summaryrefslogtreecommitdiffstats
path: root/docs/manual/misc
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:01:30 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 15:01:30 +0000
commit6beeb1b708550be0d4a53b272283e17e5e35fe17 (patch)
tree1ce8673d4aaa948e5554000101f46536a1e4cc29 /docs/manual/misc
parentInitial commit. (diff)
downloadapache2-6beeb1b708550be0d4a53b272283e17e5e35fe17.tar.xz
apache2-6beeb1b708550be0d4a53b272283e17e5e35fe17.zip
Adding upstream version 2.4.57.upstream/2.4.57upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/manual/misc')
-rw-r--r--docs/manual/misc/index.html25
-rw-r--r--docs/manual/misc/index.html.en94
-rw-r--r--docs/manual/misc/index.html.es100
-rw-r--r--docs/manual/misc/index.html.fr.utf899
-rw-r--r--docs/manual/misc/index.html.ko.euc-kr95
-rw-r--r--docs/manual/misc/index.html.tr.utf896
-rw-r--r--docs/manual/misc/index.html.zh-cn.utf885
-rw-r--r--docs/manual/misc/password_encryptions.html9
-rw-r--r--docs/manual/misc/password_encryptions.html.en259
-rw-r--r--docs/manual/misc/password_encryptions.html.fr.utf8273
-rw-r--r--docs/manual/misc/perf-tuning.html17
-rw-r--r--docs/manual/misc/perf-tuning.html.en986
-rw-r--r--docs/manual/misc/perf-tuning.html.fr.utf81058
-rw-r--r--docs/manual/misc/perf-tuning.html.ko.euc-kr1006
-rw-r--r--docs/manual/misc/perf-tuning.html.tr.utf81021
-rw-r--r--docs/manual/misc/relevant_standards.html13
-rw-r--r--docs/manual/misc/relevant_standards.html.en234
-rw-r--r--docs/manual/misc/relevant_standards.html.fr.utf8253
-rw-r--r--docs/manual/misc/relevant_standards.html.ko.euc-kr221
-rw-r--r--docs/manual/misc/security_tips.html17
-rw-r--r--docs/manual/misc/security_tips.html.en491
-rw-r--r--docs/manual/misc/security_tips.html.fr.utf8513
-rw-r--r--docs/manual/misc/security_tips.html.ko.euc-kr373
-rw-r--r--docs/manual/misc/security_tips.html.tr.utf8485
24 files changed, 7823 insertions, 0 deletions
diff --git a/docs/manual/misc/index.html b/docs/manual/misc/index.html
new file mode 100644
index 0000000..af26b8b
--- /dev/null
+++ b/docs/manual/misc/index.html
@@ -0,0 +1,25 @@
+# GENERATED FROM XML -- DO NOT EDIT
+
+URI: index.html.en
+Content-Language: en
+Content-type: text/html; charset=UTF-8
+
+URI: index.html.es
+Content-Language: es
+Content-type: text/html; charset=ISO-8859-1
+
+URI: index.html.fr.utf8
+Content-Language: fr
+Content-type: text/html; charset=UTF-8
+
+URI: index.html.ko.euc-kr
+Content-Language: ko
+Content-type: text/html; charset=EUC-KR
+
+URI: index.html.tr.utf8
+Content-Language: tr
+Content-type: text/html; charset=UTF-8
+
+URI: index.html.zh-cn.utf8
+Content-Language: zh-cn
+Content-type: text/html; charset=UTF-8
diff --git a/docs/manual/misc/index.html.en b/docs/manual/misc/index.html.en
new file mode 100644
index 0000000..ee71fa2
--- /dev/null
+++ b/docs/manual/misc/index.html.en
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Apache Miscellaneous Documentation - Apache HTTP Server Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page" class="no-sidebar"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="../"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Apache Miscellaneous Documentation</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/misc/" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" hreflang="es" rel="alternate" title="Español">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div>
+
+
+ <p>Below is a list of additional documentation pages that apply
+ to the Apache web server development project.</p>
+
+ <div class="warning"><h3>Warning</h3>
+ <p>The documents below have not been fully updated
+ to take into account changes made in the 2.1 version of the
+ Apache HTTP Server. Some of the information may still be
+ relevant, but please use it with care.</p>
+ </div>
+
+ <dl>
+ <dt><a href="perf-tuning.html">Performance Notes - Apache
+ Tuning</a></dt>
+
+ <dd>
+ <p>Notes about how to (run-time and compile-time) configure
+ Apache for highest performance. Notes explaining why Apache
+ does some things, and why it doesn't do other things (which
+ make it slower/faster).</p>
+ </dd>
+
+ <dt><a href="security_tips.html">Security Tips</a></dt>
+
+ <dd>
+ <p>Some "do"s - and "don't"s - for keeping your Apache web
+ site secure.</p>
+ </dd>
+
+ <dt><a href="relevant_standards.html">Relevant Standards</a></dt>
+
+ <dd>
+ <p>This document acts as a reference page for most of the relevant
+ standards that Apache follows.</p>
+ </dd>
+
+ <dt><a href="password_encryptions.html">Password Encryption Formats</a></dt>
+
+ <dd>
+ <p>Discussion of the various ciphers supported by Apache for
+ authentication purposes.</p>
+ </dd>
+ </dl>
+
+ </div>
+</div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/misc/" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" hreflang="es" rel="alternate" title="Español">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/index.html.es b/docs/manual/misc/index.html.es
new file mode 100644
index 0000000..a0c8f29
--- /dev/null
+++ b/docs/manual/misc/index.html.es
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="es" xml:lang="es"><head>
+<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Documentaci&#243;n Variada de Apache - Servidor HTTP Apache Versi&#243;n 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page" class="no-sidebar"><div id="page-header">
+<p class="menu"><a href="../mod/">M&#243;dulos</a> | <a href="../mod/directives.html">Directivas</a> | <a href="http://wiki.apache.org/httpd/FAQ">Preguntas Frecuentes</a> | <a href="../glossary.html">Glosario</a> | <a href="../sitemap.html">Mapa del sitio web</a></p>
+<p class="apache">Versi&#243;n 2.4 del Servidor HTTP Apache</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="../"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">Servidor HTTP</a> &gt; <a href="http://httpd.apache.org/docs/">Documentaci&#243;n</a> &gt; <a href="../">Versi&#243;n 2.4</a></div><div id="page-content"><div id="preamble"><h1>Documentaci&#243;n Variada de Apache</h1>
+<div class="toplang">
+<p><span>Idiomas disponibles: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" title="Espa&#241;ol">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" hreflang="tr" rel="alternate" title="T&#252;rk&#231;e">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div>
+
+
+ <p>A continuaci&#243;n ver&#225; una lista de p&#225;ginas adicionales de documentaci&#243;n que
+ aplican al proyecto de desarrollo del servidor web Apache.</p>
+
+ <div class="warning"><h3>Atenci&#243;n</h3>
+ <p>Los documentos no han sido completamente actualizados para tener en cuenta
+ los cambios realizados en la versi&#243;n 2.1 del Servidor Apache HTTP. Alguna
+ informaci&#243;n todav&#237;a puede ser relevante, por favor rev&#237;sela con cuidado.</p>
+ </div>
+
+ <dl>
+ <dt><a href="perf-tuning.html">Notas de Rendimiento - Mejorando Apache</a>
+ </dt>
+
+ <dd>
+ <p>Notas sobre como configurar (en tiempo real y tiempo de compilaci&#243;n)
+ Apache para el mejor rendimiento. Notas explicando por qu&#233; Apache hace
+ ciertas cosas y por qu&#233; no hace otras (que le hacen ser m&#225;s lento/r&#225;pido).
+ </p>
+ </dd>
+
+ <dt><a href="perf-scaling.html">Escalado de Rendimiento</a></dt>
+
+ <dd>
+ <p>Alguna configuraci&#243;n de f&#225;cil acceso y opciones de mejora para Apache
+ httpd 2.2 y 2.4 as&#237; como herramientas de motorizaci&#243;n.</p>
+ </dd>
+
+ <dt><a href="security_tips.html">Consejos de Seguridad</a></dt>
+
+ <dd>
+ <p>Algunas de las cosas que se deben y no deben hacer para mantener seguro
+ su sitio web Apache.</p>
+ </dd>
+
+ <dt><a href="relevant_standards.html">Est&#225;ndares Relevantes</a></dt>
+
+ <dd>
+ <p>Este documento act&#250;a como una p&#225;gina de referencia para la mayor parte
+ de est&#225;ndares relevantes que Apache sigue.</p>
+ </dd>
+
+ <dt><a href="password_encryptions.html">Formatos de Cifrado de Contrase&#241;as</a></dt>
+
+ <dd>
+ <p>Discusi&#243;n de los distintos cifrados soportados por Apache para el proceso
+ de autenticaci&#243;n.</p>
+ </dd>
+ </dl>
+
+ </div>
+</div>
+<div class="bottomlang">
+<p><span>Idiomas disponibles: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" title="Espa&#241;ol">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" hreflang="tr" rel="alternate" title="T&#252;rk&#231;e">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licencia bajo los t&#233;rminos de la <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">M&#243;dulos</a> | <a href="../mod/directives.html">Directivas</a> | <a href="http://wiki.apache.org/httpd/FAQ">Preguntas Frecuentes</a> | <a href="../glossary.html">Glosario</a> | <a href="../sitemap.html">Mapa del sitio web</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/index.html.fr.utf8 b/docs/manual/misc/index.html.fr.utf8
new file mode 100644
index 0000000..eba9551
--- /dev/null
+++ b/docs/manual/misc/index.html.fr.utf8
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Documentations diverses sur Apache - Serveur HTTP Apache Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page" class="no-sidebar"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p>
+<p class="apache">Serveur HTTP Apache Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="../"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">Serveur HTTP</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Documentations diverses sur Apache</h1>
+<div class="toplang">
+<p><span>Langues Disponibles: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" hreflang="es" rel="alternate" title="Español">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div>
+
+
+ <p>Vous trouverez plus loin une liste de pages de documentation
+ additionnelles concernant le projet de développement du serveur web
+ Apache.</p>
+
+ <div class="warning"><h3>Avertissement</h3>
+ <p>La mise à jour des documents ci-dessous permettant de prendre en
+ compte les modifications apportées par la version 2.1 du serveur
+ HTTP Apache n'a pas été entièrement menée à bien. Certaines
+ informations sont probablement encore pertinentes, mais utilisez-les tout de même avec
+ précautions.</p>
+ </div>
+
+ <dl>
+ <dt><a href="perf-tuning.html">Notes à propos des performances -
+ Réglages fins d'Apache</a></dt>
+
+ <dd>
+ <p>Notes à propos de la configuration d'Apache pour de plus
+ hautes performances (à l'exécution et à la compilation). Notes
+ expliquant pourquoi Apache accomplit certaines choses et
+ n'en accomplit pas certaines autres (les premières l'accélérant
+ et les deuxièmes le ralentissant).</p>
+ </dd>
+
+ <dt><a href="security_tips.html">Conseils concernant la
+ sécurité</a></dt>
+
+ <dd>
+ <p>Quelques conseils de type "faites" ou "ne faites pas" pour
+ que votre site web Apache reste sécurisé.</p>
+ </dd>
+
+ <dt><a href="relevant_standards.html">Standards concernés</a></dt>
+
+ <dd>
+ <p>Ce document constitue une page de référence pour la plupart
+ des standards concernés par Apache.</p>
+ </dd>
+
+ <dt><a href="password_encryptions.html">Formats de chiffrement des
+ mots de passe</a></dt>
+
+ <dd>
+ <p>Discussion à propos des divers algorithmes de chiffrement
+ supportés par Apache à des fins d'authentification.</p>
+ </dd>
+ </dl>
+
+ </div>
+</div>
+<div class="bottomlang">
+<p><span>Langues Disponibles: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" hreflang="es" rel="alternate" title="Español">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/index.html.ko.euc-kr b/docs/manual/misc/index.html.ko.euc-kr
new file mode 100644
index 0000000..39e5417
--- /dev/null
+++ b/docs/manual/misc/index.html.ko.euc-kr
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="EUC-KR"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head>
+<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Ÿ ġ - Apache HTTP Server Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page" class="no-sidebar"><div id="page-header">
+<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p>
+<p class="apache">Apache HTTP Server Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="../"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Ÿ ġ </h1>
+<div class="toplang">
+<p><span> : </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" hreflang="es" rel="alternate" title="Espa&#241;ol">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" hreflang="tr" rel="alternate" title="T&#252;rk&#231;e">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div>
+<div class="outofdate"> ֽ ƴմϴ.
+ ֱٿ ϼ.</div>
+
+
+ <p>Ʒ ġ Ʈ ߰
+ ̴.</p>
+
+ <div class="warning"><h3></h3>
+ <p> Ʒ ġ 2.1
+ ʴ. ȿ , ؼ
+ ϱ ٶ.</p>
+ </div>
+
+ <dl>
+ <dt><a href="perf-tuning.html">ġ </a></dt>
+
+ <dd>
+ <p>ְ ġ (, Ͻ)
+ ϴ ٷ. ġ  ۾ ϰ
+ (ġ ų )  ۾ ʴ
+ Ѵ.</p>
+ </dd>
+
+ <dt><a href="security_tips.html"> </a></dt>
+
+ <dd>
+ <p>ġ ϰ ϱ " " "
+ ƾ ".</p>
+ </dd>
+
+ <dt><a href="rewriteguide.html">URL ۼ ħ</a></dt>
+
+ <dd>
+ <p> <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> <a href="../mod/mod_rewrite.html"> </a> Ѵ.
+ ڰ ۾ εġԵǴ
+ URL ذϱؼ  ġ
+ <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> ϴ Ѵ.</p>
+ </dd>
+
+ <dt><a href="relevant_standards.html"> ǥ</a></dt>
+
+ <dd>
+ <p> ġ ǥص Ѵ.</p>
+ </dd>
+ </dl>
+
+ </div>
+</div>
+<div class="bottomlang">
+<p><span> : </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" hreflang="es" rel="alternate" title="Espa&#241;ol">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" hreflang="tr" rel="alternate" title="T&#252;rk&#231;e">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/index.html.tr.utf8 b/docs/manual/misc/index.html.tr.utf8
new file mode 100644
index 0000000..bc261a5
--- /dev/null
+++ b/docs/manual/misc/index.html.tr.utf8
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="tr" xml:lang="tr"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Çeşitli Belgeler - Apache HTTP Sunucusu Sürüm 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page" class="no-sidebar"><div id="page-header">
+<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p>
+<p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="../"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Sunucusu</a> &gt; <a href="http://httpd.apache.org/docs/">Belgeleme</a> &gt; <a href="../">Sürüm 2.4</a></div><div id="page-content"><div id="preamble"><h1>Çeşitli Belgeler</h1>
+<div class="toplang">
+<p><span>Mevcut Diller: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" hreflang="es" rel="alternate" title="Español">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" title="Türkçe">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div>
+
+
+ <p>Aşağıda listelenen belgeler de Apache HTTP sunucusu geliştirme projesi
+ kapsamındadır.</p>
+
+ <div class="warning"><h3>Uyarı</h3>
+ <p>Aşağıdaki belgeler, Apache HTTP Sunucusunun 2.1 sürümünde yapılmış
+ değişikliklere göre tam olarak güncellenmemiştir. Hala güncel kalmış
+ bazı bilgiler olabilir, fakat siz yine de bu belgeleri kullanırken
+ dikkatli olun.</p>
+ </div>
+
+ <dl>
+ <dt><a href="perf-tuning.html">Başarım Arttırma İpuçları - Apache’ye
+ İnce Ayar Çekilmesi</a></dt>
+
+ <dd>
+ <p>Yüksek başarım elde etmek için Apache yapılandırmasında (çalışma
+ anında ve derleme sırasında) yapılacaklar ile ilgili bazı bilgiler
+ yanında Apache’de bazı şeylerin (bir şeyleri hızlandıran ve
+ yavaşlatan şeylerin) yapılma ve yapılmama sebepleri
+ açıklanmıştır.</p>
+ </dd>
+
+ <dt><a href="security_tips.html">Güvenlik İpuçları</a></dt>
+
+ <dd>
+ <p>Apache HTTP sitenizi güvenli kılmak için yapılacaklar ve
+ yapılmayacaklar.</p>
+ </dd>
+
+ <dt><a href="relevant_standards.html">İlgili Standartlar</a></dt>
+
+ <dd>
+ <p>Bu belge Apache’nin uyacağı standartların bir çoğuna atıfta
+ bulunmak amacıyla hazırlanmıştır.</p>
+ </dd>
+
+ <dt><a href="password_encryptions.html">Parola Şifreleme Biçimleri</a>
+ </dt>
+
+ <dd>
+ <p>Belgede, kimlik doğrulama amacıyla Apache tarafından desteklenen
+ çeşitli şifreleme tekniklerinden bahsedilmiştir.</p>
+ </dd>
+ </dl>
+
+ </div>
+</div>
+<div class="bottomlang">
+<p><span>Mevcut Diller: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" hreflang="es" rel="alternate" title="Español">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" title="Türkçe">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br /><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> altında lisanslıdır.</p>
+<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/index.html.zh-cn.utf8 b/docs/manual/misc/index.html.zh-cn.utf8
new file mode 100644
index 0000000..6a68f35
--- /dev/null
+++ b/docs/manual/misc/index.html.zh-cn.utf8
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="zh-cn" xml:lang="zh-cn"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Apache 杂项文档 - Apache HTTP 服务器 版本 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page" class="no-sidebar"><div id="page-header">
+<p class="menu"><a href="../mod/">模块</a> | <a href="../mod/directives.html">指令</a> | <a href="http://wiki.apache.org/httpd/FAQ">常见问题</a> | <a href="../glossary.html">术语</a> | <a href="../sitemap.html">网站导航</a></p>
+<p class="apache">Apache HTTP 服务器版本 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="../"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP 服务器</a> &gt; <a href="http://httpd.apache.org/docs/">文档</a> &gt; <a href="../">版本 2.4</a></div><div id="page-content"><div id="preamble"><h1>Apache 杂项文档</h1>
+<div class="toplang">
+<p><span>可用语言: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" hreflang="es" rel="alternate" title="Español">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div>
+
+
+ <p>下面是适用于 Apache 服务器开发项目的附加文档。</p>
+
+ <div class="warning"><h3>警告</h3>
+ <p>下面的文档尚未完全更新,以反映自 Apache HTTP 服务器版本 2.1
+ 之后的修改。某些信息可能仍旧适用,但请小心使用它。</p>
+ </div>
+
+ <dl>
+ <dt><a href="perf-tuning.html">Apache 性能调谐</a></dt>
+
+ <dd>
+ <p>对如何在编译或运行时,配置 Apache,以便性能更高的说明。
+ 解释了为什么 Apache 这样做,而不那样做 (这会让它更慢或更快)。</p>
+ </dd>
+
+ <dt><a href="security_tips.html">安全技巧</a></dt>
+
+ <dd>
+ <p>做和不做 - 如何让你的 Apache 站点保持安全。</p>
+ </dd>
+
+ <dt><a href="relevant_standards.html">相关标准</a></dt>
+
+ <dd>
+ <p>这篇文档是 Apache 遵循的相关标准的参考页面。</p>
+ </dd>
+
+ <dt><a href="password_encryptions.html">密码加密格式</a></dt>
+
+ <dd>
+ <p>对 Apache 身份认证支持的各种密码加密格式的讨论。</p>
+ </dd>
+ </dl>
+
+ </div>
+</div>
+<div class="bottomlang">
+<p><span>可用语言: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../es/misc/" hreflang="es" rel="alternate" title="Español">&nbsp;es&nbsp;</a> |
+<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a> |
+<a href="../zh-cn/misc/" title="Simplified Chinese">&nbsp;zh-cn&nbsp;</a></p>
+</div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />基于 <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> 许可证.</p>
+<p class="menu"><a href="../mod/">模块</a> | <a href="../mod/directives.html">指令</a> | <a href="http://wiki.apache.org/httpd/FAQ">常见问题</a> | <a href="../glossary.html">术语</a> | <a href="../sitemap.html">网站导航</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/password_encryptions.html b/docs/manual/misc/password_encryptions.html
new file mode 100644
index 0000000..8a5b19c
--- /dev/null
+++ b/docs/manual/misc/password_encryptions.html
@@ -0,0 +1,9 @@
+# GENERATED FROM XML -- DO NOT EDIT
+
+URI: password_encryptions.html.en
+Content-Language: en
+Content-type: text/html; charset=UTF-8
+
+URI: password_encryptions.html.fr.utf8
+Content-Language: fr
+Content-type: text/html; charset=UTF-8
diff --git a/docs/manual/misc/password_encryptions.html.en b/docs/manual/misc/password_encryptions.html.en
new file mode 100644
index 0000000..129bae8
--- /dev/null
+++ b/docs/manual/misc/password_encryptions.html.en
@@ -0,0 +1,259 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Password Formats - Apache HTTP Server Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1>Password Formats</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/misc/password_encryptions.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/password_encryptions.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a></p>
+</div>
+
+ <p>Notes about the password encryption formats generated and understood by
+ Apache.</p>
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#basic">Basic Authentication</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#digest">Digest Authentication</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="basic" id="basic">Basic Authentication</a></h2>
+
+ <p>There are five formats that Apache recognizes for basic-authentication
+ passwords. Note that not all formats work on every platform:</p>
+
+ <dl>
+ <dt>bcrypt</dt>
+ <dd>"$2y$" + the result of the crypt_blowfish algorithm.
+ See the APR source file
+ <a href="http://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt_blowfish.c?view=markup">crypt_blowfish.c</a>
+ for the details of the algorithm.</dd>
+
+ <dt>MD5</dt>
+ <dd>"$apr1$" + the result of an Apache-specific algorithm using an
+ iterated (1,000 times) MD5 digest of various combinations of a
+ random 32-bit salt and the password. See the APR source file
+ <a href="http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_md5.c?view=markup">apr_md5.c</a>
+ for the details of the algorithm.</dd>
+
+ <dt>SHA1</dt>
+ <dd>"{SHA}" + Base64-encoded SHA-1 digest of the password. Insecure.</dd>
+
+ <dt>CRYPT</dt>
+ <dd>Unix only. Uses the traditional Unix <code>crypt(3)</code> function
+ with a randomly-generated 32-bit salt (only 12 bits used) and the first 8
+ characters of the password. Insecure.</dd>
+
+ <dt>PLAIN TEXT (i.e. <em>unencrypted</em>)</dt>
+ <dd>Windows &amp; Netware only. Insecure.</dd>
+ </dl>
+
+ <h3>Generating values with htpasswd</h3>
+
+ <div class="example"><h3>bcrypt</h3><p><code>
+ $ htpasswd -nbB myName myPassword<br />
+ myName:$2y$05$c4WoMPo3SXsafkva.HHa6uXQZWr7oboPiC2bT/r7q1BB8I2s0BRqC
+ </code></p></div>
+
+ <div class="example"><h3>MD5</h3><p><code>
+ $ htpasswd -nbm myName myPassword<br />
+ myName:$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/
+ </code></p></div>
+
+ <div class="example"><h3>SHA1</h3><p><code>
+ $ htpasswd -nbs myName myPassword<br />
+ myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=
+ </code></p></div>
+
+ <div class="example"><h3>CRYPT</h3><p><code>
+ $ htpasswd -nbd myName myPassword<br />
+ myName:rqXexS6ZhobKA
+ </code></p></div>
+
+
+
+ <h3>Generating CRYPT and MD5 values with the OpenSSL
+ command-line program</h3>
+
+
+ <p>OpenSSL knows the Apache-specific MD5 algorithm.</p>
+
+ <div class="example"><h3>MD5</h3><p><code>
+ $ openssl passwd -apr1 myPassword<br />
+ $apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0
+ </code></p></div>
+
+ <div class="example"><h3>CRYPT</h3><p><code>
+ openssl passwd -crypt myPassword<br />
+ qQ5vTYO3c8dsU
+ </code></p></div>
+
+
+ <h3>Validating CRYPT or MD5 passwords with the OpenSSL command
+ line program</h3>
+
+ <p>The salt for a CRYPT password is the first two characters (converted to
+ a binary value). To validate <code>myPassword</code> against
+ <code>rqXexS6ZhobKA</code></p>
+
+ <div class="example"><h3>CRYPT</h3><p><code>
+ $ openssl passwd -crypt -salt rq myPassword<br />
+ Warning: truncating password to 8 characters<br />
+ rqXexS6ZhobKA
+ </code></p></div>
+
+ <p>Note that using <code>myPasswo</code> instead of
+ <code>myPassword</code> will produce the same result because only the
+ first 8 characters of CRYPT passwords are considered.</p>
+
+ <p>The salt for an MD5 password is between <code>$apr1$</code> and the
+ following <code>$</code> (as a Base64-encoded binary value - max 8 chars).
+ To validate <code>myPassword</code> against
+ <code>$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/</code></p>
+
+ <div class="example"><h3>MD5</h3><p><code>
+ $ openssl passwd -apr1 -salt r31..... myPassword<br />
+ $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/
+ </code></p></div>
+
+
+ <h3>Database password fields for mod_dbd</h3>
+ <p>The SHA1 variant is probably the most useful format for DBD
+ authentication. Since the SHA1 and Base64 functions are commonly
+ available, other software can populate a database with encrypted passwords
+ that are usable by Apache basic authentication.</p>
+
+ <p>To create Apache SHA1-variant basic-authentication passwords in various
+ languages:</p>
+
+ <div class="example"><h3>PHP</h3><p><code>
+ '{SHA}' . base64_encode(sha1($password, TRUE))
+ </code></p></div>
+
+ <div class="example"><h3>Java</h3><p><code>
+ "{SHA}" + new sun.misc.BASE64Encoder().encode(java.security.MessageDigest.getInstance("SHA1").digest(password.getBytes()))
+ </code></p></div>
+
+ <div class="example"><h3>ColdFusion</h3><p><code>
+ "{SHA}" &amp; ToBase64(BinaryDecode(Hash(password, "SHA1"), "Hex"))
+ </code></p></div>
+
+ <div class="example"><h3>Ruby</h3><p><code>
+ require 'digest/sha1'<br />
+ require 'base64'<br />
+ '{SHA}' + Base64.encode64(Digest::SHA1.digest(password))
+ </code></p></div>
+
+ <div class="example"><h3>C or C++</h3><p><code>
+ Use the APR function: apr_sha1_base64
+ </code></p></div>
+
+ <div class="example"><h3>Python</h3><p><code>
+ import base64<br />
+ import hashlib<br />
+ "{SHA}" + format(base64.b64encode(hashlib.sha1(password).digest()))
+ </code></p></div>
+
+ <div class="example"><h3>PostgreSQL (with the contrib/pgcrypto functions
+ installed)</h3><p><code>
+
+ '{SHA}'||encode(digest(password,'sha1'),'base64')
+ </code></p></div>
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="digest" id="digest">Digest Authentication</a></h2>
+ <p>Apache recognizes one format for
+ digest-authentication passwords - the MD5 hash of the string
+ <code>user:realm:password</code> as a 32-character string of hexadecimal
+ digits. <code>realm</code> is the Authorization Realm argument to the
+ <code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code> directive in
+ httpd.conf.</p>
+
+ <h3>Database password fields for mod_dbd</h3>
+
+ <p>Since the MD5 function is commonly available, other software can
+ populate a database with encrypted passwords that are usable by Apache
+ digest authentication.</p>
+
+ <p>To create Apache digest-authentication passwords in various
+ languages:</p>
+
+ <div class="example"><h3>PHP</h3><p><code>
+ md5($user . ':' . $realm . ':' .$password)
+ </code></p></div>
+
+ <div class="example"><h3>Java</h3><p><code>
+ byte b[] = java.security.MessageDigest.getInstance("MD5").digest( (user + ":" + realm + ":" + password ).getBytes());<br />
+ java.math.BigInteger bi = new java.math.BigInteger(1, b);<br />
+ String s = bi.toString(16);<br />
+ while (s.length() &lt; 32)<br />
+ <span class="indent">
+ s = "0" + s;
+ </span>
+ // String s is the encrypted password
+ </code></p></div>
+
+ <div class="example"><h3>ColdFusion</h3><p><code>
+ LCase(Hash( (user &amp; ":" &amp; realm &amp; ":" &amp; password) , "MD5"))
+ </code></p></div>
+
+ <div class="example"><h3>Ruby</h3><p><code>
+ require 'digest/md5'<br />
+ Digest::MD5.hexdigest(user + ':' + realm + ':' + password)
+ </code></p></div>
+
+ <div class="example"><h3>PostgreSQL (with the contrib/pgcrypto functions installed)</h3><p><code>
+
+ encode(digest( user || ':' || realm || ':' || password , 'md5'), 'hex')
+ </code></p></div>
+
+
+ </div></div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/misc/password_encryptions.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/password_encryptions.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/password_encryptions.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/password_encryptions.html.fr.utf8 b/docs/manual/misc/password_encryptions.html.fr.utf8
new file mode 100644
index 0000000..b7e0f2c
--- /dev/null
+++ b/docs/manual/misc/password_encryptions.html.fr.utf8
@@ -0,0 +1,273 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Formats de mots de passe - Serveur HTTP Apache Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p>
+<p class="apache">Serveur HTTP Apache Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">Serveur HTTP</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Documentations diverses</a></div><div id="page-content"><div id="preamble"><h1>Formats de mots de passe</h1>
+<div class="toplang">
+<p><span>Langues Disponibles: </span><a href="../en/misc/password_encryptions.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/password_encryptions.html" title="Français">&nbsp;fr&nbsp;</a></p>
+</div>
+
+ <p>Notes à propos des formats de chiffrement des mots de passe
+ générés et compris par Apache.</p>
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#basic">Authentification de base</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#digest">Authentification à base de condensés</a></li>
+</ul><h3>Voir aussi</h3><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="basic" id="basic">Authentification de base</a></h2>
+
+ <p>Voici les cinq formats de mots de passe qu'Apache reconnaît
+ pour l'authentification de base. Notez que tous les formats ne sont
+ pas supportés par toutes les plates-formes :</p>
+
+ <dl>
+
+ <dt>bcrypt</dt>
+ <dd>"$2y$" + the result of the crypt_blowfish algorithm. Dérivé
+ de l'algorythme de chiffrement crypt_blowfish. Voir le fichier
+ source APR <a href="http://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt_blowfish.c?view=markup">crypt_blowfish.c</a>
+ pour plus de détails à propos de cet algorithme.</dd>
+
+ <dt>MD5</dt>
+ <dd>"$apr1$" + le résultat d'un algorithme spécifique à Apache
+ utilisant un condensé MD5 réitéré (1000 fois) de combinaisons
+ variées du mot de passe et d'une source d'entropie sur 32 bits.
