığınız çözümleyici kütüphanelere + bağlıdır. Ayrıca, ortamı denetlemek için <code class="module"><a href="./mod/mod_env.html">mod_env</a></code> + kullanmıyorsanız, CGI’ler de bundan etkilenir. En iyisi işletim + sisteminizin SSS belgelerini ve kılavuz sayfalarını okumaktır.</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div> +<div class="section"> +<h2><a name="tips" id="tips">Bu Sorunlardan Kaçınmak için İpuçları</a></h2> + + + <ul> + <li><code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> yönergelerinizde + IP adresleri kullanınız.</li> + + <li><code class="directive"><a href="./mod/mpm_common.html#listen">Listen</a></code> yönergelerinizde + IP adresleri kullanınız.</li> + + <li>Tüm sanal konakların ayrı birer <code class="directive"><a href="./mod/core.html#servername">ServerName</a></code> yönergesi olsun.</li> + + <li>Hiçbir sayfa sunulmayan bir <code><VirtualHost + _default_:*></code> sanal konağınız olsun.</li> + </ul> + </div></div> +<div class="bottomlang"> +<p><span>Mevcut Diller: </span><a href="./en/dns-caveats.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="./fr/dns-caveats.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="./ja/dns-caveats.html" hreflang="ja" rel="alternate" title="Japanese"> ja </a> | +<a href="./ko/dns-caveats.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="./tr/dns-caveats.html" title="Türkçe"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Yorumlar</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/dns-caveats.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2023 The Apache Software Foundation.<br /><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> altında lisanslıdır.</p> +<p class="menu"><a href="./mod/">Modüller</a> | <a href="./mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="./glossary.html">Terimler</a> | <a href="./sitemap.html">Site Haritası</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file |