+ Voir le fichier source APR <a href="http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_md5.c?view=markup">apr_md5.c</a>
+ pour les détails de l'algorithme.</dd>
+
+
+ <dt>SHA1</dt>
+ <dd>"{SHA}" + un condensé SHA-1 du mot de passe codé en
+ Base64. Non sûr.</dd>
+
+ <dt>CRYPT</dt>
+ <dd>Unix seulement. Utilise la fonction Unix traditionnelle
+ <code>crypt(3)</code> avec une source d'entropie sur 32 bits
+ (seuls 12 bits sont utilisés), et seulement les 8 premiers
+ caractères du mot de passe. Non sûr.</dd>
+
+ <dt>PLAIN TEXT (autrement dit <em>non chiffré</em>)</dt>
+ <dd>Windows &amp; Netware seulement. Non sûr.</dd>
+ </dl>
+ <h3>Générer des mots de passe avec htpasswd</h3>
+
+ <div class="example"><h3>bcrypt</h3><p><code>
+ $ htpasswd -nbB monNom monMot-de-passe<br />
+ monNom:$2y$05$c4WoMPo3SXsafkva.HHa6uXQZWr7oboPiC2bT/r7q1BB8I2s0BRqC
+ </code></p></div>
+
+ <div class="example"><h3>MD5</h3><p><code>
+ $ htpasswd -nbm monNom monMot-de-passe<br />
+ monNom:$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/
+ </code></p></div>
+
+ <div class="example"><h3>SHA1</h3><p><code>
+ $ htpasswd -nbs monNom monMot-de-passe<br />
+ monNom:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=
+ </code></p></div>
+
+ <div class="example"><h3>CRYPT</h3><p><code>
+ $ htpasswd -nbd monNom monMot-de-passe<br />
+ monNom:rqXexS6ZhobKA
+ </code></p></div>
+
+
+
+ <h3>Générer des mots de passe CRYPT and MD5 avec le programme
+ OpenSSL en ligne de commande</h3>
+
+
+ <p>OpenSSL connaît l'algorithme MD5 spécifique à Apache.</p>
+
+ <div class="example"><h3>MD5</h3><p><code>
+ $ openssl passwd -apr1 monMot-de-passe<br />
+ $apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0
+ </code></p></div>
+
+ <div class="example"><h3>CRYPT</h3><p><code>
+ openssl passwd -crypt monMot-de-passe<br />
+ qQ5vTYO3c8dsU
+ </code></p></div>
+
+
+ <h3>Valider des mots de passe CRYPT and MD5 avec le programme
+ OpenSSL en ligne de commande</h3>
+
+ <p>La source d'entropie pour un mot de passe CRYPT est constituée
+ des deux premiers caractères (convertis en valeur binaire). Pour
+ valider <code>monMot-de-passe</code> par rapport à
+ <code>rqXexS6ZhobKA</code></p>
+
+ <div class="example"><h3>CRYPT</h3><p><code>
+ $ openssl passwd -crypt -salt rq monMot-de-passe<br />
+ Warning: truncating password to 8 characters<br />
+ rqXexS6ZhobKA
+ </code></p></div>
+
+ <p>Notez que spécifier <code>monMot-d</code> au lieu de
+ <code>monMot-de-passe</code> produira le même résultat car seuls
+ les 8 premiers caractères des mots de passe CRYPT sont pris en
+ compte.</p>
+
+ <p>La source d'entropie pour un mot de passe MD5 se situe entre
+ <code>$apr1$</code> et le caractère <code>$</code> suivant (sous
+ la forme d'une valeur binaire codée en Base64 - au maximum 8
+ caractères). Pour valider <code>monMot-de-passe</code> par rapport
+ à <code>$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/</code></p>
+
+ <div class="example"><h3>MD5</h3><p><code>
+ $ openssl passwd -apr1 -salt r31..... monMot-de-passe<br />
+ $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/
+ </code></p></div>
+
+
+ <h3>Champs mot de passe de base de données pour
+ mod_dbd</h3>
+ <p>La variante SHA1 constitue probablement le format le mieux
+ approprié pour l'authentification DBD. Comme les fonctions SHA1 et
+ Base64 sont en général disponibles, d'autres logiciels peuvent
+ renseigner une base de données avec des mots de passe chiffrés
+ utilisables par l'authentification basique d'Apache.</p>
+
+ <p>Pour créer des mots de passe au format SHA1 pour
+ l'authentification de base d'Apache dans divers langages :</p>
+
+ <div class="example"><h3>PHP</h3><p><code>
+ '{SHA}' . base64_encode(sha1($password, TRUE))
+ </code></p></div>
+
+ <div class="example"><h3>Java</h3><p><code>
+ "{SHA}" + new sun.misc.BASE64Encoder().encode(java.security.MessageDigest.getInstance("SHA1").digest(password.getBytes()))
+ </code></p></div>
+
+ <div class="example"><h3>ColdFusion</h3><p><code>
+ "{SHA}" &amp; ToBase64(BinaryDecode(Hash(password, "SHA1"), "Hex"))
+ </code></p></div>
+
+ <div class="example"><h3>Ruby</h3><p><code>
+ require 'digest/sha1'<br />
+ require 'base64'<br />
+ '{SHA}' + Base64.encode64(Digest::SHA1.digest(password))
+ </code></p></div>
+
+ <div class="example"><h3>C ou C++</h3><p><code>
+ Utilisez la fonction APR : apr_sha1_base64
+ </code></p></div>
+
+ <div class="example"><h3>Python</h3><p><code>
+ import base64<br />
+ import hashlib<br />
+ "{SHA}" + format(base64.b64encode(hashlib.sha1(password).digest()))
+ </code></p></div>
+
+ <div class="example"><h3>PostgreSQL (avec les fonctions contrib/pgcrypto
+ installées)</h3><p><code>
+
+ '{SHA}'||encode(digest(password,'sha1'),'base64')
+ </code></p></div>
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="digest" id="digest">Authentification à base de condensés</a></h2>
+ <p>Apache ne reconnaît qu'un format pour les mots de passe
+ d'authentification à base de condensés - le condensé MD5 de la
+ chaîne <code>utilisateur:domaine-de-protection:mot-de-passe</code>
+ sous la forme d'une chaîne de 32 caractères au format hexadécimal.
+ <code>domaine-de-protection</code> est l'identifiant du domaine de
+ protection de l'autorisation passé en argument à la directive
+ <code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code> dans
+ httpd.conf.</p>
+
+ <h3>Champs de mot de passe de base de données pour
+ mod_dbd</h3>
+
+ <p>Comme la fonction MD5 est en général disponible, d'autres
+ logiciels peuvent renseigner une base de données avec des mots de
+ passe chiffrés utilisables par l'authentification à base de
+ condensés d'Apache.</p>
+
+ <p>Pour créer des mots de passe pour l'authentification à base de
+ condensés d'Apache dans divers langages :</p>
+
+ <div class="example"><h3>PHP</h3><p><code>
+ md5($user . ':' . $realm . ':' .$password)
+ </code></p></div>
+
+ <div class="example"><h3>Java</h3><p><code>
+ byte b[] = java.security.MessageDigest.getInstance("MD5").digest( (user + ":" + realm + ":" + password ).getBytes());<br />
+ java.math.BigInteger bi = new java.math.BigInteger(1, b);<br />
+ String s = bi.toString(16);<br />
+ while (s.length() &lt; 32)<br />
+ <span class="indent">
+ s = "0" + s;
+ </span>
+ // La chaîne s contient le mot de passe chiffré
+ </code></p></div>
+
+ <div class="example"><h3>ColdFusion</h3><p><code>
+ LCase(Hash( (user &amp; ":" &amp; realm &amp; ":" &amp; password) , "MD5"))
+ </code></p></div>
+
+ <div class="example"><h3>Ruby</h3><p><code>
+ require 'digest/md5'<br />
+ Digest::MD5.hexdigest(user + ':' + realm + ':' + password)
+ </code></p></div>
+
+ <div class="example"><h3>PostgreSQL (avec les fonctions contrib/pgcrypto
+ installées)</h3><p><code>
+
+ encode(digest( user || ':' || realm || ':' || password , 'md5'), 'hex')
+ </code></p></div>
+
+
+ </div></div>
+<div class="bottomlang">
+<p><span>Langues Disponibles: </span><a href="../en/misc/password_encryptions.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/password_encryptions.html" title="Français">&nbsp;fr&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/password_encryptions.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/perf-tuning.html b/docs/manual/misc/perf-tuning.html
new file mode 100644
index 0000000..7ff8118
--- /dev/null
+++ b/docs/manual/misc/perf-tuning.html
@@ -0,0 +1,17 @@
+# GENERATED FROM XML -- DO NOT EDIT
+
+URI: perf-tuning.html.en
+Content-Language: en
+Content-type: text/html; charset=UTF-8
+
+URI: perf-tuning.html.fr.utf8
+Content-Language: fr
+Content-type: text/html; charset=UTF-8
+
+URI: perf-tuning.html.ko.euc-kr
+Content-Language: ko
+Content-type: text/html; charset=EUC-KR
+
+URI: perf-tuning.html.tr.utf8
+Content-Language: tr
+Content-type: text/html; charset=UTF-8
diff --git a/docs/manual/misc/perf-tuning.html.en b/docs/manual/misc/perf-tuning.html.en
new file mode 100644
index 0000000..8047328
--- /dev/null
+++ b/docs/manual/misc/perf-tuning.html.en
@@ -0,0 +1,986 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Apache Performance Tuning - Apache HTTP Server Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1>Apache Performance Tuning</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/misc/perf-tuning.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div>
+
+
+ <p>Apache 2.x is a general-purpose webserver, designed to
+ provide a balance of flexibility, portability, and performance.
+ Although it has not been designed specifically to set benchmark
+ records, Apache 2.x is capable of high performance in many
+ real-world situations.</p>
+
+ <p>Compared to Apache 1.3, release 2.x contains many additional
+ optimizations to increase throughput and scalability. Most of
+ these improvements are enabled by default. However, there are
+ compile-time and run-time configuration choices that can
+ significantly affect performance. This document describes the
+ options that a server administrator can configure to tune the
+ performance of an Apache 2.x installation. Some of these
+ configuration options enable the httpd to better take advantage
+ of the capabilities of the hardware and OS, while others allow
+ the administrator to trade functionality for speed.</p>
+
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#hardware">Hardware and Operating System Issues</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#runtime">Run-Time Configuration Issues</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#compiletime">Compile-Time Configuration Issues</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#trace">Appendix: Detailed Analysis of a Trace</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="hardware" id="hardware">Hardware and Operating System Issues</a></h2>
+
+
+
+ <p>The single biggest hardware issue affecting webserver
+ performance is RAM. A webserver should never ever have to swap,
+ as swapping increases the latency of each request beyond a point
+ that users consider "fast enough". This causes users to hit
+ stop and reload, further increasing the load. You can, and
+ should, control the <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> setting so that your server
+ does not spawn so many children that it starts swapping. The procedure
+ for doing this is simple: determine the size of your average Apache
+ process, by looking at your process list via a tool such as
+ <code>top</code>, and divide this into your total available memory,
+ leaving some room for other processes.</p>
+
+ <p>Beyond that the rest is mundane: get a fast enough CPU, a
+ fast enough network card, and fast enough disks, where "fast
+ enough" is something that needs to be determined by
+ experimentation.</p>
+
+ <p>Operating system choice is largely a matter of local
+ concerns. But some guidelines that have proven generally
+ useful are:</p>
+
+ <ul>
+ <li>
+ <p>Run the latest stable release and patch level of the
+ operating system that you choose. Many OS suppliers have
+ introduced significant performance improvements to their
+ TCP stacks and thread libraries in recent years.</p>
+ </li>
+
+ <li>
+ <p>If your OS supports a <code>sendfile(2)</code> system
+ call, make sure you install the release and/or patches
+ needed to enable it. (With Linux, for example, this means
+ using Linux 2.4 or later. For early releases of Solaris 8,
+ you may need to apply a patch.) On systems where it is
+ available, <code>sendfile</code> enables Apache 2 to deliver
+ static content faster and with lower CPU utilization.</p>
+ </li>
+ </ul>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="runtime" id="runtime">Run-Time Configuration Issues</a></h2>
+
+
+
+ <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code></li><li><code class="module"><a href="../mod/mpm_common.html">mpm_common</a></code></li><li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a></code></li><li><code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code></li><li><code class="directive"><a href="../mod/core.html#enablemmap">EnableMMAP</a></code></li><li><code class="directive"><a href="../mod/core.html#enablesendfile">EnableSendfile</a></code></li><li><code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code></li><li><code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code></li><li><code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code></li></ul></td></tr></table>
+
+ <h3><a name="dns" id="dns">HostnameLookups and other DNS considerations</a></h3>
+
+
+
+ <p>Prior to Apache 1.3, <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> defaulted to <code>On</code>.
+ This adds latency to every request because it requires a
+ DNS lookup to complete before the request is finished. In
+ Apache 1.3 this setting defaults to <code>Off</code>. If you need
+ to have addresses in your log files resolved to hostnames, use the
+ <code class="program"><a href="../programs/logresolve.html">logresolve</a></code>
+ program that comes with Apache, or one of the numerous log
+ reporting packages which are available.</p>
+
+ <p>It is recommended that you do this sort of postprocessing of
+ your log files on some machine other than the production web
+ server machine, in order that this activity not adversely affect
+ server performance.</p>
+
+ <p>If you use any <code><code class="directive"><a href="../mod/mod_access_compat.html#allow">Allow</a></code> from domain</code> or <code><code class="directive"><a href="../mod/mod_access_compat.html#deny">Deny</a></code> from domain</code>
+ directives (i.e., using a hostname, or a domain name, rather than
+ an IP address) then you will pay for
+ two DNS lookups (a reverse, followed by a forward lookup
+ to make sure that the reverse is not being spoofed). For best
+ performance, therefore, use IP addresses, rather than names, when
+ using these directives, if possible.</p>
+
+ <p>Note that it's possible to scope the directives, such as
+ within a <code>&lt;Location "/server-status"&gt;</code> section.
+ In this case the DNS lookups are only performed on requests
+ matching the criteria. Here's an example which disables lookups
+ except for <code>.html</code> and <code>.cgi</code> files:</p>
+
+ <pre class="prettyprint lang-config">HostnameLookups off
+&lt;Files ~ "\.(html|cgi)$"&gt;
+ HostnameLookups on
+&lt;/Files&gt;</pre>
+
+
+ <p>But even still, if you just need DNS names in some CGIs you
+ could consider doing the <code>gethostbyname</code> call in the
+ specific CGIs that need it.</p>
+
+
+
+ <h3><a name="symlinks" id="symlinks">FollowSymLinks and SymLinksIfOwnerMatch</a></h3>
+
+
+
+ <p>Wherever in your URL-space you do not have an <code>Options
+ FollowSymLinks</code>, or you do have an <code>Options
+ SymLinksIfOwnerMatch</code>, Apache will need to issue extra
+ system calls to check up on symlinks. (One extra call per
+ filename component.) For example, if you had:</p>
+
+ <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs"
+&lt;Directory "/"&gt;
+ Options SymLinksIfOwnerMatch
+&lt;/Directory&gt;</pre>
+
+
+ <p>and a request is made for the URI <code>/index.html</code>,
+ then Apache will perform <code>lstat(2)</code> on
+ <code>/www</code>, <code>/www/htdocs</code>, and
+ <code>/www/htdocs/index.html</code>. The results of these
+ <code>lstats</code> are never cached, so they will occur on
+ every single request. If you really desire the symlinks
+ security checking, you can do something like this:</p>
+
+ <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs"
+&lt;Directory "/"&gt;
+ Options FollowSymLinks
+&lt;/Directory&gt;
+
+&lt;Directory "/www/htdocs"&gt;
+ Options -FollowSymLinks +SymLinksIfOwnerMatch
+&lt;/Directory&gt;</pre>
+
+
+ <p>This at least avoids the extra checks for the
+ <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> path.
+ Note that you'll need to add similar sections if you
+ have any <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code> or
+ <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> paths
+ outside of your document root. For highest performance,
+ and no symlink protection, set <code>FollowSymLinks</code>
+ everywhere, and never set <code>SymLinksIfOwnerMatch</code>.</p>
+
+
+
+ <h3><a name="htaccess" id="htaccess">AllowOverride</a></h3>
+
+
+
+ <p>Wherever in your URL-space you allow overrides (typically
+ <code>.htaccess</code> files), Apache will attempt to open
+ <code>.htaccess</code> for each filename component. For
+ example,</p>
+
+ <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs"
+&lt;Directory "/"&gt;
+ AllowOverride all
+&lt;/Directory&gt;</pre>
+
+
+ <p>and a request is made for the URI <code>/index.html</code>.
+ Then Apache will attempt to open <code>/.htaccess</code>,
+ <code>/www/.htaccess</code>, and
+ <code>/www/htdocs/.htaccess</code>. The solutions are similar
+ to the previous case of <code>Options FollowSymLinks</code>.
+ For highest performance use <code>AllowOverride None</code>
+ everywhere in your filesystem.</p>
+
+
+
+ <h3><a name="negotiation" id="negotiation">Negotiation</a></h3>
+
+
+
+ <p>If at all possible, avoid content negotiation if you're
+ really interested in every last ounce of performance. In
+ practice the benefits of negotiation outweigh the performance
+ penalties. There's one case where you can speed up the server.
+ Instead of using a wildcard such as:</p>
+
+ <pre class="prettyprint lang-config">DirectoryIndex index</pre>
+
+
+ <p>Use a complete list of options:</p>
+
+ <pre class="prettyprint lang-config">DirectoryIndex index.cgi index.pl index.shtml index.html</pre>
+
+
+ <p>where you list the most common choice first.</p>
+
+ <p>Also note that explicitly creating a <code>type-map</code>
+ file provides better performance than using
+ <code>MultiViews</code>, as the necessary information can be
+ determined by reading this single file, rather than having to
+ scan the directory for files.</p>
+
+ <p>If your site needs content negotiation, consider using
+ <code>type-map</code> files, rather than the <code>Options
+ MultiViews</code> directive to accomplish the negotiation. See the
+ <a href="../content-negotiation.html">Content Negotiation</a>
+ documentation for a full discussion of the methods of negotiation,
+ and instructions for creating <code>type-map</code> files.</p>
+
+
+
+ <h3>Memory-mapping</h3>
+
+
+
+ <p>In situations where Apache 2.x needs to look at the contents
+ of a file being delivered--for example, when doing server-side-include
+ processing--it normally memory-maps the file if the OS supports
+ some form of <code>mmap(2)</code>.</p>
+
+ <p>On some platforms, this memory-mapping improves performance.
+ However, there are cases where memory-mapping can hurt the performance
+ or even the stability of the httpd:</p>
+
+ <ul>
+ <li>
+ <p>On some operating systems, <code>mmap</code> does not scale
+ as well as <code>read(2)</code> when the number of CPUs increases.
+ On multiprocessor Solaris servers, for example, Apache 2.x sometimes
+ delivers server-parsed files faster when <code>mmap</code> is disabled.</p>
+ </li>
+
+ <li>
+ <p>If you memory-map a file located on an NFS-mounted filesystem
+ and a process on another NFS client machine deletes or truncates
+ the file, your process may get a bus error the next time it tries
+ to access the mapped file content.</p>
+ </li>
+ </ul>
+
+ <p>For installations where either of these factors applies, you
+ should use <code>EnableMMAP off</code> to disable the memory-mapping
+ of delivered files. (Note: This directive can be overridden on
+ a per-directory basis.)</p>
+
+
+
+ <h3>Sendfile</h3>
+
+
+
+ <p>In situations where Apache 2.x can ignore the contents of the file
+ to be delivered -- for example, when serving static file content --
+ it normally uses the kernel sendfile support for the file if the OS
+ supports the <code>sendfile(2)</code> operation.</p>
+
+ <p>On most platforms, using sendfile improves performance by eliminating
+ separate read and send mechanics. However, there are cases where using
+ sendfile can harm the stability of the httpd:</p>
+
+ <ul>
+ <li>
+ <p>Some platforms may have broken sendfile support that the build
+ system did not detect, especially if the binaries were built on
+ another box and moved to such a machine with broken sendfile support.</p>
+ </li>
+ <li>
+ <p>With an NFS-mounted filesystem, the kernel may be unable
+ to reliably serve the network file through its own cache.</p>
+ </li>
+ </ul>
+
+ <p>For installations where either of these factors applies, you
+ should use <code>EnableSendfile off</code> to disable sendfile
+ delivery of file contents. (Note: This directive can be overridden
+ on a per-directory basis.)</p>
+
+
+
+ <h3><a name="process" id="process">Process Creation</a></h3>
+
+
+
+ <p>Prior to Apache 1.3 the <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code>, and <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> settings all had drastic effects on
+ benchmark results. In particular, Apache required a "ramp-up"
+ period in order to reach a number of children sufficient to serve
+ the load being applied. After the initial spawning of
+ <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> children,
+ only one child per second would be created to satisfy the
+ <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>
+ setting. So a server being accessed by 100 simultaneous
+ clients, using the default <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> of <code>5</code> would take on
+ the order of 95 seconds to spawn enough children to handle
+ the load. This works fine in practice on real-life servers
+ because they aren't restarted frequently. But it does really
+ poorly on benchmarks which might only run for ten minutes.</p>
+
+ <p>The one-per-second rule was implemented in an effort to
+ avoid swamping the machine with the startup of new children. If
+ the machine is busy spawning children, it can't service
+ requests. But it has such a drastic effect on the perceived
+ performance of Apache that it had to be replaced. As of Apache
+ 1.3, the code will relax the one-per-second rule. It will spawn
+ one, wait a second, then spawn two, wait a second, then spawn
+ four, and it will continue exponentially until it is spawning
+ 32 children per second. It will stop whenever it satisfies the
+ <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>
+ setting.</p>
+
+ <p>This appears to be responsive enough that it's almost
+ unnecessary to twiddle the <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code> and <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> knobs. When more than 4 children are
+ spawned per second, a message will be emitted to the
+ <code class="directive"><a href="../mod/core.html#errorlog">ErrorLog</a></code>. If you
+ see a lot of these errors, then consider tuning these settings.
+ Use the <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> output as a guide.</p>
+
+ <p>Related to process creation is process death induced by the
+ <code class="directive"><a href="../mod/mpm_common.html#maxconnectionsperchild">MaxConnectionsPerChild</a></code>
+ setting. By default this is <code>0</code>,
+ which means that there is no limit to the number of connections
+ handled per child. If your configuration currently has this set
+ to some very low number, such as <code>30</code>, you may want to bump this
+ up significantly. If you are running SunOS or an old version of
+ Solaris, limit this to <code>10000</code> or so because of memory leaks.</p>
+
+ <p>When keep-alives are in use, children will be kept busy
+ doing nothing waiting for more requests on the already open
+ connection. The default <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> of <code>5</code>
+ seconds attempts to minimize this effect. The tradeoff here is
+ between network bandwidth and server resources. In no event
+ should you raise this above about <code>60</code> seconds, as <a href="http://www.hpl.hp.com/techreports/Compaq-DEC/WRL-95-4.html">
+ most of the benefits are lost</a>.</p>
+
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="compiletime" id="compiletime">Compile-Time Configuration Issues</a></h2>
+
+
+
+ <h3>Choosing an MPM</h3>
+
+
+
+ <p>Apache 2.x supports pluggable concurrency models, called
+ <a href="../mpm.html">Multi-Processing Modules</a> (MPMs).
+ When building Apache, you must choose an MPM to use. There
+ are platform-specific MPMs for some platforms:
+ <code class="module"><a href="../mod/mpm_netware.html">mpm_netware</a></code>,
+ <code class="module"><a href="../mod/mpmt_os2.html">mpmt_os2</a></code>, and <code class="module"><a href="../mod/mpm_winnt.html">mpm_winnt</a></code>. For
+ general Unix-type systems, there are several MPMs from which
+ to choose. The choice of MPM can affect the speed and scalability
+ of the httpd:</p>
+
+ <ul>
+
+ <li>The <code class="module"><a href="../mod/worker.html">worker</a></code> MPM uses multiple child
+ processes with many threads each. Each thread handles
+ one connection at a time. Worker generally is a good
+ choice for high-traffic servers because it has a smaller
+ memory footprint than the prefork MPM.</li>
+
+ <li>The <code class="module"><a href="../mod/event.html">event</a></code> MPM is threaded like the
+ Worker MPM, but is designed to allow more requests to be
+ served simultaneously by passing off some processing work
+ to supporting threads, freeing up the main threads to work
+ on new requests.</li>
+
+ <li>The <code class="module"><a href="../mod/prefork.html">prefork</a></code> MPM uses multiple child
+ processes with one thread each. Each process handles
+ one connection at a time. On many systems, prefork is
+ comparable in speed to worker, but it uses more memory.
+ Prefork's threadless design has advantages over worker
+ in some situations: it can be used with non-thread-safe
+ third-party modules, and it is easier to debug on platforms
+ with poor thread debugging support.</li>
+
+ </ul>
+
+ <p>For more information on these and other MPMs, please
+ see the MPM <a href="../mpm.html">documentation</a>.</p>
+
+
+
+ <h3><a name="modules" id="modules">Modules</a></h3>
+
+
+
+ <p>Since memory usage is such an important consideration in
+ performance, you should attempt to eliminate modules that you are
+ not actually using. If you have built the modules as <a href="../dso.html">DSOs</a>, eliminating modules is a simple
+ matter of commenting out the associated <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code> directive for that module.
+ This allows you to experiment with removing modules and seeing
+ if your site still functions in their absence.</p>
+
+ <p>If, on the other hand, you have modules statically linked
+ into your Apache binary, you will need to recompile Apache in
+ order to remove unwanted modules.</p>
+
+ <p>An associated question that arises here is, of course, what
+ modules you need, and which ones you don't. The answer here
+ will, of course, vary from one web site to another. However, the
+ <em>minimal</em> list of modules which you can get by with tends
+ to include <code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code>, <code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code>,
+ and <code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code>. <code>mod_log_config</code> is,
+ of course, optional, as you can run a web site without log
+ files. This is, however, not recommended.</p>
+
+
+
+ <h3>Atomic Operations</h3>
+
+
+
+ <p>Some modules, such as <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> and
+ recent development builds of the worker MPM, use APR's
+ atomic API. This API provides atomic operations that can
+ be used for lightweight thread synchronization.</p>
+
+ <p>By default, APR implements these operations using the
+ most efficient mechanism available on each target
+ OS/CPU platform. Many modern CPUs, for example, have
+ an instruction that does an atomic compare-and-swap (CAS)
+ operation in hardware. On some platforms, however, APR
+ defaults to a slower, mutex-based implementation of the
+ atomic API in order to ensure compatibility with older
+ CPU models that lack such instructions. If you are
+ building Apache for one of these platforms, and you plan
+ to run only on newer CPUs, you can select a faster atomic
+ implementation at build time by configuring Apache with
+ the <code>--enable-nonportable-atomics</code> option:</p>
+
+ <div class="example"><p><code>
+ ./buildconf<br />
+ ./configure --with-mpm=worker --enable-nonportable-atomics=yes
+ </code></p></div>
+
+ <p>The <code>--enable-nonportable-atomics</code> option is
+ relevant for the following platforms:</p>
+
+ <ul>
+
+ <li>Solaris on SPARC<br />
+ By default, APR uses mutex-based atomics on Solaris/SPARC.
+ If you configure with <code>--enable-nonportable-atomics</code>,
+ however, APR generates code that uses a SPARC v8plus opcode for
+ fast hardware compare-and-swap. If you configure Apache with
+ this option, the atomic operations will be more efficient
+ (allowing for lower CPU utilization and higher concurrency),
+ but the resulting executable will run only on UltraSPARC
+ chips.
+ </li>
+
+ <li>Linux on x86<br />
+ By default, APR uses mutex-based atomics on Linux. If you
+ configure with <code>--enable-nonportable-atomics</code>,
+ however, APR generates code that uses a 486 opcode for fast
+ hardware compare-and-swap. This will result in more efficient
+ atomic operations, but the resulting executable will run only
+ on 486 and later chips (and not on 386).
+ </li>
+
+ </ul>
+
+
+
+ <h3>mod_status and ExtendedStatus On</h3>
+
+
+
+ <p>If you include <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> and you also set
+ <code>ExtendedStatus On</code> when building and running
+ Apache, then on every request Apache will perform two calls to
+ <code>gettimeofday(2)</code> (or <code>times(2)</code>
+ depending on your operating system), and (pre-1.3) several
+ extra calls to <code>time(2)</code>. This is all done so that
+ the status report contains timing indications. For highest
+ performance, set <code>ExtendedStatus off</code> (which is the
+ default).</p>
+
+
+
+ <h3>accept Serialization - Multiple Sockets</h3>
+
+
+
+ <div class="warning"><h3>Warning:</h3>
+ <p>This section has not been fully updated
+ to take into account changes made in the 2.x version of the
+ Apache HTTP Server. Some of the information may still be
+ relevant, but please use it with care.</p>
+ </div>
+
+ <p>This discusses a shortcoming in the Unix socket API. Suppose
+ your web server uses multiple <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> statements to listen on either multiple
+ ports or multiple addresses. In order to test each socket
+ to see if a connection is ready, Apache uses
+ <code>select(2)</code>. <code>select(2)</code> indicates that a
+ socket has <em>zero</em> or <em>at least one</em> connection
+ waiting on it. Apache's model includes multiple children, and
+ all the idle ones test for new connections at the same time. A
+ naive implementation looks something like this (these examples
+ do not match the code, they're contrived for pedagogical
+ purposes):</p>
+
+ <pre class="prettyprint lang-c"> for (;;) {
+ for (;;) {
+ fd_set accept_fds;
+
+ FD_ZERO (&amp;accept_fds);
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ FD_SET (i, &amp;accept_fds);
+ }
+ rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
+ if (rc &lt; 1) continue;
+ new_connection = -1;
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ if (FD_ISSET (i, &amp;accept_fds)) {
+ new_connection = accept (i, NULL, NULL);
+ if (new_connection != -1) break;
+ }
+ }
+ if (new_connection != -1) break;
+ }
+ process_the(new_connection);
+ }</pre>
+
+
+ <p>But this naive implementation has a serious starvation problem.
+ Recall that multiple children execute this loop at the same
+ time, and so multiple children will block at
+ <code>select</code> when they are in between requests. All
+ those blocked children will awaken and return from
+ <code>select</code> when a single request appears on any socket.
+ (The number of children which awaken varies depending on the
+ operating system and timing issues.) They will all then fall
+ down into the loop and try to <code>accept</code> the
+ connection. But only one will succeed (assuming there's still
+ only one connection ready). The rest will be <em>blocked</em>
+ in <code>accept</code>. This effectively locks those children
+ into serving requests from that one socket and no other
+ sockets, and they'll be stuck there until enough new requests
+ appear on that socket to wake them all up. This starvation
+ problem was first documented in <a href="http://bugs.apache.org/index/full/467">PR#467</a>. There
+ are at least two solutions.</p>
+
+ <p>One solution is to make the sockets non-blocking. In this
+ case the <code>accept</code> won't block the children, and they
+ will be allowed to continue immediately. But this wastes CPU
+ time. Suppose you have ten idle children in
+ <code>select</code>, and one connection arrives. Then nine of
+ those children will wake up, try to <code>accept</code> the
+ connection, fail, and loop back into <code>select</code>,
+ accomplishing nothing. Meanwhile none of those children are
+ servicing requests that occurred on other sockets until they
+ get back up to the <code>select</code> again. Overall this
+ solution does not seem very fruitful unless you have as many
+ idle CPUs (in a multiprocessor box) as you have idle children
+ (not a very likely situation).</p>
+
+ <p>Another solution, the one used by Apache, is to serialize
+ entry into the inner loop. The loop looks like this
+ (differences highlighted):</p>
+
+ <pre class="prettyprint lang-c"> for (;;) {
+ <strong>accept_mutex_on ();</strong>
+ for (;;) {
+ fd_set accept_fds;
+
+ FD_ZERO (&amp;accept_fds);
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ FD_SET (i, &amp;accept_fds);
+ }
+ rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
+ if (rc &lt; 1) continue;
+ new_connection = -1;
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ if (FD_ISSET (i, &amp;accept_fds)) {
+ new_connection = accept (i, NULL, NULL);
+ if (new_connection != -1) break;
+ }
+ }
+ if (new_connection != -1) break;
+ }
+ <strong>accept_mutex_off ();</strong>
+ process the new_connection;
+ }</pre>
+
+
+ <p><a id="serialize" name="serialize">The functions</a>
+ <code>accept_mutex_on</code> and <code>accept_mutex_off</code>
+ implement a mutual exclusion semaphore. Only one child can have
+ the mutex at any time. There are several choices for
+ implementing these mutexes. The choice is defined in
+ <code>src/conf.h</code> (pre-1.3) or
+ <code>src/include/ap_config.h</code> (1.3 or later). Some
+ architectures do not have any locking choice made, on these
+ architectures it is unsafe to use multiple
+ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code>
+ directives.</p>
+
+ <p>The <code class="directive"><a href="../mod/core.html#mutex">Mutex</a></code> directive can
+ be used to change the mutex implementation of the
+ <code>mpm-accept</code> mutex at run-time. Special considerations
+ for different mutex implementations are documented with that
+ directive.</p>
+
+ <p>Another solution that has been considered but never
+ implemented is to partially serialize the loop -- that is, let
+ in a certain number of processes. This would only be of
+ interest on multiprocessor boxes where it's possible that multiple
+ children could run simultaneously, and the serialization
+ actually doesn't take advantage of the full bandwidth. This is
+ a possible area of future investigation, but priority remains
+ low because highly parallel web servers are not the norm.</p>
+
+ <p>Ideally you should run servers without multiple
+ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code>
+ statements if you want the highest performance.
+ But read on.</p>
+
+
+
+ <h3>accept Serialization - Single Socket</h3>
+
+
+
+ <p>The above is fine and dandy for multiple socket servers, but
+ what about single socket servers? In theory they shouldn't
+ experience any of these same problems because all the children
+ can just block in <code>accept(2)</code> until a connection
+ arrives, and no starvation results. In practice this hides
+ almost the same "spinning" behavior discussed above in the
+ non-blocking solution. The way that most TCP stacks are
+ implemented, the kernel actually wakes up all processes blocked
+ in <code>accept</code> when a single connection arrives. One of
+ those processes gets the connection and returns to user-space.
+ The rest spin in the kernel and go back to sleep when they
+ discover there's no connection for them. This spinning is
+ hidden from the user-land code, but it's there nonetheless.
+ This can result in the same load-spiking wasteful behavior
+ that a non-blocking solution to the multiple sockets case
+ can.</p>
+
+ <p>For this reason we have found that many architectures behave
+ more "nicely" if we serialize even the single socket case. So
+ this is actually the default in almost all cases. Crude
+ experiments under Linux (2.0.30 on a dual Pentium pro 166
+ w/128Mb RAM) have shown that the serialization of the single
+ socket case causes less than a 3% decrease in requests per
+ second over unserialized single-socket. But unserialized
+ single-socket showed an extra 100ms latency on each request.
+ This latency is probably a wash on long haul lines, and only an
+ issue on LANs. If you want to override the single socket
+ serialization, you can define
+ <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code>, and then
+ single-socket servers will not serialize at all.</p>
+
+
+
+ <h3>Lingering Close</h3>
+
+
+
+ <p>As discussed in <a href="http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt">
+ draft-ietf-http-connection-00.txt</a> section 8, in order for
+ an HTTP server to <strong>reliably</strong> implement the
+ protocol, it needs to shut down each direction of the
+ communication independently. (Recall that a TCP connection is
+ bi-directional. Each half is independent of the other.)</p>
+
+ <p>When this feature was added to Apache, it caused a flurry of
+ problems on various versions of Unix because of shortsightedness.
+ The TCP specification does not state that the <code>FIN_WAIT_2</code>
+ state has a timeout, but it doesn't prohibit it.
+ On systems without the timeout, Apache 1.2 induces many sockets
+ stuck forever in the <code>FIN_WAIT_2</code> state. In many cases this
+ can be avoided by simply upgrading to the latest TCP/IP patches
+ supplied by the vendor. In cases where the vendor has never
+ released patches (<em>i.e.</em>, SunOS4 -- although folks with
+ a source license can patch it themselves), we have decided to
+ disable this feature.</p>
+
+ <p>There are two ways to accomplish this. One is the socket
+ option <code>SO_LINGER</code>. But as fate would have it, this
+ has never been implemented properly in most TCP/IP stacks. Even
+ on those stacks with a proper implementation (<em>i.e.</em>,
+ Linux 2.0.31), this method proves to be more expensive (cputime)
+ than the next solution.</p>
+
+ <p>For the most part, Apache implements this in a function
+ called <code>lingering_close</code> (in
+ <code>http_main.c</code>). The function looks roughly like
+ this:</p>
+
+ <pre class="prettyprint lang-c"> void lingering_close (int s)
+ {
+ char junk_buffer[2048];
+
+ /* shutdown the sending side */
+ shutdown (s, 1);
+
+ signal (SIGALRM, lingering_death);
+ alarm (30);
+
+ for (;;) {
+ select (s for reading, 2 second timeout);
+ if (error) break;
+ if (s is ready for reading) {
+ if (read (s, junk_buffer, sizeof (junk_buffer)) &lt;= 0) {
+ break;
+ }
+ /* just toss away whatever is here */
+ }
+ }
+
+ close (s);
+ }</pre>
+
+
+ <p>This naturally adds some expense at the end of a connection,
+ but it is required for a reliable implementation. As HTTP/1.1
+ becomes more prevalent, and all connections are persistent,
+ this expense will be amortized over more requests. If you want
+ to play with fire and disable this feature, you can define
+ <code>NO_LINGCLOSE</code>, but this is not recommended at all.
+ In particular, as HTTP/1.1 pipelined persistent connections
+ come into use, <code>lingering_close</code> is an absolute
+ necessity (and <a href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html">
+ pipelined connections are faster</a>, so you want to support
+ them).</p>
+
+
+
+ <h3>Scoreboard File</h3>
+
+
+
+ <p>Apache's parent and children communicate with each other
+ through something called the scoreboard. Ideally this should be
+ implemented in shared memory. For those operating systems that
+ we either have access to, or have been given detailed ports
+ for, it typically is implemented using shared memory. The rest
+ default to using an on-disk file. The on-disk file is not only
+ slow, but it is unreliable (and less featured). Peruse the
+ <code>src/main/conf.h</code> file for your architecture, and
+ look for either <code>USE_MMAP_SCOREBOARD</code> or
+ <code>USE_SHMGET_SCOREBOARD</code>. Defining one of those two
+ (as well as their companions <code>HAVE_MMAP</code> and
+ <code>HAVE_SHMGET</code> respectively) enables the supplied
+ shared memory code. If your system has another type of shared
+ memory, edit the file <code>src/main/http_main.c</code> and add
+ the hooks necessary to use it in Apache. (Send us back a patch
+ too, please.)</p>
+
+ <div class="note">Historical note: The Linux port of Apache didn't start to
+ use shared memory until version 1.2 of Apache. This oversight
+ resulted in really poor and unreliable behavior of earlier
+ versions of Apache on Linux.</div>
+
+
+
+ <h3>DYNAMIC_MODULE_LIMIT</h3>
+
+
+
+ <p>If you have no intention of using dynamically loaded modules
+ (you probably don't if you're reading this and tuning your
+ server for every last ounce of performance), then you should add
+ <code>-DDYNAMIC_MODULE_LIMIT=0</code> when building your
+ server. This will save RAM that's allocated only for supporting
+ dynamically loaded modules.</p>
+
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="trace" id="trace">Appendix: Detailed Analysis of a Trace</a></h2>
+
+
+
+ <p>Here is a system call trace of Apache 2.0.38 with the worker MPM
+ on Solaris 8. This trace was collected using:</p>
+
+ <div class="example"><p><code>
+ truss -l -p <var>httpd_child_pid</var>.
+ </code></p></div>
+
+ <p>The <code>-l</code> option tells truss to log the ID of the
+ LWP (lightweight process--Solaris' form of kernel-level thread)
+ that invokes each system call.</p>
+
+ <p>Other systems may have different system call tracing utilities
+ such as <code>strace</code>, <code>ktrace</code>, or <code>par</code>.
+ They all produce similar output.</p>
+
+ <p>In this trace, a client has requested a 10KB static file
+ from the httpd. Traces of non-static requests or requests
+ with content negotiation look wildly different (and quite ugly
+ in some cases).</p>
+
+ <div class="example"><pre>/67: accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...)
+/67: accept(3, 0x00200BEC, 0x00200C0C, 1) = 9</pre></div>
+
+ <p>In this trace, the listener thread is running within LWP #67.</p>
+
+ <div class="note">Note the lack of <code>accept(2)</code> serialization. On this
+ particular platform, the worker MPM uses an unserialized accept by
+ default unless it is listening on multiple ports.</div>
+
+ <div class="example"><pre>/65: lwp_park(0x00000000, 0) = 0
+/67: lwp_unpark(65, 1) = 0</pre></div>
+
+ <p>Upon accepting the connection, the listener thread wakes up
+ a worker thread to do the request processing. In this trace,
+ the worker thread that handles the request is mapped to LWP #65.</p>
+
+ <div class="example"><pre>/65: getsockname(9, 0x00200BA4, 0x00200BC4, 1) = 0</pre></div>
+
+ <p>In order to implement virtual hosts, Apache needs to know
+ the local socket address used to accept the connection. It
+ is possible to eliminate this call in many situations (such
+ as when there are no virtual hosts, or when
+ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> directives
+ are used which do not have wildcard addresses). But
+ no effort has yet been made to do these optimizations. </p>
+
+ <div class="example"><pre>/65: brk(0x002170E8) = 0
+/65: brk(0x002190E8) = 0</pre></div>
+
+ <p>The <code>brk(2)</code> calls allocate memory from the heap.
+ It is rare to see these in a system call trace, because the httpd
+ uses custom memory allocators (<code>apr_pool</code> and
+ <code>apr_bucket_alloc</code>) for most request processing.
+ In this trace, the httpd has just been started, so it must
+ call <code>malloc(3)</code> to get the blocks of raw memory
+ with which to create the custom memory allocators.</p>
+
+ <div class="example"><pre>/65: fcntl(9, F_GETFL, 0x00000000) = 2
+/65: fstat64(9, 0xFAF7B818) = 0
+/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0
+/65: fstat64(9, 0xFAF7B818) = 0
+/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0
+/65: setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0
+/65: fcntl(9, F_SETFL, 0x00000082) = 0</pre></div>
+
+ <p>Next, the worker thread puts the connection to the client (file
+ descriptor 9) in non-blocking mode. The <code>setsockopt(2)</code>
+ and <code>getsockopt(2)</code> calls are a side-effect of how
+ Solaris' libc handles <code>fcntl(2)</code> on sockets.</p>
+
+ <div class="example"><pre>/65: read(9, " G E T / 1 0 k . h t m".., 8000) = 97</pre></div>
+
+ <p>The worker thread reads the request from the client.</p>
+
+ <div class="example"><pre>/65: stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0
+/65: open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10</pre></div>
+
+ <p>This httpd has been configured with <code>Options FollowSymLinks</code>
+ and <code>AllowOverride None</code>. Thus it doesn't need to
+ <code>lstat(2)</code> each directory in the path leading up to the
+ requested file, nor check for <code>.htaccess</code> files.
+ It simply calls <code>stat(2)</code> to verify that the file:
+ 1) exists, and 2) is a regular file, not a directory.</p>
+
+ <div class="example"><pre>/65: sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C) = 10269</pre></div>
+
+ <p>In this example, the httpd is able to send the HTTP response
+ header and the requested file with a single <code>sendfilev(2)</code>
+ system call. Sendfile semantics vary among operating systems. On some other
+ systems, it is necessary to do a <code>write(2)</code> or
+ <code>writev(2)</code> call to send the headers before calling
+ <code>sendfile(2)</code>.</p>
+
+ <div class="example"><pre>/65: write(4, " 1 2 7 . 0 . 0 . 1 - ".., 78) = 78</pre></div>
+
+ <p>This <code>write(2)</code> call records the request in the
+ access log. Note that one thing missing from this trace is a
+ <code>time(2)</code> call. Unlike Apache 1.3, Apache 2.x uses
+ <code>gettimeofday(3)</code> to look up the time. On some operating
+ systems, like Linux or Solaris, <code>gettimeofday</code> has an
+ optimized implementation that doesn't require as much overhead
+ as a typical system call.</p>
+
+ <div class="example"><pre>/65: shutdown(9, 1, 1) = 0
+/65: poll(0xFAF7B980, 1, 2000) = 1
+/65: read(9, 0xFAF7BC20, 512) = 0
+/65: close(9) = 0</pre></div>
+
+ <p>The worker thread does a lingering close of the connection.</p>
+
+ <div class="example"><pre>/65: close(10) = 0
+/65: lwp_park(0x00000000, 0) (sleeping...)</pre></div>
+
+ <p>Finally the worker thread closes the file that it has just delivered
+ and blocks until the listener assigns it another connection.</p>
+
+ <div class="example"><pre>/67: accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)</pre></div>
+
+ <p>Meanwhile, the listener thread is able to accept another connection
+ as soon as it has dispatched this connection to a worker thread (subject
+ to some flow-control logic in the worker MPM that throttles the listener
+ if all the available workers are busy). Though it isn't apparent from
+ this trace, the next <code>accept(2)</code> can (and usually does, under
+ high load conditions) occur in parallel with the worker thread's handling
+ of the just-accepted connection.</p>
+
+ </div></div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/misc/perf-tuning.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/perf-tuning.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/perf-tuning.html.fr.utf8 b/docs/manual/misc/perf-tuning.html.fr.utf8
new file mode 100644
index 0000000..27dbb27
--- /dev/null
+++ b/docs/manual/misc/perf-tuning.html.fr.utf8
@@ -0,0 +1,1058 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Optimisation des performances d'Apache - Serveur HTTP Apache Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p>
+<p class="apache">Serveur HTTP Apache Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">Serveur HTTP</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Documentations diverses</a></div><div id="page-content"><div id="preamble"><h1>Optimisation des performances d'Apache</h1>
+<div class="toplang">
+<p><span>Langues Disponibles: </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/perf-tuning.html" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div>
+
+
+ <p>Apache 2.x est un serveur web à usage général, conçu dans un but
+ d'équilibre entre souplesse, portabilité et performances. Bien que non
+ conçu dans le seul but d'établir une référence en la matière,
+ Apache 2.x est capable de hautes performances dans de nombreuses situations
+ du monde réel.</p>
+
+ <p>Comparée à Apache 1.3, la version 2.x comporte de nombreuses
+ optimisations supplémentaires permettant d'améliorer le débit du serveur
+ et sa personnalisation. La plupart de ces améliorations sont activées par
+ défaut. Cependant, certains choix de configuration à la compilation et à
+ l'exécution peuvent affecter les performances de manière significative. Ce
+ document décrit les options qu'un administrateur de serveur peut configurer
+ pour améliorer les performances d'une installation d'Apache 2.x. Certaines
+ de ces options de configuration permettent au démon httpd de mieux tirer
+ parti des possibilités du matériel et du système d'exploitation, tandis
+ que d'autres permettent à l'administrateur de privilégier la vitesse
+ par rapport aux fonctionnalités.</p>
+
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#hardware">Problèmes matériels et relatifs au système d'exploitation</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#runtime">Optimisation de la configuration à l'exécution</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#compiletime">Optimisation de la configuration à la compilation</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#trace">Appendice : Analyse détaillée d'une trace</a></li>
+</ul><h3>Voir aussi</h3><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="hardware" id="hardware">Problèmes matériels et relatifs au système d'exploitation</a></h2>
+
+
+
+ <p>Le principal problème matériel qui affecte les performances du serveur
+ web est la mémoire vive (RAM). Un serveur web ne devrait jamais avoir à
+ utiliser le swap, car le swapping augmente le temps de réponse de chaque
+ requête au delà du point que les utilisateurs considèrent comme
+ "trop lent". Ceci incite les utilisateurs à cliquer sur "Stop", puis
+ "Charger à nouveau", ce qui a pour effet d'augmenter encore la charge
+ du serveur. Vous pouvez, et même devez définir la valeur de la directive
+ <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> de façon à ce que
+ votre serveur ne lance pas un nombre de processus enfants tel qu'il
+ commence à faire du swapping. La méthode pour y parvenir est
+ simple : déterminez la taille de votre processus Apache standard en
+ consultant votre liste de processus à l'aide d'un outil tel que
+ <code>top</code>, et divisez votre quantité totale de mémoire disponible
+ par cette taille, tout en gardant un espace suffisant
+ pour les autres processus.</p>
+
+ <p>Hormis ce réglage relatif à la mémoire, le reste est trivial : le
+ processeur, la carte réseau et les disques doivent être suffisamment
+ rapides, où "suffisamment rapide" doit être déterminé par
+ l'expérience.</p>
+
+ <p>Le choix du système d'exploitation dépend principalement du
+ contexte local. Voici cependant quelques conseils qui se sont
+ généralement avérés utiles :</p>
+
+ <ul>
+ <li>
+ <p>Exécutez la dernière version stable et le niveau de patches le
+ plus haut du système d'exploitation que vous avez choisi. De nombreux
+ éditeurs de systèmes d'exploitation ont amélioré de manière
+ significative les performances de leurs piles TCP et de leurs
+ bibliothèques de thread ces dernières années.</p>
+ </li>
+
+ <li>
+ <p>Si votre système d'exploitation possède un appel système
+ <code>sendfile(2)</code>, assurez-vous d'avoir installé la version
+ et/ou les patches nécessaires à son activation. (Pour Linux, par
+ exemple, cela se traduit par Linux 2.4 ou plus. Pour les versions
+ anciennes de Solaris 8, vous pouvez être amené à appliquer un patch.)
+ Sur les systèmes où il est disponible, <code>sendfile</code> permet
+ à Apache 2 de servir les contenus statiques plus rapidement, tout en
+ induisant une charge CPU inférieure.</p>
+ </li>
+ </ul>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="runtime" id="runtime">Optimisation de la configuration à l'exécution</a></h2>
+
+
+
+ <table class="related"><tr><th>Modules Apparentés</th><th>Directives Apparentées</th></tr><tr><td><ul><li><code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code></li><li><code class="module"><a href="../mod/mpm_common.html">mpm_common</a></code></li><li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a></code></li><li><code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code></li><li><code class="directive"><a href="../mod/core.html#enablemmap">EnableMMAP</a></code></li><li><code class="directive"><a href="../mod/core.html#enablesendfile">EnableSendfile</a></code></li><li><code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code></li><li><code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code></li><li><code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code></li></ul></td></tr></table>
+
+ <h3><a name="dns" id="dns">HostnameLookups et autres considérations à propos du DNS</a></h3>
+
+
+
+ <p>Avant Apache 1.3, la directive
+ <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> était positionnée
+ par défaut à <code>On</code>. Ce réglage augmente le temps de réponse de
+ chaque requête car il entraîne une recherche DNS et le traitement de la
+ requête ne pourra pas être achevé tant que cette recherche ne sera
+ pas terminée. Avec Apache 1.3, ce réglage est défini par défaut à
+ <code>Off</code>. Si vous souhaitez que les adresses dans vos fichiers
+ journaux soient résolues en noms d'hôtes, utilisez le programme
+ <code class="program"><a href="../programs/logresolve.html">logresolve</a></code> fourni avec Apache, ou un des nombreux
+ paquets générateurs de rapports sur les journaux disponibles.</p>
+
+ <p>Il est recommandé d'effectuer ce genre de traitement a posteriori
+ de vos fichiers journaux sur une autre machine que celle qui héberge le
+ serveur web en production, afin que cette activité n'affecte pas les
+ performances du serveur.</p>
+
+ <p>Si vous utilisez une directive
+ <code><code class="directive"><a href="../mod/mod_access_compat.html#allow">Allow</a></code>from domain</code>
+ ou
+ <code><code class="directive"><a href="../mod/mod_access_compat.html#deny">Deny</a></code> from domain</code>
+ (ce qui signifie que vous utilisez un nom d'hôte ou un nom de domaine à
+ la place d'une adresse IP), vous devrez compter avec deux recherches
+ DNS (une recherche inverse suivie d'une recherche directe pour
+ s'assurer que l'adresse IP n'a pas été usurpée). C'est pourquoi il est
+ préférable, pour améliorer les performances, d'utiliser des adresses IP
+ plutôt que des noms lorsqu'on utilise ces directives, du moins chaque
+ fois que c'est possible.</p>
+
+ <p>Notez qu'il est possible de modifier la portée des directives, en les
+ plaçant par exemple à l'intérieur d'une section
+ <code>&lt;Location "/server-status"&gt;</code>. Les recherches DNS ne
+ seront alors effectuées que pour les requêtes qui satisfont aux critères.
+ Voici un exemple qui désactive les recherches DNS sauf pour les fichiers
+ <code>.html</code> et <code>.cgi</code> :</p>
+
+ <pre class="prettyprint lang-config">HostnameLookups off
+&lt;Files ~ "\.(html|cgi)$"&gt;
+ HostnameLookups on
+&lt;/Files&gt;</pre>
+
+
+ <p>Mais même dans ce cas, si vous n'avez besoin de noms DNS que dans
+ certains CGIs, vous pouvez effectuer l'appel à <code>gethostbyname</code>
+ dans les CGIs spécifiques qui en ont besoin.</p>
+
+
+
+ <h3><a name="symlinks" id="symlinks">FollowSymLinks et SymLinksIfOwnerMatch</a></h3>
+
+
+
+ <p>Chaque fois que la ligne <code>Options FollowSymLinks</code> sera
+ absente, ou que la ligne <code>Options SymLinksIfOwnerMatch</code> sera
+ présente dans votre espace d'adressage, Apache devra effectuer des
+ appels système supplémentaires pour vérifier la présence de liens
+ symboliques. Un appel supplémentaire par élément du chemin du fichier.
+ Par exemple, si vous avez :</p>
+
+ <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs"
+&lt;Directory "/"&gt;
+ Options SymLinksIfOwnerMatch
+&lt;/Directory&gt;</pre>
+
+
+ <p>et si une requête demande l'URI <code>/index.html</code>, Apache
+ effectuera un appel à <code>lstat(2)</code> pour
+ <code>/www</code>, <code>/www/htdocs</code>, et
+ <code>/www/htdocs/index.html</code>. Les résultats de ces appels à
+ <code>lstat</code> ne sont jamais mis en cache, ils devront donc être
+ générés à nouveau pour chaque nouvelle requête. Si vous voulez absolument
+ vérifier la sécurité des liens symboliques, vous pouvez utiliser une
+ configuration du style :</p>
+
+ <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs"
+&lt;Directory "/"&gt;
+ Options FollowSymLinks
+&lt;/Directory&gt;
+
+&lt;Directory "/www/htdocs"&gt;
+ Options -FollowSymLinks +SymLinksIfOwnerMatch
+&lt;/Directory&gt;</pre>
+
+
+ <p>Ceci évite au moins les vérifications supplémentaires pour le chemin
+ défini par <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code>. Notez que
+ vous devrez ajouter des sections similaires si vous avez des chemins
+ définis par les directives
+ <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code> ou
+ <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> en dehors de
+ la racine de vos documents. Pour améliorer les performances, et supprimer
+ toute protection des liens symboliques, ajoutez l'option
+ <code>FollowSymLinks</code> partout, et n'utilisez jamais l'option
+ <code>SymLinksIfOwnerMatch</code>.</p>
+
+
+
+ <h3><a name="htaccess" id="htaccess">AllowOverride</a></h3>
+
+
+
+ <p>Dans toute partie de votre espace d'adressage où vous autoriserez
+ la surcharge de la configuration (en général à l'aide de fichiers
+ <code>.htaccess</code>), Apache va tenter d'ouvrir <code>.htaccess</code>
+ pour chaque élément du chemin du fichier demandé. Par exemple, si vous
+ avez : </p>
+
+ <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs"
+&lt;Directory "/"&gt;
+ AllowOverride all
+&lt;/Directory&gt;</pre>
+
+
+ <p>et qu'une requête demande l'URI <code>/index.html</code>, Apache
+ tentera d'ouvrir <code>/.htaccess</code>, <code>/www/.htaccess</code>,
+ et <code>/www/htdocs/.htaccess</code>. Les solutions sont similaires à
+ celles évoquées précédemment pour <code>Options FollowSymLinks</code>.
+ Pour améliorer les performances, utilisez <code>AllowOverride None</code>
+ pour tous les niveaux de votre espace d'adressage.</p>
+
+
+
+ <h3><a name="negotiation" id="negotiation">Négociation</a></h3>
+
+
+
+ <p>Dans la mesure du possible, évitez toute négociation de contenu si
+ vous tenez au moindre gain en performances. En pratique toutefois,
+ les bénéfices de la négociation l'emportent souvent sur la diminution
+ des performances.
+ Il y a cependant un cas dans lequel vous pouvez accélérer le serveur.
+ Au lieu d'utiliser une directive générique comme :</p>
+
+ <pre class="prettyprint lang-config">DirectoryIndex index</pre>
+
+
+ <p>utilisez une liste explicite d'options :</p>
+
+ <pre class="prettyprint lang-config">DirectoryIndex index.cgi index.pl index.shtml index.html</pre>
+
+
+ <p>où vous placez le choix courant en première position.</p>
+
+ <p>Notez aussi que créer explicitement un fichier de
+ <code>correspondances de type</code> fournit de meilleures performances
+ que l'utilisation des <code>MultiViews</code>, car les informations
+ nécessaires peuvent être simplement obtenues en lisant ce fichier, sans
+ avoir à parcourir le répertoire à la recherche de types de fichiers.</p>
+
+ <p>Par conséquent, si la négociation de contenu est nécessaire pour votre
+ site, préférez les fichiers de <code>correspondances de type</code> aux
+ directives <code>Options MultiViews</code> pour mener à bien cette
+ négociation. Se référer au document sur la
+ <a href="../content-negotiation.html">Négociation de contenu</a> pour une
+ description complète des méthodes de négociation, et les instructions
+ permettant de créer des fichiers de <code>correspondances de type</code>.</p>
+
+
+
+ <h3>Transfert en mémoire</h3>
+
+
+
+ <p>Dans les situations où Apache 2.x doit consulter le contenu d'un
+ fichier en train d'être servi - par exemple à l'occasion du traitement
+ d'une inclusion côté serveur - il transfère en général le fichier en
+ mémoire si le système d'exploitation supporte une forme quelconque
+ de <code>mmap(2)</code>.</p>
+
+ <p>Sur certains systèmes, ce transfert en mémoire améliore les
+ performances. Dans certains cas, ce transfert peut toutefois les dégrader
+ et même diminuer la stabilité du démon httpd :</p>
+
+ <ul>
+ <li>
+ <p>Dans certains systèmes d'exploitation, <code>mmap</code> devient
+ moins efficace que <code>read(2)</code> quand le nombre de
+ processeurs augmente. Sur les serveurs multiprocesseurs sous Solaris,
+ par exemple, Apache 2.x sert parfois les fichiers consultés par le
+ serveur plus rapidement quand <code>mmap</code> est désactivé.</p>
+ </li>
+
+ <li>
+ <p>Si vous transférez en mémoire un fichier localisé dans un système
+ de fichiers monté par NFS, et si un processus sur
+ une autre machine cliente NFS supprime ou tronque le fichier, votre
+ processus peut rencontrer une erreur de bus la prochaine fois qu'il
+ essaiera d'accéder au contenu du fichier en mémoire.</p>
+ </li>
+ </ul>
+
+ <p>Pour les installations où une de ces situations peut se produire,
+ vous devez utiliser <code>EnableMMAP off</code> afin de désactiver le
+ transfert en mémoire des fichiers servis. (Note : il est possible de
+ passer outre cette directive au niveau de chaque répertoire.)</p>
+
+
+
+ <h3>Sendfile</h3>
+
+
+
+ <p>Dans les cas où Apache peut se permettre d'ignorer le contenu du
+ fichier à servir - par exemple, lorsqu'il sert un contenu de fichier
+ statique - il utilise en général le support sendfile du noyau si le
+ système d'exploitation supporte l'opération <code>sendfile(2)</code>.</p>
+
+ <p>Sur la plupart des plateformes, l'utilisation de sendfile améliore
+ les performances en éliminant les mécanismes de lecture et envoi séparés.
+ Dans certains cas cependant, l'utilisation de sendfile peut nuire à la
+ stabilité du démon httpd :</p>
+
+ <ul>
+ <li>
+ <p>Certaines plateformes peuvent présenter un support de sendfile
+ défaillant que la construction du système n'a pas détecté, en
+ particulier si les binaires ont été construits sur une autre machine
+ et transférés sur la machine où le support de sendfile est
+ défaillant.</p>
+ </li>
+ <li>
+ <p>Dans le cas d'un système de fichiers monté
+ sous NFS, le noyau peut s'avérer incapable de servir
+ les fichiers réseau de manière fiable depuis
+ son propre cache.</p>
+ </li>
+ </ul>
+
+ <p>Pour les installations où une de ces situations peut se produire,
+ vous devez utiliser <code>EnableSendfile off</code> afin de désactiver
+ la mise à disposition de contenus de fichiers par sendfile. (Note : il
+ est possible de passer outre cette directive au niveau de chaque
+ répertoire.)</p>
+
+
+
+ <h3><a name="process" id="process">Process Creation</a></h3>
+
+
+
+ <p>Avant Apache 1.3, les directives
+ <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>,
+ <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code>, et
+ <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> avaient des
+ effets drastiques sur les performances de référence. En particulier,
+ Apache avait besoin d'un délai de "montée en puissance" afin d'atteindre
+ un nombre de processus enfants suffisant pour supporter la charge qui lui
+ était appliquée. Après le lancement initial des processus enfants par
+ <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code>, seulement un
+ processus enfant par seconde était créé afin d'atteindre la valeur de la
+ directive <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>. Ainsi,
+ un serveur accédé par 100 clients simultanés et utilisant la valeur par
+ défaut de <code>5</code> pour la directive
+ <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code>, nécessitait
+ environ 95 secondes pour lancer suffisamment de processus enfants
+ permettant de faire face à la charge. Ceci fonctionne en pratique pour
+ les serveurs en production, car ils sont rarement redémarrés. Ce n'est
+ cependant pas le cas pour les tests de référence (benchmarks) où le
+ serveur ne fonctionne que 10 minutes.</p>
+
+ <p>La règle "un processus par seconde" avait été implémentée afin
+ d'éviter l'enlisement de la machine dans le démarrage de nouveaux
+ processus enfants. Pendant que la machine est occupée à lancer des
+ processus enfants, elle ne peut pas traiter les requêtes. Mais cette
+ règle impactait tellement la perception des performances d'Apache qu'elle
+ a dû être remplacée. A partir d'Apache 1.3, le code a assoupli la règle
+ "un processus par seconde". Il va en lancer un, attendre une seconde,
+ puis en lancer deux, attendre une seconde, puis en lancer quatre et
+ ainsi de suite jusqu'à lancer 32 processus. Il s'arrêtera lorsque le
+ nombre de processus aura atteint la valeur définie par la directive
+ <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>.</p>
+
+ <p>Ceci s'avère suffisamment réactif pour pouvoir en général se passer
+ de manipuler les valeurs des directives
+ <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>,
+ <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code> et
+ <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code>. Lorsque plus de
+ 4 processus enfants sont lancés par seconde, un message est émis vers
+ le journal des erreurs. Si vous voyez apparaître souvent ce genre de
+ message, vous devez vous pencher sur ces réglages. Pour vous guider,
+ utilisez les informations délivrées par le module
+ <code class="module"><a href="../mod/mod_status.html">mod_status</a></code>.</p>
+
+ <p>À mettre en relation avec la création de processus, leur destruction
+ est définie par la valeur de la directive
+ <code class="directive"><a href="../mod/mpm_common.html#maxconnectionsperchild">MaxConnectionsPerChild</a></code>. Sa valeur
+ par défaut est <code>0</code>, ce qui signifie qu'il n'y a pas de limite
+ au nombre de connexions qu'un processus enfant peut traiter. Si votre
+ configuration actuelle a cette directive réglée à une valeur très basse,
+ de l'ordre de <code>30</code>, il est conseillé de l'augmenter de manière
+ significative. Si vous utilisez SunOs ou une ancienne version de Solaris,
+ utilisez une valeur de l'ordre de <code>10000</code> à cause des fuites
+ de mémoire.</p>
+
+ <p>Lorsqu'ils sont en mode "keep-alive", les processus enfants sont
+ maintenus et ne font rien sinon attendre la prochaine requête sur la
+ connexion déjà ouverte. La valeur par défaut de <code>5</code> de la
+ directive <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> tend à
+ minimiser cet effet. Il faut trouver le bon compromis entre la bande
+ passante réseau et les ressources du serveur. En aucun cas vous ne devez
+ choisir une valeur supérieure à <code>60</code> seconds, car
+ <a href="http://www.hpl.hp.com/techreports/Compaq-DEC/WRL-95-4.html">
+ la plupart des bénéfices sont alors perdus</a>.</p>
+
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="compiletime" id="compiletime">Optimisation de la configuration à la compilation</a></h2>
+
+
+
+ <h3>Choisir un Module Multi-Processus (MPM)</h3>
+
+
+
+ <p>Apache 2.x supporte les modèles simultanés enfichables, appelés
+ <a href="../mpm.html">Modules Multi-Processus</a> (MPMs). Vous devez
+ choisir un MPM au moment de la construction d'Apache. Certaines
+ plateformes ont des modules MPM spécifiques :
+ <code class="module"><a href="../mod/mpm_netware.html">mpm_netware</a></code>, <code class="module"><a href="../mod/mpmt_os2.html">mpmt_os2</a></code> et
+ <code class="module"><a href="../mod/mpm_winnt.html">mpm_winnt</a></code>. Sur les systèmes de type Unix, vous avez le
+ choix entre un grand nombre de modules MPM. Le choix du MPM peut affecter
+ la vitesse et l'évolutivité du démon httpd :</p>
+
+ <ul>
+
+ <li>Le MPM <code class="module"><a href="../mod/worker.html">worker</a></code> utilise plusieurs processus
+ enfants possédant chacun de nombreux threads. Chaque thread gère une
+ seule connexion à la fois. Worker est en général un bon choix pour les
+ serveurs présentant un traffic important car il possède une empreinte
+ mémoire plus petite que le MPM prefork.</li>
+
+ <li>Comme le MPM Worker, le MPM <code class="module"><a href="../mod/event.html">event</a></code> utilise
+ les threads, mais il a été conçu pour traiter davantage de
+ requêtes simultanément en confiant une partie du travail à des
+ threads de support, ce qui permet aux threads principaux de
+ traiter de nouvelles requêtes.</li>
+
+ <li>Le MPM <code class="module"><a href="../mod/prefork.html">prefork</a></code> utilise plusieurs processus enfants
+ possédant chacun un seul thread. Chaque processus gère une seule
+ connexion à la fois. Sur de nombreux systèmes, prefork est comparable
+ en matière de vitesse à worker, mais il utilise plus de mémoire. De par
+ sa conception sans thread, prefork présente des avantages par rapport à
+ worker dans certaines situations : il peut être utilisé avec les
+ modules tiers qui ne supportent pas le threading, et son débogage est plus
+ aisé sur les platesformes présentant un support du débogage des threads
+ rudimentaire.</li>
+
+ </ul>
+
+ <p>Pour plus d'informations sur ces deux MPMs et les autres, veuillez
+ vous référer à la <a href="../mpm.html">documentation sur les
+ MPM</a>.</p>
+
+
+
+ <h3><a name="modules" id="modules">Modules</a></h3>
+
+
+
+ <p>Comme le contrôle de l'utilisation de la mémoire est très important
+ en matière de performance, il est conseillé d'éliminer les modules que
+ vous n'utilisez pas vraiment. Si vous avez construit ces modules en
+ tant que <a href="../dso.html">DSOs</a>, leur élimination consiste
+ simplement à commenter la directive
+ <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code> associée à ce
+ module. Ceci vous permet de vérifier si votre site fonctionne toujours
+ après la suppression de tel ou tel module.</p>
+
+ <p>Par contre, si les modules que vous voulez supprimer sont liés
+ statiquement à votre binaire Apache, vous devrez recompiler ce dernier
+ afin de pouvoir les éliminer.</p>
+
+ <p>La question qui découle de ce qui précède est évidemment de
+ savoir de quels modules vous avez besoin et desquels vous pouvez vous
+ passer. La réponse sera bien entendu différente d'un site web à
+ l'autre. Cependant, la liste <em>minimale</em> de modules nécessaire à
+ la survie de votre site contiendra certainement
+ <code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code>, <code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code> et
+ <code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code>. <code>mod_log_config</code> est bien
+ entendu optionnel puisque vous pouvez faire fonctionner un site web
+ en se passant de fichiers journaux ; ceci est cependant
+ déconseillé.</p>
+
+
+
+ <h3>Opérations atomiques</h3>
+
+
+
+ <p>Certains modules, à l'instar de <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> et des
+ versions de développement récentes du MPM worker, utilisent l'API
+ atomique d'APR. Cette API propose des opérations atomiques que l'on
+ peut utiliser pour alléger la synchronisation des threads.</p>
+
+ <p>Par défaut, APR implémente ces opérations en utilisant les
+ mécanismes les plus efficaces disponibles sur chaque plateforme cible
+ (Système d'exploitation et processeur). De nombreux processeurs modernes,
+ par exemple, possèdent une instruction qui effectue une opération
+ atomique de type comparaison et échange ou compare-and-swap (CAS) au
+ niveau matériel. Sur certaines platesformes cependant, APR utilise par
+ défaut une implémentation de l'API atomique plus lente, basée sur les
+ mutex, afin d'assurer la compatibilité avec les anciens modèles de
+ processeurs qui ne possèdent pas ce genre d'instruction. Si vous
+ construisez Apache pour une de ces platesformes, et ne prévoyez de
+ l'exécuter que sur des processeurs récents, vous pouvez sélectionner une
+ implémentation atomique plus rapide à la compilation en utilisant
+ l'option <code>--enable-nonportable-atomics</code> du
+ script configure :</p>
+
+ <div class="example"><p><code>
+ ./buildconf<br />
+ ./configure --with-mpm=worker --enable-nonportable-atomics=yes
+ </code></p></div>
+
+ <p>L'option <code>--enable-nonportable-atomics</code> concerne les
+ platesformes suivantes :</p>
+
+ <ul>
+
+ <li>Solaris sur SPARC<br />
+ Sur Solaris/SPARC, APR utilise par défaut les opérations
+ atomiques basées sur les mutex. Cependant, si vous ajoutez l'option
+ <code>--enable-nonportable-atomics</code> au script configure, APR
+ génère un code qui utilise le code opération SPARC v8plus pour des
+ opérations de compare-and-swap matériel plus rapides. Si vous
+ utilisez cette option de configure avec Apache, les opérations
+ atomiques seront plus efficaces (permettant d'alléger la charge du
+ processeur et un plus haut niveau de simultanéité), mais
+ l'exécutable produit ne fonctionnera que sur les processeurs
+ UltraSPARC.
+ </li>
+
+ <li>Linux sur x86<br />
+ Sous Linux, APR utilise par défaut les opérations atomiques basées
+ sur les mutex. Cependant, si vous ajoutez l'option
+ <code>--enable-nonportable-atomics</code> au script configure,
+ APR générera un code qui utilise un code d'opération du 486
+ pour des opérations de compare-and-swap matériel plus rapides. Le
+ code résultant est plus efficace en matière d'opérations atomiques,
+ mais l'exécutable produit ne fonctionnera que sur des processeurs
+ 486 et supérieurs (et non sur des 386).
+ </li>
+
+ </ul>
+
+
+
+ <h3>Module mod_status et ExtendedStatus On</h3>
+
+
+
+ <p>Si vous incluez le module <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> à la
+ construction d'Apache et ajoutez <code>ExtendedStatus On</code> à sa
+ configuration, Apache va effectuer pour chaque requête deux appels à
+ <code>gettimeofday(2)</code> (ou <code>times(2)</code> selon votre
+ système d'exploitation), et (pour les versions antérieures à 1.3) de
+ nombreux appels supplémentaires à <code>time(2)</code>. Tous ces
+ appels sont effectués afin que le rapport de statut puisse contenir
+ des indications temporelles. Pour améliorer les performances, utilisez
+ <code>ExtendedStatus off</code> (qui est le réglage par défaut).</p>
+
+
+
+ <h3>accept Serialization - points de connexion à un programme (sockets) multiples</h3>
+
+
+
+ <div class="warning"><h3>Mise en garde :</h3>
+ <p>Cette section n'a pas été totalement mise à jour car elle ne tient pas
+ compte des changements intervenus dans la version 2.x du Serveur HTTP
+ Apache. Certaines informations sont encore pertinentes, il vous est
+ cependant conseillé de les utiliser avec prudence.</p>
+ </div>
+
+ <p>Ce qui suit est une brève discussion à propos de l'API des sockets
+ Unix. Supposons que votre serveur web utilise plusieurs directives
+ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> afin d'écouter
+ plusieurs ports ou de multiples adresses. Afin de tester chaque socket
+ pour voir s'il a une connexion en attente, Apache utilise
+ <code>select(2)</code>. <code>select(2)</code> indique si un socket a
+ <em>zéro</em> ou <em>au moins une</em> connexion en attente. Le modèle
+ d'Apache comporte plusieurs processus enfants, et tous ceux qui sont
+ inactifs testent la présence de nouvelles connexions au même moment.
+ Une implémentation rudimentaire de ceci pourrait ressembler à
+ l'exemple suivant
+ (ces exemples ne sont pas extraits du code d'Apache, ils ne sont
+ proposés qu'à des fins pédagogiques) :</p>
+
+ <pre class="prettyprint lang-c"> for (;;) {
+ for (;;) {
+ fd_set accept_fds;
+
+ FD_ZERO (&amp;accept_fds);
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ FD_SET (i, &amp;accept_fds);
+ }
+ rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
+ if (rc &lt; 1) continue;
+ new_connection = -1;
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ if (FD_ISSET (i, &amp;accept_fds)) {
+ new_connection = accept (i, NULL, NULL);
+ if (new_connection != -1) break;
+ }
+ }
+ if (new_connection != -1) break;
+ }
+ process_the(new_connection);
+ }</pre>
+
+
+ <p>Mais cette implémentation rudimentaire présente une sérieuse lacune.
+ Rappelez-vous que les processus enfants exécutent cette boucle au même
+ moment ; ils vont ainsi bloquer sur <code>select</code> s'ils se trouvent
+ entre deux requêtes. Tous ces processus bloqués vont se réactiver et
+ sortir de <code>select</code> quand une requête va apparaître sur un des
+ sockets (le nombre de processus enfants qui se réactivent varie en
+ fonction du système d'exploitation et des réglages de synchronisation).
+ Ils vont alors tous entrer dans la boucle et tenter un
+ <code>"accept"</code> de la connexion. Mais seulement un d'entre eux y
+ parviendra (en supposant qu'il ne reste q'une seule connexion en
+ attente), les autres vont se bloquer au niveau de <code>accept</code>.
+ Ceci verrouille vraiment ces processus de telle sorte qu'ils ne peuvent
+ plus servir de requêtes que par cet unique socket, et il en sera ainsi
+ jusqu'à ce que suffisamment de nouvelles requêtes apparaissent sur ce
+ socket pour les réactiver tous. Cette lacune a été documentée pour la
+ première fois dans
+ <a href="http://bugs.apache.org/index/full/467">PR#467</a>. Il existe
+ au moins deux solutions.</p>
+
+ <p>La première consiste à rendre les sockets non blocants. Dans ce cas,
+ <code>accept</code> ne bloquera pas les processus enfants, et ils
+ pourront continuer à s'exécuter immédiatement. Mais ceci consomme des
+ ressources processeur. Supposons que vous ayez dix processus enfants
+ inactifs dans <code>select</code>, et qu'une connexion arrive.
+ Neuf des dix processus vont se réactiver, tenter un <code>accept</code>
+ de la connexion, échouer, et boucler dans <code>select</code>, tout en
+ n'ayant finalement rien accompli. Pendant ce temps, aucun de ces processus
+ ne traite les requêtes qui arrivent sur d'autres sockets jusqu'à ce
+ qu'ils retournent dans <code>select</code>. Finalement, cette solution
+ ne semble pas très efficace, à moins que vous ne disposiez d'autant de
+ processeurs inactifs (dans un serveur multiprocesseur) que de processus
+ enfants inactifs, ce qui n'est pas une situation très courante.</p>
+
+ <p>Une autre solution, celle qu'utilise Apache, consiste à sérialiser les
+ entrées dans la boucle interne. La boucle ressemble à ceci (les
+ différences sont mises en surbrillance) :</p>
+
+ <pre class="prettyprint lang-c"> for (;;) {
+ <strong>accept_mutex_on ();</strong>
+ for (;;) {
+ fd_set accept_fds;
+
+ FD_ZERO (&amp;accept_fds);
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ FD_SET (i, &amp;accept_fds);
+ }
+ rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
+ if (rc &lt; 1) continue;
+ new_connection = -1;
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ if (FD_ISSET (i, &amp;accept_fds)) {
+ new_connection = accept (i, NULL, NULL);
+ if (new_connection != -1) break;
+ }
+ }
+ if (new_connection != -1) break;
+ }
+ <strong>accept_mutex_off ();</strong>
+ process the new_connection;
+ }</pre>
+
+
+ <p><a id="serialize" name="serialize">Les fonctions</a>
+ <code>accept_mutex_on</code> et <code>accept_mutex_off</code>
+ implémentent un sémaphore permettant une exclusion mutuelle. Un seul
+ processus enfant à la fois peut posséder le mutex. Plusieurs choix se
+ présentent pour implémenter ces mutex. Ce choix est défini dans
+ <code>src/conf.h</code> (versions antérieures à 1.3) ou
+ <code>src/include/ap_config.h</code> (versions 1.3 ou supérieures).
+ Certaines architectures ne font pas ce choix du mode de verrouillage ;
+ l'utilisation de directives
+ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> multiples sur ces
+ architectures est donc peu sûr.</p>
+
+ <p>La directive <code class="directive"><a href="../mod/core.html#mutex">Mutex</a></code> permet
+ de modifier l'implémentation du mutex <code>mpm-accept</code> à
+ l'exécution. Des considérations spécifiques aux différentes
+ implémentations de mutex sont documentées avec cette directive.</p>
+
+ <p>Une autre solution qui a été imaginée mais jamais implémentée, consiste
+ à sérialiser partiellement la boucle -- c'est à dire y faire entrer un
+ certain nombre de processus. Ceci ne présenterait un intérêt que sur les
+ machines multiprocesseurs où plusieurs processus enfants peuvent
+ s'exécuter simultanément, et encore, la sérialisation ne tire pas
+ vraiment parti de toute la bande passante. C'est une possibilité
+ d'investigation future, mais demeure de priorité basse car les serveurs
+ web à architecture hautement parallèle ne sont pas la norme.</p>
+
+ <p>Pour bien faire, vous devriez faire fonctionner votre serveur sans
+ directives <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> multiples
+ si vous visez les performances les plus élevées.
+ Mais lisez ce qui suit.</p>
+
+
+
+ <h3>accept Serialization - point de connexion à un programme (sockets) unique</h3>
+
+
+
+ <p>Ce qui précède convient pour les serveurs à sockets multiples, mais
+ qu'en est-il des serveurs à socket unique ? En théorie, ils ne
+ devraient pas rencontrer les mêmes problèmes car tous les processus
+ enfants peuvent se bloquer dans <code>accept(2)</code> jusqu'à ce qu'une
+ connexion arrive, et ils ne sont pas utilisés à ne rien faire. En
+ pratique, ceci dissimule un même comportement de bouclage
+ discuté plus haut dans la solution non-blocante. De la manière dont
+ sont implémentées les piles TCP, le noyau réactive véritablement tous les
+ processus bloqués dans <code>accept</code> quand une seule connexion
+ arrive. Un de ces processus prend la connexion en compte et retourne
+ dans l'espace utilisateur, les autres bouclant dans l'espace du
+ noyau et se désactivant quand ils s'aperçoivent qu'il n'y a pas de
+ connexion pour eux. Ce bouclage est invisible depuis le code de l'espace
+ utilisateur, mais il est quand-même présent. Ceci peut conduire à la
+ même augmentation de charge à perte que la solution non blocante au cas
+ des sockets multiples peut induire.</p>
+
+ <p>Pour cette raison, il apparaît que de nombreuses architectures se
+ comportent plus "proprement" si on sérialise même dans le cas d'une socket
+ unique. Il s'agit en fait du comportement par défaut dans la plupart des
+ cas. Des expériences poussées sous Linux (noyau 2.0.30 sur un
+ biprocesseur Pentium pro 166 avec 128 Mo de RAM) ont montré que la
+ sérialisation d'une socket unique provoque une diminution inférieure à 3%
+ du nombre de requêtes par secondes par rapport au traitement non
+ sérialisé. Mais le traitement non sérialisé des sockets uniques induit
+ un temps de réponse supplémentaire de 100 ms pour chaque requête. Ce
+ temps de réponse est probablement provoqué par une limitation sur les
+ lignes à haute charge, et ne constitue un problème que sur les réseaux
+ locaux. Si vous voulez vous passer de la sérialisation des sockets
+ uniques, vous pouvez définir
+ <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code> et les
+ serveurs à socket unique ne pratiqueront plus du tout la
+ sérialisation.</p>
+
+
+
+ <h3>Fermeture en prenant son temps (Lingering close)</h3>
+
+
+
+ <p>Comme discuté dans <a href="http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt">
+ draft-ietf-http-connection-00.txt</a> section 8, pour implémenter de
+ manière <strong>fiable</strong> le protocole, un serveur HTTP doit fermer
+ les deux directions d'une communication indépendamment (rappelez-vous
+ qu'une connexion TCP est bidirectionnelle, chaque direction étant
+ indépendante de l'autre).</p>
+
+ <p>Quand cette fonctionnalité fut ajoutée à Apache, elle causa une
+ avalanche de problèmes sur plusieurs versions d'Unix à cause d'une
+ implémentation à courte vue. La spécification TCP ne précise pas que
+ l'état <code>FIN_WAIT_2</code> possède un temps de réponse mais elle ne
+ l'exclut pas. Sur les systèmes qui n'introduisent pas ce temps de
+ réponse, Apache 1.2 induit de nombreux blocages définitifs de socket
+ dans l'état <code>FIN_WAIT_2</code>. On peut eviter ceci dans de nombreux
+ cas tout simplement en mettant à jour TCP/IP avec le dernier patch mis à
+ disposition par le fournisseur. Dans les cas où le fournisseur n'a
+ jamais fourni de patch (par exemple, SunOS4 -- bien que les utilisateurs
+ possédant une license source puissent le patcher eux-mêmes), nous avons
+ décidé de désactiver cette fonctionnalité.</p>
+
+ <p>Il y a deux méthodes pour arriver à ce résultat. La première est
+ l'option de socket <code>SO_LINGER</code>. Mais le sort a voulu que cette
+ solution ne soit jamais implémentée correctement dans la plupart des
+ piles TCP/IP. Et même dans les rares cas où cette solution a été
+ implémentée correctement (par exemple Linux 2.0.31), elle se
+ montre beaucoup plus gourmande (en temps processeur) que la solution
+ suivante.</p>
+
+ <p>Pour la plus grande partie, Apache implémente cette solution à l'aide
+ d'une fonction appelée <code>lingering_close</code> (définie dans
+ <code>http_main.c</code>). La fonction ressemble approximativement à
+ ceci :</p>
+
+ <pre class="prettyprint lang-c"> void lingering_close (int s)
+ {
+ char junk_buffer[2048];
+
+ /* shutdown the sending side */
+ shutdown (s, 1);
+
+ signal (SIGALRM, lingering_death);
+ alarm (30);
+
+ for (;;) {
+ select (s for reading, 2 second timeout);
+ if (error) break;
+ if (s is ready for reading) {
+ if (read (s, junk_buffer, sizeof (junk_buffer)) &lt;= 0) {
+ break;
+ }
+ /* just toss away whatever is here */
+ }
+ }
+
+ close (s);
+ }</pre>
+
+
+ <p>Ceci ajoute naturellement un peu de charge à la fin d'une connexion,
+ mais s'avère nécessaire pour une implémentation fiable. Comme HTTP/1.1
+ est de plus en plus présent et que toutes les connexions sont
+ persistentes, la charge sera amortie par la multiplicité des requêtes.
+ Si vous voulez jouer avec le feu en désactivant cette fonctionnalité,
+ vous pouvez définir <code>NO_LINGCLOSE</code>, mais c'est fortement
+ déconseillé. En particulier, comme les connexions persistantes en
+ pipeline de HTTP/1.1 commencent à être utilisées,
+ <code>lingering_close</code> devient une absolue nécessité (et les
+ <a href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html">
+ connexions en pipeline sont plus rapides</a> ; vous avez donc tout
+ intérêt à les supporter).</p>
+
+
+
+ <h3>Fichier tableau de bord (Scoreboard file)</h3>
+
+
+
+ <p>Les processus parent et enfants d'Apache communiquent entre eux à
+ l'aide d'un objet appelé "Tableau de bord" (Scoreboard). Idéalement, cet
+ échange devrait s'effectuer en mémoire partagée. Pour les systèmes
+ d'exploitation auxquels nous avons eu accès, ou pour lesquels nous avons
+ obtenu des informations suffisamment détaillées pour effectuer un
+ portage, cet échange est en général implémenté en utilisant la mémoire
+ partagée. Pour les autres, on utilise par défaut un fichier d'échange sur
+ disque. Le fichier d'échange sur disque est non seulement lent, mais
+ aussi peu fiable (et propose moins de fonctionnalités). Recherchez dans
+ le fichier <code>src/main/conf.h</code> correspondant à votre
+ architecture soit <code>USE_MMAP_SCOREBOARD</code>, soit
+ <code>USE_SHMGET_SCOREBOARD</code>. La définition de l'un des deux
+ (ainsi que leurs compagnons respectifs <code>HAVE_MMAP</code> et
+ <code>HAVE_SHMGET</code>), active le code fourni pour la mémoire
+ partagée. Si votre système propose une autre solution pour la gestion de
+ la mémoire partagée, éditez le fichier <code>src/main/http_main.c</code>
+ et ajoutez la portion de code nécessaire pour pouvoir l'utiliser dans
+ Apache (Merci de nous envoyer aussi le patch correspondant).</p>
+
+ <div class="note">Note à caractère historique : le portage d'Apache sous Linux
+ n'utilisait pas la mémoire partagée avant la version 1.2. Ceci entraînait
+ un comportement très rudimentaire et peu fiable des versions antérieures
+ d'Apache sous Linux.</div>
+
+
+
+ <h3>DYNAMIC_MODULE_LIMIT</h3>
+
+
+
+ <p>Si vous n'avez pas l'intention d'utiliser les modules chargés
+ dynamiquement (ce qui est probablement le cas si vous êtes en train de
+ lire ce document afin de personnaliser votre serveur en recherchant le
+ moindre des gains en performances), vous pouvez ajouter la définition
+ <code>-DDYNAMIC_MODULE_LIMIT=0</code> à la construction de votre serveur.
+ Ceci aura pour effet de libérer la mémoire RAM allouée pour le
+ chargement dynamique des modules.</p>
+
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="trace" id="trace">Appendice : Analyse détaillée d'une trace</a></h2>
+
+
+
+ <p>Voici la trace d'un appel système d'Apache 2.0.38 avec le MPM worker
+ sous Solaris 8. Cette trace a été collectée à l'aide de la commande :</p>
+
+ <div class="example"><p><code>
+ truss -l -p <var>httpd_child_pid</var>.
+ </code></p></div>
+
+ <p>L'option <code>-l</code> demande à truss de tracer l'ID du LWP
+ (lightweight process--la version de Solaris des threads niveau noyau) qui
+ invoque chaque appel système.</p>
+
+ <p>Les autres systèmes peuvent proposer des utilitaires de traçage
+ des appels système différents comme <code>strace</code>,
+ <code>ktrace</code>, ou <code>par</code>. Ils produisent cependant tous une
+ trace similaire.</p>
+
+ <p>Dans cette trace, un client a demandé un fichier statique de 10 ko au
+ démon httpd. Le traçage des requêtes pour des contenus non statiques
+ ou comportant une négociation de contenu a une présentation
+ différente (et même assez laide dans certains cas).</p>
+
+ <div class="example"><pre>/67: accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...)
+/67: accept(3, 0x00200BEC, 0x00200C0C, 1) = 9</pre></div>
+
+ <p>Dans cette trace, le thread à l'écoute s'exécute à l'intérieur de
+ LWP #67.</p>
+
+ <div class="note">Notez l'absence de la sérialisation d'<code>accept(2)</code>. Sur
+ cette plateforme spécifique, le MPM worker utilise un accept non sérialisé
+ par défaut sauf s'il est en écoute sur des ports multiples.</div>
+
+ <div class="example"><pre>/65: lwp_park(0x00000000, 0) = 0
+/67: lwp_unpark(65, 1) = 0</pre></div>
+
+ <p>Après avoir accepté la connexion, le thread à l'écoute réactive un
+ thread du worker pour effectuer le traitement de la requête. Dans cette
+ trace, le thread du worker qui traite la requête est associé à
+ LWP #65.</p>
+
+ <div class="example"><pre>/65: getsockname(9, 0x00200BA4, 0x00200BC4, 1) = 0</pre></div>
+
+ <p>Afin de pouvoir implémenter les hôtes virtuels, Apache doit connaître
+ l'adresse du socket local utilisé pour accepter la connexion. On pourrait
+ supprimer cet appel dans de nombreuses situations (par exemple dans le cas
+ où il n'y a pas d'hôte virtuel ou dans le cas où les directives
+ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> contiennent des adresses
+ sans caractères de substitution). Mais aucun effort n'a été accompli à ce
+ jour pour effectuer ces optimisations.</p>
+
+ <div class="example"><pre>/65: brk(0x002170E8) = 0
+/65: brk(0x002190E8) = 0</pre></div>
+
+ <p>L'appel <code>brk(2)</code> alloue de la mémoire dans le tas. Ceci est
+ rarement visible dans une trace d'appel système, car le démon httpd
+ utilise des allocateurs mémoire de son cru (<code>apr_pool</code> et
+ <code>apr_bucket_alloc</code>) pour la plupart des traitements de requêtes.
+ Dans cette trace, le démon httpd vient juste de démarrer, et il doit
+ appeler <code>malloc(3)</code> pour réserver les blocs de mémoire
+ nécessaires à la création de ses propres allocateurs de mémoire.</p>
+
+ <div class="example"><pre>/65: fcntl(9, F_GETFL, 0x00000000) = 2
+/65: fstat64(9, 0xFAF7B818) = 0
+/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0
+/65: fstat64(9, 0xFAF7B818) = 0
+/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0
+/65: setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0
+/65: fcntl(9, F_SETFL, 0x00000082) = 0</pre></div>
+
+ <p>Ensuite, le thread de worker passe la connexion du client (descripteur
+ de fichier 9) en mode non blocant. Les appels <code>setsockopt(2)</code>
+ et <code>getsockopt(2)</code> constituent un effet de bord de la manière
+ dont la libc de Solaris utilise <code>fcntl(2)</code> pour les sockets.</p>
+
+ <div class="example"><pre>/65: read(9, " G E T / 1 0 k . h t m".., 8000) = 97</pre></div>
+
+ <p>Le thread de worker lit la requête du client.</p>
+
+ <div class="example"><pre>/65: stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0
+/65: open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10</pre></div>
+
+ <p>Ce démon httpd a été configuré avec les options
+ <code>Options FollowSymLinks</code> et <code>AllowOverride None</code>. Il
+ n'a donc ni besoin d'appeler <code>lstat(2)</code> pour chaque répertoire
+ du chemin du fichier demandé, ni besoin de vérifier la présence de fichiers
+ <code>.htaccess</code>. Il appelle simplement <code>stat(2)</code> pour
+ vérifier d'une part que le fichier existe, et d'autre part que c'est un
+ fichier régulier, et non un répertoire.</p>
+
+ <div class="example"><pre>/65: sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C) = 10269</pre></div>
+
+ <p>Dans cet exemple, le démon httpd peut envoyer l'en-tête de la réponse
+ HTTP et le fichier demandé à l'aide d'un seul appel système
+ <code>sendfilev(2)</code>. La sémantique de sendfile varie en fonction des
+ systèmes d'exploitation. Sur certains autres systèmes, il faut faire un
+ appel à <code>write(2)</code> ou <code>writev(2)</code> pour envoyer les
+ en-têtes avant d'appeler <code>sendfile(2)</code>.</p>
+
+ <div class="example"><pre>/65: write(4, " 1 2 7 . 0 . 0 . 1 - ".., 78) = 78</pre></div>
+
+ <p>Cet appel à <code>write(2)</code> enregistre la requête dans le journal
+ des accès. Notez qu'une des choses manquant à cette trace est un appel à
+ <code>time(2)</code>. A la différence d'Apache 1.3, Apache 2.x utilise
+ <code>gettimeofday(3)</code> pour consulter l'heure. Sur certains systèmes
+ d'exploitation, comme Linux ou Solaris, <code>gettimeofday</code> est
+ implémenté de manière optimisée de telle sorte qu'il consomme moins de
+ ressources qu'un appel système habituel.</p>
+
+ <div class="example"><pre>/65: shutdown(9, 1, 1) = 0
+/65: poll(0xFAF7B980, 1, 2000) = 1
+/65: read(9, 0xFAF7BC20, 512) = 0
+/65: close(9) = 0</pre></div>
+
+ <p>Le thread de worker effectue une fermeture "en prenant son temps"
+ (lingering close) de la connexion.</p>
+
+ <div class="example"><pre>/65: close(10) = 0
+/65: lwp_park(0x00000000, 0) (sleeping...)</pre></div>
+
+ <p>Enfin, le thread de worker ferme le fichier qu'il vient de délivrer et
+ se bloque jusqu'à ce que le thread en écoute lui assigne une autre
+ connexion.</p>
+
+ <div class="example"><pre>/67: accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)</pre></div>
+
+ <p>Pendant ce temps, le thread à l'écoute peut accepter une autre connexion
+ à partir du moment où il a assigné la connexion présente à un thread de
+ worker (selon une certaine logique de contrôle de flux dans le MPM worker
+ qui impose des limites au thread à l'écoute si tous les threads de worker
+ sont occupés). Bien que cela n'apparaisse pas dans cette trace,
+ l'<code>accept(2)</code> suivant peut (et le fait en général, en situation
+ de charge élevée) s'exécuter en parallèle avec le traitement de la
+ connexion qui vient d'être acceptée par le thread de worker.</p>
+
+ </div></div>
+<div class="bottomlang">
+<p><span>Langues Disponibles: </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/perf-tuning.html" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/perf-tuning.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/perf-tuning.html.ko.euc-kr b/docs/manual/misc/perf-tuning.html.ko.euc-kr
new file mode 100644
index 0000000..bf88b86
--- /dev/null
+++ b/docs/manual/misc/perf-tuning.html.ko.euc-kr
@@ -0,0 +1,1006 @@
+<?xml version="1.0" encoding="EUC-KR"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head>
+<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>ġ - Apache HTTP Server Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p>
+<p class="apache">Apache HTTP Server Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1>ġ </h1>
+<div class="toplang">
+<p><span> : </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/perf-tuning.html" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="T&#252;rk&#231;e">&nbsp;tr&nbsp;</a></p>
+</div>
+<div class="outofdate"> ֽ ƴմϴ.
+ ֱٿ ϼ.</div>
+
+
+ <p>ġ 2.0 ɰ ðɼ µ
+ ̴. ġũ
+ ʾ ġ 2.0 .</p>
+
+ <p>ġ 1.3 ؼ 2.0 ó Ȯ强(scalability)
+ ̱ ȭ ߴ. ⺻ κ ȭ
+ Ѵ. ׷ Ͻ Ȥ ɿ
+ ū ִ. ġ 2.0 ϱ
+ ڰ ִ ɼ Ѵ. 
+ ɼ ϵ ü Ȱϵ
+ ϴ ݸ,  ɼ ӵ Ѵ.</p>
+
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#hardware">ϵ ü ؼ</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#runtime"> ؼ</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#compiletime">Ͻ ؼ</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#trace">η: ýȣ ڼ мϱ</a></li>
+</ul><h3></h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="hardware" id="hardware">ϵ ü ؼ</a></h2>
+
+
+
+ <p> ɿ ū ִ ޸𸮴.
+ û ð ڰ " ٰ" ϰ
+ ø⶧ ϸ ȵȴ. ڴ
+ ϰ ٽ Ͽ ϰ Ѵ. <code class="directive"><a href="../mod/mpm_common.html#maxclients">MaxClients</a></code> þ Ͽ
+ ڽ ʵ ؾ
+ Ѵ. ϴ: <code>top</code>
+ μ ġ μ ޸ 뷮
+ ˾Ƴ, ü 밡 ޸𸮿 ٸ μ
+ .</p>
+
+ <p> ϴ: CPU, Ʈī,
+ ũ, ⼭ " " ؼ ؾ
+ Ѵ.</p>
+
+ <p>ü ˾Ƽ ̴. ׷ Ϲ
+ ϴٰ Ǹ  ħ ִ:</p>
+
+ <ul>
+ <li>
+ <p> ü ֽ ġ Ѵ.
+ ü ۻ ֱ TCP ð ̺귯
+ ӵ ߴ.</p>
+ </li>
+
+ <li>
+ <p>ü <code>sendfile(2)</code> ýȣ
+ Ѵٸ, ̸ ϱ ̳ ġ ġϿ
+ ȮѴ. ( , 2.4 ̻ Ѵ.
+ Solaris 8 ʱ ġ ʿϴ.) ϴ ý̶
+ ġ 2 <code>sendfile</code> Ͽ CPU
+ ϸ մ.</p>
+ </li>
+ </ul>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="runtime" id="runtime"> ؼ</a></h2>
+
+
+
+ <table class="related"><tr><th>õ </th><th>õ þ</th></tr><tr><td><ul><li><code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code></li><li><code class="module"><a href="../mod/mpm_common.html">mpm_common</a></code></li><li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a></code></li><li><code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code></li><li><code class="directive"><a href="../mod/core.html#enablemmap">EnableMMAP</a></code></li><li><code class="directive"><a href="../mod/core.html#enablesendfile">EnableSendfile</a></code></li><li><code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code></li><li><code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code></li><li><code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code></li></ul></td></tr></table>
+
+ <h3><a name="dns" id="dns">HostnameLookups DNS </a></h3>
+
+
+
+ <p>ġ 1.3 <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> ⺻
+ <code>On</code>̿. û ġ DNS ˻
+ ϹǷ û . ġ 1.3
+ ⺻ <code>Off</code> Ǿ. α ּҸ
+ ȣƮ ȯϷ αó α׷ ϳ,
+ ġ Ե <a href="../programs/logresolve.html"><code>logresolve</code></a>
+ α׷ ϶.</p>
+
+ <p>αó ۾ ɿ ǿ ġǷ
+ ϴ ƴ ٸ ǻͿ α óϱ
+ ٶ.</p>
+
+ <p><code><code class="directive"><a href="../mod/mod_access.html#allow">Allow</a></code>
+ from domain</code>̳ <code><code class="directive"><a href="../mod/mod_access.html#deny">Deny</a></code> from domain</code>
+ þ Ѵٸ (, IP ּҰ ƴ ȣƮ̳ θ
+ Ѵٸ) ε ߺ- DNS ˻ (˻ Ƿ
+ Ǿ Ȯϱ ٽ ˻) ؾ Ѵ. ׷Ƿ
+ ̱ ̷ þ ϸ ̸ IP
+ ּҸ Ѵ.</p>
+
+ <p><code>&lt;Location /server-status&gt;</code>
+ þ ϶.
+ ǿ ´ û DNS ȸ Ѵ.
+ <code>.html</code> <code>.cgi</code> ϸ DNS ˻
+ ϴ :</p>
+
+ <div class="example"><p><code>
+ HostnameLookups off<br />
+ &lt;Files ~ "\.(html|cgi)$"&gt;<br />
+ <span class="indent">
+ HostnameLookups on<br />
+ </span>
+ &lt;/Files&gt;
+ </code></p></div>
+
+ <p>׷ CGI DNS ʿ ̶, ʿ Ư
+ CGI <code>gethostbyname</code> ȣ ϵ غ
+ ִ.</p>
+
+
+
+ <h3><a name="symlinks" id="symlinks">FollowSymLinks SymLinksIfOwnerMatch</a></h3>
+
+
+
+ <p>URL <code>Options FollowSymLinks</code>
+ ʰ <code>Options SymLinksIfOwnerMatch</code>
+ ϸ ġ ɺũ ˻ϱ ýȣ
+ ѹ ؾ Ѵ. ϸ κи ѹ ȣ
+ Ѵ. , :</p>
+
+ <div class="example"><p><code>
+ DocumentRoot /www/htdocs<br />
+ &lt;Directory /&gt;<br />
+ <span class="indent">
+ Options SymLinksIfOwnerMatch<br />
+ </span>
+ &lt;/Directory&gt;
+ </code></p></div>
+
+ <p><code>/index.html</code> URI û ִٰ .
+ ׷ ġ <code>/www</code>, <code>/www/htdocs</code>,
+ <code>/www/htdocs/index.html</code>
+ <code>lstat(2)</code> ȣѴ. <code>lstats</code>
+ ij ʱ⶧ û Ź
+ ۾ Ѵ. ¥ ɺũ ˻縦 Ѵٸ
+ ִ:</p>
+
+ <div class="example"><p><code>
+ DocumentRoot /www/htdocs<br />
+ &lt;Directory /&gt;<br />
+ <span class="indent">
+ Options FollowSymLinks<br />
+ </span>
+ &lt;/Directory&gt;<br />
+ <br />
+ &lt;Directory /www/htdocs&gt;<br />
+ <span class="indent">
+ Options -FollowSymLinks +SymLinksIfOwnerMatch<br />
+ </span>
+ &lt;/Directory&gt;
+ </code></p></div>
+
+ <p> ּ <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> δ ˻
+ ʴ´. DocumentRoot ۿ ִ η <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code> <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code>
+ 쿡 ʿϴ. ɺũ
+ ʰ ְ ,
+ <code>FollowSymLinks</code> ϰ,
+ <code>SymLinksIfOwnerMatch</code> ȵȴ.</p>
+
+
+
+ <h3><a name="htaccess" id="htaccess">AllowOverride</a></h3>
+
+
+
+ <p>URL overrides Ѵٸ (
+ <code>.htaccess</code> ) ġ ϸ κи
+ <code>.htaccess</code> õѴ. ,</p>
+
+ <div class="example"><p><code>
+ DocumentRoot /www/htdocs<br />
+ &lt;Directory /&gt;<br />
+ <span class="indent">
+ AllowOverride all<br />
+ </span>
+ &lt;/Directory&gt;
+ </code></p></div>
+
+ <p><code>/index.html</code> URI û ִٰ .
+ ġ <code>/.htaccess</code>, <code>/www/.htaccess</code>,
+ <code>/www/htdocs/.htaccess</code> õѴ.
+ ذå <code>Options FollowSymLinks</code>
+ ϴ. ְ Ͻýۿ ؼ ׻
+ <code>AllowOverride None</code> Ѵ.</p>
+
+
+
+ <h3><a name="negotiation" id="negotiation"></a></h3>
+
+
+
+ <p>ϰ ¥ 󿡵 ִٸ
+ ´. ̵ Ϻ ۴.
+ ִ. ϵī带 ϴ :</p>
+
+ <div class="example"><p><code>
+ DirectoryIndex index
+ </code></p></div>
+
+ <p> Ѵ:</p>
+
+ <div class="example"><p><code>
+ DirectoryIndex index.cgi index.pl index.shtml index.html
+ </code></p></div>
+
+ <p> տ д.</p>
+
+ <p>, 丮 ϵ ã <code>MultiViews</code>
+ ٴ, ϸ ʿ ִ
+ <code>type-map</code>
+ ϶.</p>
+
+ <p>Ʈ ʿϴٸ <code>Options
+ MultiViews</code> þ ϱ⺸ <code>type-map</code>
+ ϶. ڼ
+ <code>type-map</code> <a href="../content-negotiation.html"></a> ϶.</p>
+
+
+
+ <h3>޸𸮴 (memory-mapping)</h3>
+
+
+
+ <p> , server-side-include óϴ ġ
+ 2.0 ü <code>mmap(2)</code>
+ Ѵٸ ޸𸮴Ѵ.</p>
+
+ <p> ÷ ޸𸮴 Ѵ. ׷
+ ޸𸮴 Ʈ
+ ġ 찡 ִ:</p>
+
+ <ul>
+ <li>
+ <p> ü <code>mmap</code> CPU
+ <code>read(2)</code> ŭ Ȯ强 ʴ.
+ , μ Solaris ġ 2.0
+ <code>mmap</code> ó
+ Ѵ.</p>
+ </li>
+
+ <li>
+ <p>NFS Ʈ Ͻýۿ ִ ޸𸮴ϴ
+ ߿ ٸ NFS Ŭ̾Ʈ ִ μ
+ ų ũ⸦ ̸, μ
+ ޸𸮴 ϳ bus error ߻
+ ִ.</p>
+ </li>
+ </ul>
+
+ <p> ǿ شϸ ϴ ޸𸮴
+ ʵ <code>EnableMMAP off</code> ؾ Ѵ. (:
+ þ 丮 ִ.)</p>
+
+
+
+ <h3>Sendfile</h3>
+
+
+
+ <p>ġ ü <code>sendfile(2)</code> ϸ
+ Ŀ sendfile Ͽ -- , Ҷ
+ -- ִ.</p>
+
+ <p> ÷ sendfile ϸ read send
+ ʿ䰡  . ׷ sendfile ϸ
+ ġԵǴ 찡 ִ:</p>
+
+ <ul>
+ <li>
+ <p>sendfile ߸Ǿ ý
+ ߰ ϴ ÷ ִ. Ư ٸ ǻͿ
+ Ͽ sendfile ߸ ǻͷ
+ 쿡 ϴ.</p>
+ </li>
+ <li>
+ <p>Ŀ ڽ ij Ͽ NFS Ʈ
+ 찡 ִ.</p>
+ </li>
+ </ul>
+
+ <p> ǿ شϸ sendfile ʵ
+ <code>EnableSendfile off</code> ؾ Ѵ. (:
+ þ 丮 ִ.)</p>
+
+
+
+ <h3><a name="process" id="process">μ </a></h3>
+
+
+
+ <p>ġ 1.3 <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code>, <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code>
+ ġũ ū ƴ. Ư ġ ۾
+ ϱ ڽļ ٴٸ "" Ⱓ
+ ʿߴ. ó <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> ڽ
+ , <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>
+ ʴ ڽ ϳ . ׷ <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> ⺻
+ <code>5</code> Ŭ̾Ʈ 100 ÿ ϸ
+ ϸ óϱ⿡ ڽ 95ʰ ɷȴ.
+ ʴ , 10а
+ ϴ ġũ ſ ڰ ´.</p>
+
+ <p>ʴ Ѱ Ģ ڽ ϸ鼭
+ ߴ. ǻͰ ڽ ϴ ٻڸ
+ û . ׷ Ģ ġ ü
+ ɿ ǿ ־ Ͽ. ġ 1.3 ʴ Ѱ
+ Ģ ȭǾ. ڵ ڽ Ѱ , 1 ,
+ ΰ , 1 , װ , ̷ ʴ
+ ڽ 32 鶧 Ѵ. ڽļ <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code> ٴٸ
+ ߴѴ.</p>
+
+ <p> ӵ <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code>, <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> ʿ䰡 . ʿ
+ ڽ 4 ̻ ϸ <code class="directive"><a href="../mod/core.html#errorlog">ErrorLog</a></code> Ѵ. ̷
+ ̸ ϱ ٶ.
+ <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> ̴.</p>
+
+ <p>μ Ͽ <code class="directive"><a href="../mod/mpm_common.html#maxrequestsperchild">MaxRequestsPerChild</a></code>
+ μ Ѵ. ⺻ ڽĴ ó û
+ ٴ <code>0</code>̴. <code>30</code>
+ ſ ִٸ, ʿ䰡
+ ִ. SunOS Solaris Ѵٸ, ޸⶧
+ <code>10000</code> ϶.</p>
+
+ <p>(keep-alive) Ѵٸ ڽĵ ̹
+ ῡ ߰ û ٸ ƹ͵ ʱ⶧
+ ٻڴ. <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code>
+ ⺻ <code>15</code> ʴ ̷ ּȭѴ. Ʈ
+ 뿪 ڿ ° Ѵ. <a href="http://www.research.digital.com/wrl/techreports/abstracts/95.4.html">
+ κ ⶧</a>  쿡
+ <code>60</code> ̻ ø .</p>
+
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="compiletime" id="compiletime">Ͻ ؼ</a></h2>
+
+
+
+ <h3>MPM </h3>
+
+
+
+ <p>ġ 2.x <a href="../mpm.html">ó</a>
+ (MPMs)̶ ü ִ ȭ Ѵ. ġ
+ Ҷ MPM ؾ Ѵ. <code class="module"><a href="../mod/beos.html">beos</a></code>,
+ <code class="module"><a href="../mod/mpm_netware.html">mpm_netware</a></code>, <code class="module"><a href="../mod/mpmt_os2.html">mpmt_os2</a></code>,
+ <code class="module"><a href="../mod/mpm_winnt.html">mpm_winnt</a></code> Ư ÷
+ ִ MPM ִ. Ϲ н ý MPM
+ ߿ ϳ ִ. ӵ
+ Ȯ强(scalability)  MPM ߳Ŀ ޷ȴ:</p>
+
+ <ul>
+
+ <li><code class="module"><a href="../mod/worker.html">worker</a></code> MPM ڽ μ
+ 带 Ѵ. ѹ
+ Ѵ. Ϲ worker prefork MPM
+ ޸𸮸 ϹǷ ŷ ϴ.</li>
+
+ <li><code class="module"><a href="../mod/prefork.html">prefork</a></code> MPM 尡 Ѱ ڽ
+ μ Ѵ. μ ѹ
+ Ѵ. ýۿ prefork ӵ worker
+ , ޸𸮸 Ѵ. Ȳ
+ 带 ʴ prefork worker
+ : 忡 (thread-safe)
+ ڰ ְ,
+ ÷ ִ.</li>
+
+ </ul>
+
+ <p> MPM ٸ MPM ڼ MPM <a href="../mpm.html"></a> ϱ ٶ.</p>
+
+
+
+ <h3><a name="modules" id="modules"></a></h3>
+
+
+
+ <p>޸ 뷮 ɿ ߿ ̱⶧
+ ʴ غ. <a href="../dso.html">DSO</a> ߴٸ
+ ⿡ <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code> þ ּóϸ
+ ȴ. ׷ ϰ Ͽ Ʈ ̵
+ ϴ 캼 ִ.</p>
+
+ <p>ݴ ġ Ͽ ũִٸ
+ ʴ ϱ ġ ؾ
+ Ѵ.</p>
+
+ <p>⼭ 翬  ϰ
+ ǹ . Ʈ ٸ. ׷ Ƹ
+ <em>ּ</em> <code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code>,
+ <code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code>, <code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code>
+ ̴. Ʈ α ʿٸ
+ <code>mod_log_config</code>  ȴ. ׷ õ
+ ʴ´.</p>
+
+
+
+ <h3>Atomic </h3>
+
+
+
+ <p><code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> ֱ
+ worker MPM APR atomic API Ѵ. API 淮
+ ȭ atomic Ѵ.</p>
+
+ <p>⺻ APR ü/CPU ÷ ȿ
+ Ͽ Ѵ. , ֽ
+ CPU ϵ atomic compare-and-swap (CAS)
+ ϴ ɾ ִ. ׷  ÷ APR ̷
+ ɾ CPU ȣȯ mutex
+ ⺻ Ѵ. ̷ ÷ ġ
+ Ҷ ġ ֽ CPU ȹ̶,
+ ġ Ҷ <code>--enable-nonportable-atomics</code>
+ ɼ Ͽ atomic ִ:</p>
+
+ <div class="example"><p><code>
+ ./buildconf<br />
+ ./configure --with-mpm=worker --enable-nonportable-atomics=yes
+ </code></p></div>
+
+ <p><code>--enable-nonportable-atomics</code> ɼ
+ ÷ ִ:</p>
+
+ <ul>
+
+ <li>SPARC Solaris<br />
+ ⺻ APR Solaris/SPARC mutex atomic
+ Ѵ. ׷ Ҷ
+ <code>--enable-nonportable-atomics</code> ϸ
+ APR ϵ compare-and-swap SPARC
+ v8plus ɾ Ѵ. ɼ ϸ atomic
+ ȿ (CPU ϰ
+ ȭ ϴ), UltraSPARC
+ Ĩ ִ.
+ </li>
+
+ <li>Linux on x86<br />
+ ⺻ APR mutex atomic
+ Ѵ. ׷ Ҷ
+ <code>--enable-nonportable-atomics</code> ϸ
+ APR ϵ compare-and-swap 486
+ ɾ Ѵ. ȿ atomic ,
+ 486 ̻ Ĩ (386 ȵȴ)
+ ִ.
+ </li>
+
+ </ul>
+
+
+
+ <h3>mod_status ExtendedStatus On</h3>
+
+
+
+ <p>ġ Ҷ <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> ϰ
+ Ҷ <code>ExtendedStatus On</code> ϸ ġ
+ û <code>gettimeofday(2)</code>(Ȥ ü
+ <code>times(2)</code>) ι ȣϰ (1.3 )
+ <code>time(2)</code> ߰ ȣѴ.
+ ۽ð ʿϱ ̴. ֻ
+ (⺻) <code>ExtendedStatus off</code> Ѵ.</p>
+
+
+
+ <h3>accept ȭ - </h3>
+
+
+
+ <div class="warning"><h3>:</h3>
+ <p> Ʒ ġ 2.0
+ ʴ. ȿ , ؼ
+ ϱ ٶ.</p>
+ </div>
+
+ <p>н API Ѵ. Ʈ
+ Ȥ ּҸ ٸ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> Ѵٰ .
+ ˻ϱ ġ
+ <code>select(2)</code> Ѵ. <code>select(2)</code>
+ Ͽ ٸ ִ <em></em> Ȥ <em>ּ
+ Ѱ</em> ִ ˷ش. ġ ڽ ְ,
+ ִ ڽ ÿ ο ˻Ѵ.
+ ϴ ( ڵ忡 ʾҴ.
+ ϱ 뵵 .):</p>
+
+ <div class="example"><p><code>
+ for (;;) {<br />
+ <span class="indent">
+ for (;;) {<br />
+ <span class="indent">
+ fd_set accept_fds;<br />
+ <br />
+ FD_ZERO (&amp;accept_fds);<br />
+ for (i = first_socket; i &lt;= last_socket; ++i) {<br />
+ <span class="indent">
+ FD_SET (i, &amp;accept_fds);<br />
+ </span>
+ }<br />
+ rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);<br />
+ if (rc &lt; 1) continue;<br />
+ new_connection = -1;<br />
+ for (i = first_socket; i &lt;= last_socket; ++i) {<br />
+ <span class="indent">
+ if (FD_ISSET (i, &amp;accept_fds)) {<br />
+ <span class="indent">
+ new_connection = accept (i, NULL, NULL);<br />
+ if (new_connection != -1) break;<br />
+ </span>
+ }<br />
+ </span>
+ }<br />
+ if (new_connection != -1) break;<br />
+ </span>
+ }<br />
+ process the new_connection;<br />
+ </span>
+ }
+ </code></p></div>
+
+ <p>׷ ܼ ɰ (starvation)
+ ִ. ڽ ÿ ݺ ϸ,
+ û ٸ <code>select</code> . ̶
+  Ͽ û ϳ ڽ 
+ ( ڽ ü Ÿֿ̹ ٸ).
+ ̵ <code>accept</code>ϱ õѴ. ׷
+ ( Ḹ ̶) ڽĸ ϰ,
+ <code>accept</code> <em>.</em> ׷ ڽĵ
+ û ϵ , ο
+ û ͼ ڽ ﶧ ִ.
+ ̷ <a href="http://bugs.apache.org/index/full/467">PR#467</a>
+ ó Ǿ. ּ ΰ ذå ִ.</p>
+
+ <p>Ѱ ʵ (non-blocking)
+ ̴. ڽ <code>accept</code> ص
+ ʰ, ִ. ׷ CPU ð Ѵ.
+ <code>select</code> ڽ 10 ְ,
+ Ѱ Դٰ . ׷ ڽ 9 
+ <code>accept</code>ϱ õϰ ϸ ƹ
+ ϵ ʰ ٽ <code>select</code> ݺѴ. ٽ
+ <code>select</code> ƿ  ڽĵ ٸ Ͽ
+ û ʴ´. (μ ǻͿ)
+ ڽ ŭ CPU ִ 幮 찡 ƴ϶
+ ذå ƺ ʴ´.</p>
+
+ <p>ٸ ġ ϴ ݺ
+ ڽĸ 鿩. ݺ (̸
+ ):</p>
+
+ <div class="example"><p><code>
+ for (;;) {<br />
+ <span class="indent">
+ <strong>accept_mutex_on ();</strong><br />
+ for (;;) {<br />
+ <span class="indent">
+ fd_set accept_fds;<br />
+ <br />
+ FD_ZERO (&amp;accept_fds);<br />
+ for (i = first_socket; i &lt;= last_socket; ++i) {<br />
+ <span class="indent">
+ FD_SET (i, &amp;accept_fds);<br />
+ </span>
+ }<br />
+ rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);<br />
+ if (rc &lt; 1) continue;<br />
+ new_connection = -1;<br />
+ for (i = first_socket; i &lt;= last_socket; ++i) {<br />
+ <span class="indent">
+ if (FD_ISSET (i, &amp;accept_fds)) {<br />
+ <span class="indent">
+ new_connection = accept (i, NULL, NULL);<br />
+ if (new_connection != -1) break;<br />
+ </span>
+ }<br />
+ </span>
+ }<br />
+ if (new_connection != -1) break;<br />
+ </span>
+ }<br />
+ <strong>accept_mutex_off ();</strong><br />
+ process the new_connection;<br />
+ </span>
+ }
+ </code></p></div>
+
+ <p><code>accept_mutex_on</code> <code>accept_mutex_off</code>
+ <a id="serialize" name="serialize">Լ</a> mutex 
+ Ѵ. ѹ ڽĸ mutex ִ.
+ mutex ϴ ̴. (1.3
+ ) <code>src/conf.h</code> (1.3 )
+ <code>src/include/ap_config.h</code> ǵִ. 
+ ŰĴ (locking) ʱ⶧, ̷
+ ŰĿ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> þ ϸ
+ ϴ.</p>
+
+ <p> <code class="directive"><a href="../mod/mpm_common.html#acceptmutex">AcceptMutex</a></code> þ Ͽ
+ mutex ִ.</p>
+
+ <dl>
+ <dt><code>AcceptMutex flock</code></dt>
+
+ <dd>
+ <p> ױ <code>flock(2)</code>
+ ýȣ Ѵ ( ġ <code class="directive"><a href="../mod/mpm_common.html#lockfile">LockFile</a></code> þ ).</p>
+ </dd>
+
+ <dt><code>AcceptMutex fcntl</code></dt>
+
+ <dd>
+ <p> ױ <code>fcntl(2)</code>
+ ýȣ Ѵ ( ġ <code class="directive"><a href="../mod/mpm_common.html#lockfile">LockFile</a></code> þ ).</p>
+ </dd>
+
+ <dt><code>AcceptMutex sysvsem</code></dt>
+
+ <dd>
+ <p>(1.3 ) SysV  Ͽ
+ mutex Ѵ. SysV
+ ۿ ִ. ϳ ġ 
+ ʰ ִ ̴ (<code>ipcs(8)</code> manpage
+ ). ٸ ϳ uid ϴ
+ CGI (<em>,</em> <code>suexec</code>
+ <code>cgiwrapper</code> ʴ CGI)
+ API Ͽ 񽺰źΰ ִ
+ ̴. ̷ IRIX ŰĿ
+ ʴ´ (κ IRIX ǻͿ
+ ġ ̴).</p>
+ </dd>
+
+ <dt><code>AcceptMutex pthread</code></dt>
+
+ <dd>
+ <p>(1.3 ) POSIX mutex ϱ⶧
+ POSIX Ծ ŰĶ
+ 밡, (2.5 ) Solaris װ͵ Ư
+ ϴ ϴ. õغٸ
+ 缭 ϴ Ѵ.
+ 븸 ϴ ϴ .</p>
+ </dd>
+
+ <dt><code>AcceptMutex posixsem</code></dt>
+
+ <dd>
+ <p>(2.0 ) POSIX  Ѵ.
+ mutex μ 尡 ״´ٸ(segfault)
+ ȸ ʾƼ .</p>
+ </dd>
+
+ </dl>
+
+ <p>ýۿ Ͽ ȭ(serialization)
+ ִٸ ϴ ڵ带 APR ߰ ġ ִ.</p>
+
+ <p> غ ٸ κ
+ ݺ ȭϴ ̴. , μ  鿩
+ ̴. ڽ ÿ ־
+ ȭ ü 뿪 Ȱ ϴ μ
+ ǻͿ ִ. 캼 κ,
+ ſ ȭ ʾƼ 켱 .</p>
+
+ <p>ֻ ؼ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> ʴ
+ ̴̻. ׷ Ѵ.</p>
+
+
+
+ <h3>accept ȭ - Ѱ</h3>
+
+
+
+ <p> ߼ , Ѱ
+ ? Ҷ ڽ
+ <code>accept(2)</code> ֱ⶧ ̷л
+ ߻ ʰ, . ׷ δ
+ տ ʴ (non-blocking) ߻ϴ
+ "ȸ(spinning)" ߰ ִ. κ TCP
+ ϸ Ŀ <code>accept</code> ִ
+ ڽ 쵵 ִ. μ Ѱ
+ ڿ ư, Ŀο ȸϿ
+ ߰ϸ ٽ ܴ. ڿ ڵ忡
+ ̷ ȸ , и Ѵ. ׷ ߼
+ ʴ ϰ ϸ ̴ ʿ ൿ
+ Ͼ.</p>
+
+ <p>׷ 츮 ŰĿ Ѱ 쿡
+ ȭϸ "" ߰ߴ. ׷ κ
+ ⺻ ȭ Ѵ. (Ŀ 2.0.30,
+ 128Mb ޸𸮿 Pentium pro) Ѱ
+ ȭϸ 쿡 ʴ û 3% ̸
+ پ. ׷ ȭ û 100ms
+ ߻ߴ. Ƹ LAN ߻ϴ
+ ἱ ̴. Ѱ ȭ
+ <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code>
+ Ѵ.</p>
+
+
+
+ <h3>Close (lingering)</h3>
+
+
+
+ <p><a href="http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt">
+ draft-ietf-http-connection-00.txt</a> 8 ϵ
+ <strong></strong> Ƿ,
+ ־ Ѵ (TCP ֹ̰,
+ ̴). ٸ
+ , ġ 1.2 Ȯ ؿԴ.</p>
+
+ <p> ϰ ġ ߰ н
+ ߻ߴ. TCP Ծ
+ <code>FIN_WAIT_2</code> ŸӾƿ ִٰ ʾ,
+ ʾҴ. ŸӾƿ ýۿ ġ 1.2
+ <code>FIN_WAIT_2</code> · .
+ ۻ簡 ϴ ֽ TCP/IP ġ
+ Ͽ ذ ִ. ׷ ۻ簡 ġ ǥ
+ ʴ 찡 (<em>,</em> SunOS4 -- ҽ ̼ ִ
+ ġ ) ֱ⶧
+ ʱ ߴ.</p>
+
+ <p> ΰ. ϳ ɼ <code>SO_LINGER</code>
+ ϴ ̴. ׷ κ TCP/IP
+ ɼ ùٷ ʾҴ. ùٷ ÿ
+ (<em>,</em> 2.0.31)
+ cpu ƸԴ´.</p>
+
+ <p>ġ (<code>http_main.c</code> ִ)
+ <code>lingering_close</code> Լ Ѵ. Լ
+ :</p>
+
+ <div class="example"><p><code>
+ void lingering_close (int s)<br />
+ {<br />
+ <span class="indent">
+ char junk_buffer[2048];<br />
+ <br />
+ /* shutdown the sending side */<br />
+ shutdown (s, 1);<br />
+ <br />
+ signal (SIGALRM, lingering_death);<br />
+ alarm (30);<br />
+ <br />
+ for (;;) {<br />
+ <span class="indent">
+ select (s for reading, 2 second timeout);<br />
+ if (error) break;<br />
+ if (s is ready for reading) {<br />
+ <span class="indent">
+ if (read (s, junk_buffer, sizeof (junk_buffer)) &lt;= 0) {<br />
+ <span class="indent">
+ break;<br />
+ </span>
+ }<br />
+ /* just toss away whatever is here */<br />
+ </span>
+ }<br />
+ </span>
+ }<br />
+ <br />
+ close (s);<br />
+ </span>
+ }
+ </code></p></div>
+
+ <p> ڵ CPU ,
+ ʿϴ. HTTP/1.1 θ
+ Ѵٸ(persistent), ޴ û
+ óϸ鼭 ̴. ϰԵ
+ <code>NO_LINGCLOSE</code> Ͽ
+ , ʴ´. Ư HTTP/1.1
+ <span class="transnote">(<em>;</em> ¿ ٸ
+ ʰ û )</span>
+ <code>lingering_close</code> ʼ̴ (׸ <a href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html">
+ ⶧</a> ϱ ٶ ̴).</p>
+
+
+
+ <h3>Scoreboard </h3>
+
+
+
+ <p>ġ θ ڽ scoreboard
+ Ѵ. ̻δ scoreboard ޸𸮷 ؾ
+ Ѵ. 츮 ڰ ش ü ְų
+ ޸𸮸 Ͽ Ѵ.
+ ũ ִ Ͽ Ѵ. ũ
+ ִ ŷڵ (ɵ ).
+ <code>src/main/conf.h</code> Ͽ ϴ Űĸ
+ ãƼ <code>USE_MMAP_SCOREBOARD</code> Ȥ
+ <code>USE_SHMGET_SCOREBOARD</code> ȮѴ.
+ ϳ ( Բ <code>HAVE_MMAP</code>̳
+ <code>HAVE_SHMGET</code> ) ϸ ޸ ڵ带
+ Ѵ. ý ٸ ޸𸮸 Ѵٸ
+ <code>src/main/http_main.c</code> Ͽ ġ
+ ޸𸮸 ֵ (hook) ߰϶. (
+ ġ 츮 ֱ ٶ.)</p>
+
+ <div class="note"> : ġ ġ 1.2
+ ޸𸮸 ϱ ߴ. ʱ ġ
+ ŷڵ ̴.</div>
+
+
+
+ <h3>DYNAMIC_MODULE_LIMIT</h3>
+
+
+
+ <p> о ʴ´ٸ ( ̶
+ ̱ д´ٸ Ƹ
+ о ̴), Ҷ
+ <code>-DDYNAMIC_MODULE_LIMIT=0</code> ߰Ѵ. ׷
+ о̱ Ҵϴ ޸𸮸 Ѵ.</p>
+
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="trace" id="trace">η: ýȣ ڼ мϱ</a></h2>
+
+
+
+ <p> Solaris 8 worker MPM ġ 2.0.38
+ ýȣ (trace)̴. Ʒ ɾ Ͽ
+ :</p>
+
+ <div class="example"><p><code>
+ truss -l -p <var>httpd_child_pid</var>.
+ </code></p></div>
+
+ <p><code>-l</code> ɼ ϸ truss ýȣ
+ ϴ LWP (lightweight process, 淮 μ--Solaris
+ Ŀμ ) ID Ѵ.</p>
+
+ <p>ٸ ýۿ <code>strace</code>, <code>ktrace</code>,
+ <code>par</code> ýȣ ִ.
+ ϴ.</p>
+
+ <p>Ŭ̾Ʈ ũⰡ 10KB ûѴ.
+ û ʰų ϴ û
+ ſ ٸ (δ ſ ˾ƺ ).</p>
+
+ <div class="example"><pre>/67: accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...)
+/67: accept(3, 0x00200BEC, 0x00200C0C, 1) = 9</pre></div>
+
+ <p> (listener) 尡 LWP #67
+ ִ.</p>
+
+ <div class="note"><code>accept(2)</code> ȭ ָ϶.
+ Ʈ ٸʴ ÷ worker MPM
+ ⺻ ȭ accept Ѵ.</div>
+
+ <div class="example"><pre>/65: lwp_park(0x00000000, 0) = 0
+/67: lwp_unpark(65, 1) = 0</pre></div>
+
+ <p> ޾Ƶ̰(accept)
+ worker 带 û óϰ Ѵ. Ʒ Ͽ
+ û óϴ worker 尡 LWP #65 ִ.</p>
+
+ <div class="example"><pre>/65: getsockname(9, 0x00200BA4, 0x00200BC4, 1) = 0</pre></div>
+
+ <p>ȣƮ ϱ ġ ޾Ƶ
+ (local) ּҸ ˾ƾ Ѵ. (ȣƮ
+ ʰų <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code>
+ þ ϵī ּҸ )
+ ȣ ִ. ׷ ̷ ȭ ۾
+ ȵִ. </p>
+
+ <div class="example"><pre>/65: brk(0x002170E8) = 0
+/65: brk(0x002190E8) = 0</pre></div>
+
+ <p><code>brk(2)</code> ȣ (heap) ޸𸮸 ҴѴ.
+ κ û ó ü ޸
+ Ҵ(<code>apr_pool</code> <code>apr_bucket_alloc</code>)
+ ϱ⶧ ýȣ Ͽ ýȣ Ⱑ
+ 幰. Ͽ ڸ ü ޸ Ҵڰ
+ ޸𸮺 <code>malloc(3)</code> ȣѴ.</p>
+
+ <div class="example"><pre>/65: fcntl(9, F_GETFL, 0x00000000) = 2
+/65: fstat64(9, 0xFAF7B818) = 0
+/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0
+/65: fstat64(9, 0xFAF7B818) = 0
+/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0
+/65: setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0
+/65: fcntl(9, F_SETFL, 0x00000082) = 0</pre></div>
+
+ <p> worker Ŭ̾Ʈ (ϱ 9)
+ (non-blocking) · ٲ۴. <code>setsockopt(2)</code>
+ <code>getsockopt(2)</code> ȣ Solaris libc Ͽ
+ <code>fcntl(2)</code>  óϴ ش.</p>
+
+ <div class="example"><pre>/65: read(9, " G E T / 1 0 k . h t m".., 8000) = 97</pre></div>
+
+ <p>worker Ŭ̾Ʈ û д´.</p>
+
+ <div class="example"><pre>/65: stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0
+/65: open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10</pre></div>
+
+ <p> <code>Options FollowSymLinks</code>
+ <code>AllowOverride None</code>̴. ׷ û ϰ
+ 丮 <code>lstat(2)</code>ϰų
+ <code>.htaccess</code> ˻ ʿ䰡 .
+ ˻ϱ, 1) ִ, 2) 丮 ƴ Ϲ,
+ <code>stat(2)</code> ȣ⸸ ϸ ȴ.</p>
+
+ <div class="example"><pre>/65: sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C) = 10269</pre></div>
+
+ <p> ѹ <code>sendfilev(2)</code> ýȣ
+ HTTP û ִ. Sendfile δ
+ ü ٸ. ٸ ý̶ <code>sendfile(2)</code>
+ ȣϱ <code>write(2)</code>
+ <code>writev(2)</code> ȣ Ѵ.</p>
+
+ <div class="example"><pre>/65: write(4, " 1 2 7 . 0 . 0 . 1 - ".., 78) = 78</pre></div>
+
+ <p><code>write(2)</code> ȣ ٷα(access log) û
+ Ѵ. Ͽ <code>time(2)</code> ȣ ָ϶.
+ ġ 1.3 ޸ ġ 2.0 ð ˱
+ <code>gettimeofday(3)</code> Ѵ.
+ <code>gettimeofday</code> ȭ Solaris
+ ü Ϲ ýȣ δ .</p>
+
+ <div class="example"><pre>/65: shutdown(9, 1, 1) = 0
+/65: poll(0xFAF7B980, 1, 2000) = 1
+/65: read(9, 0xFAF7BC20, 512) = 0
+/65: close(9) = 0</pre></div>
+
+ <p>worker ݱ(lingering close)Ѵ.</p>
+
+ <div class="example"><pre>/65: close(10) = 0
+/65: lwp_park(0x00000000, 0) (sleeping...)</pre></div>
+
+ <p> worker ݰ,
+ (listener) 尡 ٸ Ҵ
+ Ѵ.</p>
+
+ <div class="example"><pre>/67: accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)</pre></div>
+
+ <p>׵ ( worker ۾̸
+ 带 ߴ worker MPM 帧 ɿ )
+ worker 忡 Ҵڸ ٸ ޾Ƶ ִ.
+ Ͽ , worker 尡
+ óϴ <code>accept(2)</code> (û ſ
+ ׻) Ͼ ִ.</p>
+
+ </div></div>
+<div class="bottomlang">
+<p><span> : </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/perf-tuning.html" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="T&#252;rk&#231;e">&nbsp;tr&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/perf-tuning.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/perf-tuning.html.tr.utf8 b/docs/manual/misc/perf-tuning.html.tr.utf8
new file mode 100644
index 0000000..ba8dd90
--- /dev/null
+++ b/docs/manual/misc/perf-tuning.html.tr.utf8
@@ -0,0 +1,1021 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="tr" xml:lang="tr"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Apache’de Başarımın Arttırılması - Apache HTTP Sunucusu Sürüm 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p>
+<p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Sunucusu</a> &gt; <a href="http://httpd.apache.org/docs/">Belgeleme</a> &gt; <a href="../">Sürüm 2.4</a> &gt; <a href="./">Çeşitli Belgeler</a></div><div id="page-content"><div id="preamble"><h1>Apache’de Başarımın Arttırılması</h1>
+<div class="toplang">
+<p><span>Mevcut Diller: </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/perf-tuning.html" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div>
+
+
+ <p>Apache 2.x, esneklik, taşınabilirlik ve başarım arasında bir denge
+ sağlamak üzere tasarlanmış genel amaçlı bir HTTP sunucusudur. Başka
+ sunucularla kıyaslama denemelerinde öne geçmek üzere tasarlanmamış
+ olsa da Apache 2.x gerçek yaşamda karşılaşılan pek çok durumda oldukça
+ yüksek bir başarıma ulaşacak yetenektedir.</p>
+
+ <p>Apache 1.3 ile karşılaştırıldığında 2.x sürümleri toplam veri hızını
+ ve ölçeklenebilirliği arttırmak için pek çok en iyileme seçeneği
+ içerir. Bu iyileştirmelerin pek çoğu zaten öntanımlı olarak etkin
+ olmakla birlikte derleme ve kullanım sırasında başarımı önemli ölçüde
+ etkileyebilen yapılandırma seçenekleri de mevcuttur. Bu belgede, bir
+ Apache 2.x kurulumunda sunucu yöneticisinin sunucunun başarımını
+ arttırmak amacıyla yapılandırma sırasında neler yapabileceğinden
+ bahsedilmiştir. Bu yapılandırma seçeneklerinden bazıları, httpd’nin
+ donanımın ve işletim sisteminin olanaklarından daha iyi
+ yararlanabilmesini sağlarken bir kısmı da daha hızlı bir sunum için
+ yöneticinin işlevsellikten ödün verebilmesini olanaklı kılar.</p>
+
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#hardware">Donanım ve İşletim Sistemi ile İlgili Konular</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#runtime">Çalışma Anı Yapılandırması ile İlgili Konular</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#compiletime">Derleme Sırasında Yapılandırma ile İlgili Konular</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#trace">Ek: Bir çağrı izlemesinin ayrıntılı çözümlemesi</a></li>
+</ul><h3>Ayrıca bakınız:</h3><ul class="seealso"><li><a href="#comments_section">Yorumlar</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="hardware" id="hardware">Donanım ve İşletim Sistemi ile İlgili Konular</a></h2>
+
+
+
+ <p>HTTP sunucusunun başarımını etkileyen en önemli donanım bellektir
+ (RAM). Bir HTTP sunucusu asla takaslama yapmamalıdır. Çünkü takaslama,
+ kullanıcının "yeterince hız" umduğu noktada sunumun gecikmesine sebep
+ olur. Böyle bir durumda kullanıcılar yüklemeyi durdurup tekrar
+ başlatma eğilimindedirler; sonuçta yük daha da artar. <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> yönergesinin değerini
+ değiştirerek takaslamaya sebep olabilecek kadar çok çocuk süreç
+ oluşturulmasını engelleyebilirsiniz ve böyle bir durumda bunu mutlaka
+ yapmalısınız. Bunun için yapacağınız işlem basittir: <code>top</code>
+ benzeri bir araç üzerinden çalışan süreçlerinizin bir listesini alıp
+ Apache süreçlerinizin ortalama büyüklüğünü saptayıp, mevcut bellekten
+ bir kısmını diğer süreçler için ayırdıktan sonra kalan miktarı bu
+ değere bölerseniz yönergeye atayacağınız değeri bulmuş olursunuz.</p>
+
+ <p>Donanımın diğer unsurları için kararı siz verin: Daha hızlı işlemci,
+ daha hızlı ağ kartı, daha hızlı disk; daha hızlının ne kadar hızlı
+ olacağını deneyimlerinize bağlı olarak tamamen sizin ihtiyaçlarınız
+ belirler.</p>
+
+ <p>İşletim sistemi seçimi büyük oranda yerel ilgi konusudur. Fakat yine
+ de, genelde yararlılığı kanıtlanmış bazı kurallar bu seçimde size
+ yardımcı olabilir:</p>
+
+ <ul>
+ <li>
+ <p>Seçtiğiniz işletim sisteminin (çekirdeğin) en son kararlı
+ sürümünü çalıştırın. Bir çok işletim sistemi, son yıllarda TCP
+ yığıtları ve evre kütüphaneleri ile ilgili belirgin iyileştirmeler
+ yapmışlar ve yapmaktadırlar.</p>
+ </li>
+
+ <li>
+ <p>İşletim sisteminiz <code>sendfile</code>(2) sistem çağrısını
+ destekliyorsa bunun etkinleştirilebildiği sürümün kurulu olması
+ önemlidir. (Örneğin, Linux için bu, Linux 2.4 ve sonraki sürümler
+ anlamına gelirken, Solaris için Solaris 8’den önceki sürümlerin
+ yamanması gerektirdiği anlamına gelmektedir.)
+ <code>sendfile</code> işlevinin desteklendiği sistemlerde Apache 2
+ duruk içeriği daha hızlı teslim etmek ve işlemci kullanımını
+ düşürmek amacıyla bu işlevselliği kullanacaktır.</p>
+ </li>
+ </ul>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="runtime" id="runtime">Çalışma Anı Yapılandırması ile İlgili Konular</a></h2>
+
+
+
+ <table class="related"><tr><th>İlgili Modüller</th><th>İlgili Yönergeler</th></tr><tr><td><ul><li><code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code></li><li><code class="module"><a href="../mod/mpm_common.html">mpm_common</a></code></li><li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a></code></li><li><code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code></li><li><code class="directive"><a href="../mod/core.html#enablemmap">EnableMMAP</a></code></li><li><code class="directive"><a href="../mod/core.html#enablesendfile">EnableSendfile</a></code></li><li><code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code></li><li><code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code></li><li><code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code></li></ul></td></tr></table>
+
+ <h3><a name="dns" id="dns"><code>HostnameLookups</code> ve DNS ile ilgili diğer konular</a></h3>
+
+
+
+ <p>Apache 1.3 öncesinde, <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> yönergesinin öntanımlı değeri
+ <code>On</code> idi. İstek yerine getirilmeden önce bir DNS sorgusu
+ yapılmasını gerektirmesi sebebiyle bu ayarlama her istekte bir
+ miktar gecikmeye sebep olurdu. Apache 1.3’ten itibaren yönergenin
+ öntanımlı değeri <code>Off</code> yapılmıştır. Eğer günlük
+ dosyalarınızda konak isimlerinin bulunmasını isterseniz, Apache ile
+ birlikte gelen <code class="program"><a href="../programs/logresolve.html">logresolve</a></code> programını
+ kullanabileceğiniz gibi günlük raporlarını çözümleyen Apache ile
+ gelmeyen programlardan herhangi birini de kullanabilirsiniz.</p>
+
+ <p>Günlük dosyaları üzerindeki bu işlemi sunucu makinesi dışında
+ günlük dosyasının bir kopyası üzerinde yapmanızı öneririz. Aksi
+ takdirde sunucunuzun başarımı önemli ölçüde etkilenebilir.</p>
+
+ <p><code class="directive"><a href="../mod/mod_access_compat.html#allow">Allow</a></code> veya
+ <code class="directive"><a href="../mod/mod_access_compat.html#deny">Deny</a></code>
+ yönergelerinde IP adresi yerine bir konak veya alan ismi
+ belirtirseniz, iki DNS sorguluk bir bedel ödersiniz (biri normal,
+ diğeri IP taklidine karşı ters DNS sorgusu). Başarımı en iyilemek
+ için bu yönergelerde mümkün olduğunca isim yerine IP adreslerini
+ kullanınız.</p>
+
+ <p><code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code>
+ yönergelerinin <code>&lt;Location "/server-status"&gt;</code> gibi
+ bölüm yönergelerinin içinde de yer alabileceğini unutmayın. Bu gibi
+ durumlarda DNS sorguları sadece istek kuralla eşleştiği takdirde
+ yapılacaktır. Aşağıdaki örnekte <code>.html</code> ve
+ <code>.cgi</code> dosyalarına yapılan istekler hariç DNS sorguları
+ iptal edilmektedir:</p>
+
+ <pre class="prettyprint lang-config">HostnameLookups off
+&lt;Files ~ "\.(html|cgi)$"&gt;
+ HostnameLookups on
+&lt;/Files&gt;</pre>
+
+
+ <p>Yine de bazı CGI’lerin DNS isimlerine ihtiyacı olursa bu CGI’lerin
+ bu ihtiyaçlarına yönelik olarak <code>gethostbyname</code> çağrıları
+ yapabileceğini gözardı etmeyiniz.</p>
+
+
+
+ <h3><a name="symlinks" id="symlinks"><code>FollowSymLinks</code> ve
+ <code>SymLinksIfOwnerMatch</code></a></h3>
+
+
+
+ <p>URL uzayınızda geçerli olmak üzere bir <code>Options
+ FollowSymLinks</code> yoksa veya <code>Options
+ SymLinksIfOwnerMatch</code> yönergeleri varsa, Apache her sembolik
+ bağın üzerinde bazı sınamalar yapmak için ek bir sistem çağrısından
+ başka istenen her dosya için de ayrı bir çağrı yapacaktır.</p>
+
+ <pre class="prettyprint lang-config">DocumentRoot "/siteler/htdocs"
+&lt;Directory /&gt;
+ Options SymLinksIfOwnerMatch
+&lt;/Directory&gt;</pre>
+
+
+ <p>Bu durumda <code>/index.html</code> için bir istek yapıldığında
+ Apache, <code>/siteler</code>, <code>/siteler/htdocs</code> ve<br />
+ <code>/siteler/htdocs/index.html</code> üzerinde
+ <code>lstat</code>(2) çağrıları yapacaktır. <code>lstat</code>
+ sonuçları önbelleğe kaydedilmediğinden bu işlem her istekte
+ yinelenecektir. Amacınız gerçekten sembolik bağları güvenlik
+ açısından sınamaksa bunu şöyle yapabilirsiniz:</p>
+
+ <pre class="prettyprint lang-config">DocumentRoot "/siteler/htdocs"
+&lt;Directory "/"&gt;
+ Options FollowSymLinks
+&lt;/Directory&gt;
+
+&lt;Directory "/siteler/htdocs"&gt;
+ Options -FollowSymLinks +SymLinksIfOwnerMatch
+&lt;/Directory&gt;</pre>
+
+
+ <p>Böylece <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> altındaki
+ dosyalar için fazladan bir çağrı yapılmasını engellemiş olursunuz.
+ Eğer bazı bölümlerde <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code>, <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> gibi yönergeler üzerinden belge kök
+ dizininizin dışında kalan dosya yollarına sahipseniz benzer
+ işlemleri onlar için de yapmalısınız. Sembolik bağ koruması yapmamak
+ suretiyle başarımı arttırmak isterseniz, <code>FollowSymLinks</code>
+ seçeneğini her yerde etkin kılın ve
+ <code>SymLinksIfOwnerMatch</code> seçeneğini asla
+ etkinleştirmeyin.</p>
+
+
+
+ <h3><a name="htaccess" id="htaccess"><code>AllowOverride</code></a></h3>
+
+
+
+ <p>Genellikle <code>.htaccess</code> dosyaları üzerinden yapıldığı
+ gibi URL uzayınızda geçersizleştirmelere izin veriyorsanız, Apache
+ her dosya bileşeni için bu <code>.htaccess</code> dosyalarını açmaya
+ çalışacaktır.</p>
+
+ <pre class="prettyprint lang-config">DocumentRoot "/siteler/htdocs"
+&lt;Directory "/"&gt;
+ AllowOverride all
+&lt;/Directory&gt;</pre>
+
+
+ <p>Bu durumda <code>/index.html</code> sayfasına yapılan bir istek için
+ Apache, <code>/.htaccess</code>, <code>/siteler/.htaccess</code> ve
+ <code>/siteler/htdocs/.htaccess</code> dosyalarını açmaya
+ çalışacaktır. Çözüm <code>Options FollowSymLinks</code> durumunun
+ benzeridir; başarımı arttırmak için dosya sisteminizin her yerinde
+ <code>AllowOverride None</code> olsun.</p>
+
+
+
+ <h3><a name="negotiation" id="negotiation">Dil Uzlaşımı</a></h3>
+
+
+
+ <p>Başarımı son kırıntısına kadar arttırmak istiyorsanız, mümkünse
+ içerik dili uzlaşımı da yapmayın. Dil uzlaşımından yararlanmak
+ isterken büyük başarım kayıplarına uğrayabilirsiniz. Böyle bir
+ durumda sunucunun başarımını arttırmanın tek bir yolu vardır. </p>
+
+ <pre class="prettyprint lang-config">DirectoryIndex index</pre>
+
+
+ <p>Yukarıdaki gibi bir dosya ismi kalıbı kullanmak yerine, aşağıdaki
+ gibi seçenekleri tam bir liste halinde belirtin:</p>
+
+ <pre class="prettyprint lang-config">DirectoryIndex index.cgi index.pl index.shtml index.html</pre>
+
+
+ <p>Buradaki sıralama öncelik sırasını belirler; yani,
+ öncelikli olmasını istediğiniz seçeneği listenin başına
+ yazmalısınız.</p>
+
+ <p>İstenen dosya için <code>MultiViews</code> kullanarak dizini
+ taratmak yerine, gerekli bilgiyi tek bir dosyadan okutmak suretiyle
+ başarımı arttırabilirsiniz. Bu amaçla türeşlem
+ (<code>type-map</code>) dosyaları kullanmanız yeterli olacaktır.</p>
+
+ <p>Sitenizde içerik dili uzlaşımına gerek varsa, bunu <code>Options
+ MultiViews</code> yönergesi üzerinden değil, türeşlem dosyaları
+ kullanarak yapmayı deneyin. İçerik dili uzlaşımı ve türeşlem
+ dosyalarının oluşturulması hakkında daha ayrıntılı bilgi edinmek
+ için <a href="../content-negotiation.html">İçerik Uzlaşımı</a>
+ belgesine bakınız.</p>
+
+
+
+ <h3>Bellek Eşlemleri</h3>
+
+
+
+ <p>Apache’nin SSI sayfalarında olduğu gibi teslim edilecek dosyanın
+ içeriğine bakma gereği duyduğu durumlarda, eğer işletim sistemi
+ <code>mmap</code>(2) ve benzerlerini destekliyorsa çekirdek normal
+ olarak dosyayı belleğe kopyalayacaktır.</p>
+
+ <p>Bazı platformlarda bu belleğe eşleme işlemi başarımı arttırsa da
+ başarımın veya httpd kararlılığının zora girdiği durumlar
+ olabilmektedir:</p>
+
+ <ul>
+ <li>
+ <p>Bazı işletim sistemlerinde işlemci sayısı artışına bağlı
+ olarak, <code>mmap</code> işlevi <code>read</code>(2) kadar iyi
+ ölçeklenmemiştir. Örneğin, çok işlemcili Solaris sunucularda
+ <code>mmap</code> iptal edildiği takdirde içeriği sunucu
+ tarafından işlenen dosyalar üzerinde bazen daha hızlı işlem
+ yapılabilmektedir.</p>
+ </li>
+
+ <li>
+ <p>Belleğe kopyalanacak dosya NFS üzerinden bağlanan bir dosya
+ sistemindeyse ve dosya başka bir NFS istemcisi makine tarafından
+ silinmiş veya dosyanın boyutu değiştirilmişse sunucunuz dosyaya
+ tekrar erişmeye çalıştığında bir hata alabilecektir.</p>
+ </li>
+ </ul>
+
+ <p>Böyle durumların olasılık dahilinde olduğu kurulumlarda içeriği
+ sunucu tarafından işlenecek dosyaların belleğe kopyalanmaması için
+ yapılandırmanıza <code>EnableMMAP off</code> satırını ekleyiniz.
+ (Dikkat: Bu yönerge dizin seviyesinde geçersizleştirilebilen
+ yönergelerdendir.)</p>
+
+
+
+ <h3><code>sendfile</code></h3>
+
+
+
+ <p>Apache’nin duruk dosyalarda olduğu gibi teslim edilecek dosyanın
+ içeriğine bakmadığı durumlarda, eğer işletim sistemi
+ <code>sendfile</code>(2) desteğine sahipse çekirdek normal olarak bu
+ desteği kullanacaktır.</p>
+
+ <p>Bazı platformlarda <code>sendfile</code> kullanımı, okuma ve yazma
+ işlemlerinin ayrı ayrı yapılmamasını sağlasa da
+ <code>sendfile</code> kullanımının httpd kararlılığını bozduğu bazı
+ durumlar sözkonusudur:</p>
+
+ <ul>
+ <li>
+ <p>Bazı platformlar derleme sisteminin saptayamadığı bozuk bir
+ <code>sendfile</code> desteğine sahip olabilir. Özellikle
+ derleme işleminin başka bir platformda yapılıp
+ <code>sendfile</code> desteği bozuk bir makineye kurulum
+ yapıldığı durumlarda bu desteğin bozuk olduğu
+ saptanamayacaktır.</p>
+ </li>
+ <li>
+ <p>Çekirdek, NFS üzerinden erişilen ağ dosyalarını kendi önbelleği
+ üzerinden gerektiği gibi sunamayabilir.</p>
+ </li>
+ </ul>
+
+ <p>Böyle durumların olasılık dahilinde olduğu kurulumlarda içeriğin
+ <code>sendfile</code> desteğiyle teslim edilmemesi için
+ yapılandırmanıza <code>EnableSendfile off</code> satırını ekleyiniz.
+ (Dikkat: Bu yönerge dizin seviyesinde geçersizleştirilebilen
+ yönergelerdendir.)</p>
+
+
+
+ <h3><a name="process" id="process">Süreç Oluşturma</a></h3>
+
+
+
+ <p>Apache 1.3 öncesinde <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code> ve <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> ayarları, başka sunucularla kıyaslama
+ denemelerinde olağanüstü kötü sonuçlar alınmasına sebep olmaktaydı.
+ Özellikle uygulanan yükü karşılamaya yetecek sayıda çocuk süreç
+ oluşturulması aşamasında Apache’nin elde ettiği ivme bunlardan
+ biriydi. Başlangıçta <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> yönergesiyle belli sayıda süreç
+ oluşturulduktan sonra her saniyede bir tane olmak üzere <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code> sayıda çocuk süreç
+ oluşturulmaktaydı. Örneğin, aynı anda 100 isteğe yanıt vermek için
+ <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code>
+ yönergesinin öntanımlı değeri olarak başta <code>5</code> süreç
+ oluşturulduğundan kalan süreçler için 95 saniye geçmesi gerekirdi.
+ Sık sık yeniden başlatılmadıklarından dolayı gerçek hayatta
+ sunucuların başına gelen de buydu. Başka sunucularla kıyaslama
+ denemelerinde ise işlem sadece on dakika sürmekte ve içler acısı
+ sonuçlar alınmaktaydı.</p>
+
+ <p>Saniyede bir kuralı, sunucunun yeni çocukları oluşturması sırasında
+ sistemin aşırı meşgul duruma düşmemesi için alınmış bir önlemdi.
+ Makine çocuk süreç oluşturmakla meşgul edildiği sürece isteklere
+ yanıt veremeyecektir. Böylesi bir durum Apache’nin başarımını
+ kötüleştirmekten başka işe yaramayacaktır. Apache 1.3’te saniyede
+ bir kuralı biraz esnetildi. Yeni gerçeklenimde artık bir süreç
+ oluşturduktan bir saniye sonra iki süreç, bir saniye sonra dört
+ süreç oluşturulmakta ve işlem, saniyede 32 çocuk süreç oluşturulur
+ duruma gelene kadar böyle ivmelenmektedir. Çocuk süreç oluşturma
+ işlemi <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>
+ değerine ulaşılınca durmaktadır.</p>
+
+ <p>Bu, <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>,
+ <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code> ve
+ <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> ayarlarıyla
+ oynamayı neredeyse gereksiz kılacak kadar iyi sonuçlar verecek gibi
+ görünmektedir. Saniyede 4 çocuktan fazlası oluşturulmaya
+ başlandığında hata günlüğüne bazı iletiler düşmeye başlar. Bu
+ iletilerin sayısı çok artarsa bu ayarlarla oynama vakti gelmiş
+ demektir. Bunun için <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> çıktısını bir
+ kılavuz olarak kullanabilirsiniz.</p>
+
+ <p>Süreç oluşturmayla ilgili olarak süreç ölümü <code class="directive"><a href="../mod/mpm_common.html#maxconnectionsperchild">MaxConnectionsPerChild</a></code> değeri ile
+ sağlanır. Bu değer öntanımlı olarak <code>0</code> olup, çocuk süreç
+ başına istek sayısının sınırsız olduğu anlamına gelir. Eğer
+ yapılandırmanızda bu değeri <code>30</code> gibi çok düşük bir
+ değere ayarlarsanız bunu hemen kaldırmak zorunda kalabilirsiniz.
+ Sunucunuzu SunOS veya Solaris’in eski bir sürümü üzerinde
+ çalıştırıyorsanız bellek kaçaklarına sebep olmamak için bu değeri
+ <code>10000</code> ile sınırlayınız.</p>
+
+ <p>Kalıcı bağlantı özelliğini kullanıyorsanız, çocuk süreçler zaten
+ açık bağlantılardan istek beklemekte olacaklardır. <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> yönergesinin öntanımlı
+ değeri <code>5</code> saniye olup bu etkiyi en aza indirmeye yönelik
+ süredir. Burada ağ band genişliği ile sunucu kaynaklarının kullanımı
+ arasında bir seçim yapmak söz konusudur. Hiçbir şey umurunuzda
+ değilse <a href="http://www.hpl.hp.com/techreports/Compaq-DEC/WRL-95-4.html">
+ çoğu ayrıcalığın yitirilmesi pahasına</a> bu değeri rahatça
+ <code>60</code> saniyenin üzerine çıkarabilirsiniz.</p>
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="compiletime" id="compiletime">Derleme Sırasında Yapılandırma ile İlgili Konular</a></h2>
+
+
+ <h3>MPM Seçimi</h3>
+
+
+ <p>Apache 2.x, <a href="../mpm.html">Çok Süreçlilik Modülleri</a>
+ (MPM) adı verilen eklemlenebilir çok görevlilik modellerini
+ destekler. Apache’yi derlerken bu MPM’lerden birini seçmeniz
+ gerekir. MPM’lerden bazıları platformlara özeldir:
+ <code class="module"><a href="../mod/mpm_netware.html">mpm_netware</a></code>, <code class="module"><a href="../mod/mpmt_os2.html">mpmt_os2</a></code> ve
+ <code class="module"><a href="../mod/mpm_winnt.html">mpm_winnt</a></code>. Unix
+ benzeri sistemler için ise seçebileceğiniz modül sayısı birden
+ fazladır. MPM seçiminin httpd’nin hızında ve ölçeklenebilirliğinde
+ bazı etkileri olabilir:</p>
+
+ <ul>
+
+ <li><code class="module"><a href="../mod/worker.html">worker</a></code> modülü her biri çok evreli çok sayıda
+ çocuk süreç kullanımını destekler. Her evre aynı anda tek bir
+ bağlantıya hizmet sunar. Aynı hizmeti daha az bellek harcayarak
+ vermesi nedeniyle yüksek trafiğe sahip sunucularda
+ <code class="module"><a href="../mod/prefork.html">prefork</a></code> modülüne göre daha iyi bir seçimdir.</li>
+
+ <li><code class="module"><a href="../mod/event.html">event</a></code> modülü <code class="module"><a href="../mod/worker.html">worker</a></code> modülü gibi
+ çok evreli bir modüldür, fakat aunı anda dahafazla isteğe yanıt
+ verecek şekilde tasarlanmıştır. Bunu, evreleri destekleyen bazı
+ işlemleri yapmamak suretiyle yeni isteklerle çalışacak ana evreleri
+ serbestleştirerek sağlar.</li>
+
+ <li><code class="module"><a href="../mod/prefork.html">prefork</a></code> modülü her biri tek bir evreye sahip
+ çok sayıda çocuk süreç kullanımını destekler. Her süreç aynı anda
+ tek bir bağlantıya hizmet sunar. Çoğu sistemde daha hızlı olması
+ nedeniyle <code class="module"><a href="../mod/worker.html">worker</a></code> modülüne göre daha iyi bir seçim
+ olarak görünürse de bunu daha fazla bellek kullanarak sağlar.
+ <code class="module"><a href="../mod/prefork.html">prefork</a></code> modülünün evresiz tasarımının
+ <code class="module"><a href="../mod/worker.html">worker</a></code> modülüne göre bazı yararlı tarafları
+ vardır: Çok evreli sistemlerde güvenilir olmayan üçüncü parti
+ modülleri kullanabilir ve evrelerde hata ayıklamanın yetersiz
+ kaldığı platformlarda hatalarını ayıklamak daha kolaydır.</li>
+
+ </ul>
+
+ <p>Bu modüller ve diğerleri hakkında daha ayrıntılı bilgi edinmek için
+ <a href="../mpm.html">Çok Süreçlilik Modülleri</a> belgesine
+ bakınız.</p>
+
+
+
+ <h3><a name="modules" id="modules">Modüller</a></h3>
+
+
+
+ <p>Bellek kullanımı başarım konusunda önemli olduğundan gerçekte
+ kullanmadığınız modülleri elemeye çalışmalısınız. Modülleri birer <a href="../dso.html">DSO</a> olarak derlediyseniz <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code> yönergesinin bulunduğu satırı
+ açıklama haline getirmeniz modülden kurtulmanız için yeterli
+ olacaktır. Modülleri bu şekilde kaldırarak onların yokluğunda
+ sitenizin hala işlevlerini yerine getirdiğini görme şansına da
+ kavuşmuş olursunuz.</p>
+
+ <p>Ancak, eğer modülleri Apache çalıştırılabilirinin içine
+ gömmüşseniz istenmeyen modülleri kaldırmak için Apache'yi yeniden
+ derlemeniz gerekir.</p>
+
+ <p>Bu noktada bir soru akla gelebilir: Hangi modüller gerekli,
+ hangileri değil? Bu sorunun yanıtı şüphesiz siteden siteye değişir.
+ Ancak, olmazsa olmaz moüller olarak <code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code>,
+ <code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code> ve <code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code>
+ modüllerini sayabiliriz. Bunlardan <code>mod_log_config</code>
+ olmadan da bir sitenin çalışabileceğinden hareketle bu modülün
+ varlığı isteğe bağlı olsa da bu modülü kaldırmanızı önermiyoruz.</p>
+
+
+
+ <h3>Atomik İşlemler</h3>
+
+
+
+ <p>Worker MPM'nin en son geliştirme sürümleri ve
+ <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> gibi bazı modüller APR'nin atomik API'sini
+ kullanırlar. Bu API, düşük ayarlı evre eşzamanlamasında atomik
+ işlemler yapar.</p>
+
+ <p>Öntanımlı olarak, APR bu işlemleri hedef işletim sistemi/işlemci
+ platformunda kullanılabilecek en verimli mekanizmayı kullanarak
+ gerçekleştirir. Günümüz işlemcilerinin çoğu, örneğin, bir atomik
+ karşılaştırma ve takas (CAS) işlemini donanımda gerçekleştirmektedir.
+ Bazı platformlarda APR'nin atomik işlemler için öntanımlı olarak daha
+ yavaş olan mutekslere dayalı gerçeklenimi kullanmasının sebebi eski
+ işlemcilerde bu tür makine kodlarının yokluğudur. Apache'yi bu tür
+ platformalarda günümüz işlemcileriyde çalıştırmayı düşünüyorsanız
+ Apache'yi derlemek için yapılandırırken en hızlı atomik işlemin
+ seçilebilmesi için <code>--enable-nonportable-atomics</code>
+ seçeneğini kullanın:</p>
+
+ <div class="example"><p><code>
+ ./buildconf<br />
+ ./configure --with-mpm=worker --enable-nonportable-atomics=yes
+ </code></p></div>
+
+ <p><code>--enable-nonportable-atomics</code> seçeneği şu platformlar
+ için uygundur:</p>
+
+ <ul>
+
+ <li>SPARC üzerinde Solaris<br />
+ APR öntanımlı olarak, SPARC/Solaris üzerinde mutekslere dayalı
+ atomik işlemleri kullanır. Ancak,
+ <code>--enable-nonportable-atomics</code> yapılandırmasını
+ kullanırsanız, donanım üzerinde hızlı karşılaştırma ve takas
+ için uygun SPARC v8plus kodunu kullanacak şekilde kod üretilir.
+ Apache'yi bu seçenekle yapılandırırsanız atomik işlemler daha
+ verimli olacak fakat derlenen Apache çalıştırılabiliri sadece
+ UltraSPARC kırmığı üzerinde çalışacaktır.
+ </li>
+
+ <li>x86 üzerinde Linux<br />
+ APR öntanımlı olarak, Linux üzerinde mutekslere dayalı atomik
+ işlemleri kullanır. Ancak,
+ <code>--enable-nonportable-atomics</code> yapılandırmasını
+ kullanırsanız, donanım üzerinde hızlı karşılaştırma ve takas
+ için uygun 486 kodunu kullanacak şekilde kod üretilir. Apache'yi
+ bu seçenekle yapılandırırsanız atomik işlemler daha verimli
+ olacak fakat derlenen Apache çalıştırılabiliri (386 üzerinde
+ değil) sadece 486 ve sonrası kırmıklarda çalışacaktır.
+ </li>
+
+ </ul>
+
+
+
+ <h3><code>mod_status</code> ve <code>ExtendedStatus On</code>
+ </h3>
+
+
+
+ <p><code class="module"><a href="../mod/mod_status.html">mod_status</a></code> modülünü derlemiş ve Apache'yi
+ yapılandırır ve çalıştırırken <code>ExtendedStatus On</code> satırını
+ da kullanmışsanız Apache her istek üzerinde
+ <code>gettimeofday(2)</code> (veya işletim sistemine bağlı olarak
+ <code>time(2)</code>) çağrısından başka (1.3 öncesinde) fazladan
+ defalarca <code>time(2)</code> çağrıları yapacaktır. Bu çağrılarla
+ durum raporununun zamanlama bilgilerini içermesi sağlanır. Başarımı
+ arttırmak için <code>ExtendedStatus off</code> yapın (zaten öntanımlı
+ böyledir).</p>
+
+
+
+ <h3><code>accept</code> dizgilemesi ve çok soketli işlem</h3>
+
+
+
+ <div class="warning"><h3>Uyarı:</h3>
+ <p>Bu bölüm, Apache HTTP sunucusunun 2.x sürümlerinde yapılan
+ değişikliklere göre tamamen güncellenmemiştir. Bazı bilgiler hala
+ geçerliyse de lütfen dikkatli kullanınız.</p>
+ </div>
+
+ <p>Burada Unix soket arayüzü gerçeklenirken ihmal edilen bir durumdan
+ bahsedeceğiz. HTTP sunucunuzun çok sayıda adresten çok sayıda portu
+ dinlemek için çok sayıda <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> yönergesi kullanmakta olduğunu varsayalım. Her
+ soketi çalıştığını görmek için denerken Apache bağlantı için
+ <code>select(2)</code> kullanacaktır. <code>select(2)</code> çağrısı
+ bu soketin üzerinde <em>sıfır</em> veya <em>en azından bir</em>
+ bağlantının beklemekte olduğu anlamına gelir. Apache'nin modeli çok
+ sayıda çocuk süreç içerir ve boşta olanların tümünde aynı anda yeni
+ bağlantılar denenebilir. Gerçekte çalışan kod bu olmasa da meramımızı
+ anlatmak için kodun şöyle bir şey olduğunu varsayabiliriz:</p>
+
+ <pre class="prettyprint lang-c"> for (;;) {
+ for (;;) {
+ fd_set accept_fds;
+
+ FD_ZERO (&amp;accept_fds);
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ FD_SET (i, &amp;accept_fds);
+ }
+ rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
+ if (rc &lt; 1) continue;
+ new_connection = -1;
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ if (FD_ISSET (i, &amp;accept_fds)) {
+ new_connection = accept (i, NULL, NULL);
+ if (new_connection != -1) break;
+ }
+ }
+ if (new_connection != -1) break;
+ }
+ process_the(new_connection);
+ }</pre>
+
+
+ <p>Bu özet gerçeklenim bir takım açlık sorunlarına sebep olur. Bu
+ döngünün çalışması sırasında aynı anda çok sayıda çocuk süreç yeniden
+ çağrılır ve istekler arasında kalan çoğu çocuk da <code>select</code>
+ ile engellenir. Engellenen tüm bu çocuklar soketlerden herhangi biri
+ üzerinde tek bir istek göründüğünde <code>select</code> tarafından
+ uyandırılıp işleme sokulmak üzere döndürülürler. (Uyandırılan çocuk
+ sayısı işletim sistemine ve zamanlama ayarlarına göre değişiklik
+ gösterir,) Bunların hepsi döngüye katılıp bağlantı kabul etmeye
+ (<code>accept</code>) çalışırlar. Fakat içlerinden yalnız biri
+ (sadece bir bağlantı isteğinin mevcut olduğu varsayımıyla) bunu
+ başarabilir. Kalanının bağlantı kabul etmesi (<code>accept</code>)
+ <em>engellenir</em>. Bu durum, bu çocukları istekleri başka başka soketlerden
+ değil mecburen tek bir soketten kabul etmeye kilitler ve bu soket
+ üzerinde yeni bir istek belirip uyandırılana kadar bu durumda
+ kalırlar. Bu açlık sorunu ilk olarak <a href="http://bugs.apache.org/index/full/467">PR#467</a> sayılı raporla
+ belgelenmiştir. Bu sorunun en az iki çözümü vardır.</p>
+
+ <p>Çözümün biri engellenmeyen soket kullanımıdır. Bu durumda
+ <code>accept</code> çocukları engellemeyecek ve yapılan bir
+ bağlantının ardından diğer çocuklar durumları değişmeksizin bağlantı
+ beklemeye devam edeceklerdir. Fakat bu durum işlemci zamanının boşa
+ harcanmasına sebep olur. Seçilmiş (<code>select</code>) boşta on
+ çocuğun olduğunu ve bir bağlantı geldiğini varsayalım. Kalan dokuz
+ çocuk işine devam edip bağlantı kabul etmeyi (<code>accept</code>)
+ deneyecek, başarızsız olacak, dönecek başa, tekrar seçilecek
+ (<code>select</code>) ve böyle hiçbir iş yapmadan dönüp duracaktır. Bu
+ arada hizmet sunmakta olanlar da işlerini bitirdikten sonra bu
+ döngüdeki yerlerini alacaklardır. Aynı kutunun içinde boşta bir sürü
+ işlemciniz (çok işlemcili sistemler) yoksa bu çözüm pek verimli
+ olmayacaktır.</p>
+
+ <p>Diğer çözüm ise Apache tarafından kullanılan çözüm olup, girdiyi
+ bir iç döngüde sıraya sokmaktır. Döngü aşağıda örneklenmiştir (farklar
+ vurgulanmıştır):</p>
+
+ <pre class="prettyprint lang-c"> for (;;) {
+ <strong>accept_mutex_on ();</strong>
+ for (;;) {
+ fd_set accept_fds;
+
+ FD_ZERO (&amp;accept_fds);
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ FD_SET (i, &amp;accept_fds);
+ }
+ rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
+ if (rc &lt; 1) continue;
+ new_connection = -1;
+ for (i = first_socket; i &lt;= last_socket; ++i) {
+ if (FD_ISSET (i, &amp;accept_fds)) {
+ new_connection = accept (i, NULL, NULL);
+ if (new_connection != -1) break;
+ }
+ }
+ if (new_connection != -1) break;
+ }
+ <strong>accept_mutex_off ();</strong>
+ process the new_connection;
+ }</pre>
+
+
+ <p><code>accept_mutex_on</code> ve <code>accept_mutex_off</code> <a id="serialize" name="serialize">işlevleri</a> bir karşılıklı red
+ semoforu oluştururlar. Mutekse aynı anda sadece bir çocuk sahip
+ olabilir. Bu muteksleri gerçeklemek için çeşitli seçenekler vardır.
+ Seçim, <code>src/conf.h</code> (1.3 öncesi) veya
+ <code>src/include/ap_config.h</code> (1.3 ve sonrası) dosyasında
+ tanımlanmıştır. Bazı mimariler bir kilitleme seçeneğine sahip
+ değildir. Böyle mimarilerde çok sayıda <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> yönergesi kullanmak güvenilir
+ olmayacaktır.</p>
+
+ <p><code class="directive"><a href="../mod/core.html#mutex">Mutex</a></code> yönergesi,
+ <code>mpm-accept</code> muteks gerçeklenimini çalışma anında değiştirmek
+ için kullanılabilir. Farklı muteks gerçeklenimleri ile ilgili hususlar
+ bu yönergede belgelenmiştir.</p>
+
+ <p>Başka bir çözüm daha vardır ancak döngü kısmen dizgilenmeyeceğinden
+ (yani belli sayıda sürece izin verilemeyeceğinden) asla
+ gerçeklenmemiştir. Bu sadece, aynı anda çok sayıda çocuk sürecin
+ çalışabileceği ve dolayısıyla band genişliğinin tüm yönleriyle
+ kullanılabileceği çok işlemcili sistemlerde ilginç olabilirdi. Bu
+ gelecekte incelenmeye değer bir konu olmakla beraber çok sayıda HTTP
+ sunucusunun aynı anda aynı amaca hizmet edecek şekilde çalışması
+ standart olarak pek mümkün görülmediğinden bu olasılık çok
+ düşüktür.</p>
+
+ <p>En yüksek başarımı elde etmek için ideal olanı sunucuları
+ çalıştırırken çok sayıda <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> yönergesi kullanmamaktır. Fakat siz yine de
+ okumaya devam edin.</p>
+
+
+
+ <h3><code>accept</code> dizgilemesi - tek soket</h3>
+
+
+
+ <p>Çok soketli sunucular için yukarıda açıklananlar iyi güzel de tek
+ soketli sunucularda durum ne? Kuramsal olarak, bunların hiçbiriyle bir
+ sorunları olmaması gerekir. Çünkü yeni bir bağlantı gelene kadar tüm
+ çocuklar <code>accept(2)</code> ile engellenirler dolayısıyla hiçbir
+ açlık sorununun ortaya çıkmaması gerekir. Uygulamada ise son
+ kullanıcıdan gizli olarak, yukarıda engellenmeyen çocuklar çözümünde
+ bahsedilenle hemen hemen aynı "boşa dönüp durma" davranışı mevcuttur.
+ Çoğu TCP yığıtı bu yolu gerçeklemiştir. Çekirdek, yeni bir bağlantı
+ ortaya çıktığında <code>accept</code> ile engellenen tüm süreçleri
+ uyandırır. Bu süreçlerden bağlantıyı alan kullanıcı bölgesine geçerken
+ çekirdek içinde döngüde olan diğerleri de yeni bağlantı keşfedilene
+ kadar uykularına geri dönerler. Bu çekirdek içi döngü, kullanıcı
+ bölgesindeki kodlara görünür değildir ama bu olmadıkları anlamına
+ gelmez. Bu durum, çok soketli engellenmeyen çocuklar çözümündeki boşa
+ döngünün sebep olduğu gereksiz işlemci yükü sorununu içinde
+ barındırır.</p>
+
+ <p>Bununla birlikte, tek soketli durumda bile bundan daha verimli bir
+ davranış sergileyen bir çok mimari bulduk. Bu aslında hemen hemen her
+ durumda öntanımlı olarak böyledir. Linux altında yapılan üstünkörü
+ denemelerde (128MB bellekli çift Pentium pro 166 işlemcili makinede
+ Linux 2.0.30) tek sokette dizgilemenin dizgilenmemiş duruma göre
+ saniyede %3 daha az istekle sonuçlandığı gösterilmiştir. Fakat
+ dizgilenmemiş tek soket durumunda her istekte 100ms'lik ek bir gecikme
+ olduğu görülmüştür. Bu gecikmenin sebebi muhtemelen uzun mesafeli
+ hatlar olup sadece yerel ağlarda söz konusudur. Tek soketli
+ dizgilemeyi geçersiz kılmak için
+ <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code> tanımlarsanız tek
+ soketli sunucularda artık dizgileme yapılmayacaktır.</p>
+
+
+
+ <h3>Kapatmayı zamana yaymak</h3>
+
+
+
+ <p><a href="http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt">draft-ietf-http-connection-00.txt</a> taslağının 8. bölümünde
+ bahsedildiği gibi, bir HTTP sunucusunun protokolü <strong>güvenilir
+ şekilde</strong> gerçeklemesi için her iki yöndeki iletişimi
+ birbirinden bağımsız olarak (iki yönlü bir TCP bağlantısının her
+ yarısını diğerinden bağımsız olarak) kapatması gerekir.</p>
+
+ <p>Bu özellik Apache'ye eklendiğinde Unix'in çeşitli sürümlerinde
+ uzgörüsüzlükten dolayı bir takım geçici telaş sorunlarına sebep oldu.
+ TCP belirtimi <code>FIN_WAIT_2</code> durumunda bir zaman aşımından
+ bahsetmez ama yasaklamaz da. Zaman aşımı olmayan sistemlerde, Apache
+ 1.2 çoğu soketin sonsuza kadar <code>FIN_WAIT_2</code> durumunda
+ takılıp kalmasına sebep olur. Çoğu durumda, satıcıdan sağlanan en son
+ TCP/IP yamalarını uygulanarak bu önlenebilir. Satıcının hiçbir yeni
+ yama dağıtmadığı durumlarda (örneğin, SunOS4 -- bir kaynak lisansı ile
+ insanlar bunu kendileri yamayabilirse de) bu özelliği devre dışı
+ bırakmaya karar verdik.</p>
+
+ <p>Bunun üstesinden gelmenin iki yolu vardır. Bunlardan biri
+ <code>SO_LINGER</code> soket seçeneğidir. Bu işin kaderi buymuş gibi
+ görünürse de çoğu TCP/IP yığıtında bu gerektiği gibi
+ gerçeklenmemiştir. Bu yığıtlar üzerinde, bu yöntemin, doğru bir
+ gerçeklenimle bile (örneğin, Linux 2.0.31) sonraki çözümden daha
+ pahalı olduğu ortaya çıkmıştır.</p>
+
+ <p>Çoğunlukla, Apache bunu (<code>http_main.c</code> içindeki)
+ <code>lingering_close</code> adında bir işlevle gerçekler. Bu işlev
+ kabaca şöyle görünür:</p>
+
+ <pre class="prettyprint lang-c"> void lingering_close (int s)
+ {
+ char junk_buffer[2048];
+
+ /* shutdown the sending side */
+ shutdown (s, 1);
+
+ signal (SIGALRM, lingering_death);
+ alarm (30);
+
+ for (;;) {
+ select (s for reading, 2 second timeout);
+ if (error) break;
+ if (s is ready for reading) {
+ if (read (s, junk_buffer, sizeof (junk_buffer)) &lt;= 0) {
+ break;
+ }
+ /* just toss away whatever is here */
+ }
+ }
+
+ close (s);
+ }</pre>
+
+
+ <p>Bağlantı sonunda bu doğal olarak biraz daha masrafa yol açar, fakat
+ güvenilir bir gerçeklenim için bu gereklidir. HTTP/1.1'in daha yaygın
+ kullanılmaya başlanması ve tüm bağlantıların kalıcı hale gelmesiyle bu
+ gerçeklenim daha fazla istek üzerinden kendi masrafını
+ karşılayacaktır. Ateşle oynamak ve bu özelliği devre dışı bırakmak
+ isterseniz <code>NO_LINGCLOSE</code>'u tanımlayabilirsiniz, fakat bu
+ asla önerilmez. Özellikle, HTTP/1.1'den itibaren boruhatlı kalıcı
+ bağlantıların <code>lingering_close</code> kullanmaya başlaması mutlak
+ bir gerekliliktir (ve <a href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html">
+ boruhatlı bağlantıların daha hızlı</a> olması nedeniyle bu
+ bağlantıları desteklemek isteyebilirsiniz).</p>
+
+
+
+ <h3>Çetele Dosyası</h3>
+
+
+
+ <p>Apache'nin ana ve alt süreçleri birbirleriyle çetele denen birşey
+ üzerinden haberleşirler. Bunun en mükemmel şekilde paylaşımlı bellekte
+ gerçeklenmesi gerekir. Eriştiğimiz veya portlarını ayrıntılı olarak
+ belirttiğimiz işletim sistemleri için bu, genellikle paylaşımlı bellek
+ kullanılarak gerçeklenir. Geri kalanlar, öntanımlı olarak bunu bir
+ disk dosyası kullanarak gerçekler. Bir disk dosyaı yavaş olmanın yanı
+ sıra güvenilir de değildir (ve daha az özelliğe sahiptir). Mimarinizin
+ <code>src/main/conf.h</code> dosyasını inceleyin ve
+ <code>USE_MMAP_SCOREBOARD</code> veya
+ <code>USE_SHMGET_SCOREBOARD</code>'a bakın. Bu ikisinden birinin (ve
+ yanı sıra sırasıyla <code>HAVE_MMAP</code> veya
+ <code>HAVE_SHMGET</code>'in) tanımlanmış olması, sağlanan paylaşımlı
+ bellek kodunu etkinleştirir. Eğer sisteminiz diğer türdeki paylaşımlı
+ belleğe sahipse, <code>src/main/http_main.c</code> dosyasını açıp,
+ Apache'de bu belleği kullanması gereken kanca işlevleri ekleyin (Bize
+ de bir yama yollayın, lütfen).</p>
+
+ <div class="note">Tarihsel bilgi: Apache'nin Linux uyarlaması, Apache'nin 1.2
+ sürümüne kadar paylaşımlı belleği kullanmaya başlamamıştı. Bu kusur,
+ Apache'nin Linux üzerindeki erken dönem sürümlerinin davranışlarının
+ zayıf ve güvenilmez olmasına yol açmıştı.</div>
+
+
+
+ <h3>DYNAMIC_MODULE_LIMIT</h3>
+
+
+
+ <p>Devingen olarak yüklenen modülleri kullanmamak niyetindeyseniz
+ (burayı okuyan ve sunucunuzun başarımını son kırıntısına kadar
+ arttırmakla ilgilenen biriyseniz bunu düşünmezsiniz), sunucunuzu
+ derlerken seçenekler arasına <code>-DDYNAMIC_MODULE_LIMIT=0</code>
+ seçeneğini de ekleyin. Bu suretle, sadece, devingen olarak yüklenen
+ modüller için ayrılacak belleği kazanmış olacaksınız.</p>
+
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="trace" id="trace">Ek: Bir çağrı izlemesinin ayrıntılı çözümlemesi</a></h2>
+
+
+
+ <p>Burada, Solaris 8 üzerinde worker MPM'li Apache 2.0.38'in bir sistem
+ çağrısı izlenmektedir. Bu izleme şu komutla elde edilmiştir:</p>
+
+ <div class="example"><p><code>
+ truss -l -p <var>httpd_çocuk_pidi</var>.
+ </code></p></div>
+
+ <p><code>-l</code> seçeneği, truss'a hafif bir sürecin yaptığı her
+ sistem çağrısını (hafif süreç -- HS -- Solaris'in bir çekirdek seviyesi
+ evreleme biçimi) günlüğe yazmasını söyler.</p>
+
+ <p>Diğer sistemlerin sistem çağrılarını izleyen farklı araçları vardır
+ (<code>strace</code>, <code>ktrace</code>, <code>par</code> gibi).
+ Bunlar da benzer çıktılar üretirler.</p>
+
+ <p>Bu izleme sırasında, bir istemci httpd'den 10 KB'lık duruk bir dosya
+ talebinde bulunmuştur. Duruk olmayan veya içerik uzlaşımlı isteklerin
+ izleme kayıtları vahşice (bazı durumlarda epey çirkince) farklı
+ görünür.</p>
+
+ <div class="example"><p><code>
+ /67: accept(3, 0x00200BEC, 0x00200C0C, 1) (uykuda...)<br />
+ /67: accept(3, 0x00200BEC, 0x00200C0C, 1) = 9
+ </code></p></div>
+
+ <p>Bu izlemede, dinleyen evre HS #67 içinde çalışmaktadır.</p>
+
+ <div class="note"><code>accept(2)</code> dizgelemesinin olmayışına dikkat edin.
+ Özellikle bu platformda worker MPM, çok sayıda portu dinlemedikçe,
+ öntanımlı olarak dizgeleştirilmemiş bir accept çağrısı kullanır.</div>
+
+ <div class="example"><p><code>
+ /65: lwp_park(0x00000000, 0) = 0<br />
+ /67: lwp_unpark(65, 1) = 0
+ </code></p></div>
+
+ <p>Bağlantının kabul edilmesiyle, dinleyici evre isteği yerine getirmek
+ üzere bir worker evresini uyandırır. Bu izlemede, isteği yerine getiren
+ worker evresi HS #65'e aittir.</p>
+
+ <div class="example"><p><code>
+ /65: getsockname(9, 0x00200BA4, 0x00200BC4, 1) = 0
+ </code></p></div>
+
+ <p>Sanal konakların gerçeklenimi sırasında, Apache'nin, bağlantıları
+ kabul etmek için kullanılan yerel soket adreslerini bilmesi gerekir.
+ Çoğu durumda bu çağrıyı bertaraf etmek mümkündür (hiç sanal konağın
+ olmadığı veya <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code>
+ yönergelerinin mutlak adreslerle kullanıldığı durumlarda). Fakat bu en
+ iyilemeleri yapmak için henüz bir çaba harcanmamıştır.</p>
+
+ <div class="example"><p><code>
+ /65: brk(0x002170E8) = 0<br />
+ /65: brk(0x002190E8) = 0
+ </code></p></div>
+
+ <p><code>brk(2)</code> çağrıları devingen bellekten bellek ayırır. httpd
+ çoğu isteği yerine getirirken özel bellek ayırıcılar
+ (<code>apr_pool</code> ve <code>apr_bucket_alloc</code>) kullandığından
+ bunlar bir sistem çağrısı izlemesinde nadiren görünür. Bu izlemede,
+ httpd henüz yeni başlatıldığından, özel bellek ayırıcıları oluşturmak
+ için ham bellek bloklarını ayırmak amacıyla <code>malloc(3)</code>
+ çağrıları yapması gerekir.</p>
+
+ <div class="example"><p><code>
+/65: fcntl(9, F_GETFL, 0x00000000) = 2<br />
+/65: fstat64(9, 0xFAF7B818) = 0<br />
+/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0<br />
+/65: fstat64(9, 0xFAF7B818) = 0<br />
+/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0<br />
+/65: setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0<br />
+/65: fcntl(9, F_SETFL, 0x00000082) = 0
+ </code></p></div>
+
+ <p>Ardından, worker evresi istemciye (dosya tanıtıcısı 9) engellenmeyen
+ kipte bir bağlantı açar. <code>setsockopt(2)</code>
+ ve <code>getsockopt(2)</code> çağrıları, Solaris libc'sinin soketler
+ üzerindeki <code>fcntl(2)</code> çağrısı yanında birer yan etkiden
+ ibarettirler.</p>
+
+ <div class="example"><p><code>
+ /65: read(9, " G E T / 1 0 k . h t m".., 8000) = 97
+ </code></p></div>
+
+ <p>Worker evresi istemciden isteği okur.</p>
+
+ <div class="example"><p><code>
+/65: stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0<br />
+/65: open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10
+ </code></p></div>
+
+ <p>Bu httpd <code>Options FollowSymLinks</code> ve <code>AllowOverride
+ None</code> ile yapılandırılmıştır. Bu bakımdan, ne istenen dosya ile
+ sonuçlanan yol üzerindeki her dizinde <code>lstat(2)</code> çağrısına ne
+ de <code>.htaccess</code> dosyalarına bakılmasına gerek vardır.
+ <code>stat(2)</code> çağrısı basitçe dosya için şunları doğrulamak
+ amacıyla yapılır: 1) dosya mevcuttur ve 2) bir dizin değil normal bir
+ dosyadır.</p>
+
+ <div class="example"><p><code>
+ /65: sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C) = 10269
+ </code></p></div>
+
+ <p>Bu örnekte, httpd, istenen dosyayı ve HTTP yanıt başlığını tek bir
+ <code>sendfilev(2)</code> sistem çağrısı ile göndermektedir. Dosya
+ gönderim işleminin anlamı sistemden sisteme değişiklik gösterir. Bazı
+ sistemlerde, <code>sendfile(2)</code> çağrısından önce başlıkları
+ göndermek için <code>write(2)</code> veya <code>writev(2)</code>
+ çağrısı yapmak gerekir.</p>
+
+ <div class="example"><p><code>
+ /65: write(4, " 1 2 7 . 0 . 0 . 1 - ".., 78) = 78
+ </code></p></div>
+
+ <p>Bu <code>write(2)</code> çağrısı isteği erişim günlüğüne kaydeder. Bu
+ izlemede eksik olan tek şey, <code>time(2)</code> çağrısıdır. Apache
+ 1.3'ün aksine, Apache 2.x zamana bakmak için
+ <code>gettimeofday(3)</code> çağırısını kullanır. Linux ve Solaris gibi
+ bazı işletim sistemleri, <code>gettimeofday</code> işlevinin, sıradan
+ bir sistem çağrısından daha fazla götürüsü olmayan en iyilenmiş bir
+ gerçeklenimine sahiptir.</p>
+
+ <div class="example"><p><code>
+ /65: shutdown(9, 1, 1) = 0<br />
+ /65: poll(0xFAF7B980, 1, 2000) = 1<br />
+ /65: read(9, 0xFAF7BC20, 512) = 0<br />
+ /65: close(9) = 0
+ </code></p></div>
+
+ <p>Burada worker evresi bağlantıyı zamana yaymaktadır.</p>
+
+ <div class="example"><p><code>
+ /65: close(10) = 0<br />
+ /65: lwp_park(0x00000000, 0) (uykuda...)
+ </code></p></div>
+
+ <p>Son olarak, worker evresi teslim edilen dosyayı kapattıktan sonra
+ dinleyici evre tarafından başka bir bağlantı atanıncaya kadar beklemeye
+ alınır.</p>
+
+ <div class="example"><p><code>
+ /67: accept(3, 0x001FEB74, 0x001FEB94, 1) (uykuda...)
+ </code></p></div>
+
+ <p>Bu arada, dinleyici evre bağlantıyı bir worker evresine atar atamaz
+ başka bir bağlantıyı beklemeye başlar (Mevcut tüm evreler meşgulse
+ dinleyici evreyi baskılayan worker MPM'nin akış denetim şemasına konu
+ olur). Bu izlemede görünmüyor olsa da sonraki <code>accept(2)</code>
+ çağrısı, yeni bağlantı kabul eden worker evresine paralel olarak
+ yapılabilir (aşırı yük durumlarında normal olarak, bu yapılır).</p>
+
+ </div></div>
+<div class="bottomlang">
+<p><span>Mevcut Diller: </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/perf-tuning.html" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Yorumlar</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/perf-tuning.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br /><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> altında lisanslıdır.</p>
+<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/relevant_standards.html b/docs/manual/misc/relevant_standards.html
new file mode 100644
index 0000000..3b23231
--- /dev/null
+++ b/docs/manual/misc/relevant_standards.html
@@ -0,0 +1,13 @@
+# GENERATED FROM XML -- DO NOT EDIT
+
+URI: relevant_standards.html.en
+Content-Language: en
+Content-type: text/html; charset=UTF-8
+
+URI: relevant_standards.html.fr.utf8
+Content-Language: fr
+Content-type: text/html; charset=UTF-8
+
+URI: relevant_standards.html.ko.euc-kr
+Content-Language: ko
+Content-type: text/html; charset=EUC-KR
diff --git a/docs/manual/misc/relevant_standards.html.en b/docs/manual/misc/relevant_standards.html.en
new file mode 100644
index 0000000..58f6f18
--- /dev/null
+++ b/docs/manual/misc/relevant_standards.html.en
@@ -0,0 +1,234 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Relevant Standards - Apache HTTP Server Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1>Relevant Standards</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/misc/relevant_standards.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/relevant_standards.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/relevant_standards.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
+</div>
+
+ <p>This page documents all the relevant standards that the
+ Apache HTTP Server follows, along with brief descriptions.</p>
+
+ <p>In addition to the information listed below, the following resources
+ should be consulted:</p>
+
+ <ul>
+ <li>
+ <a href="http://purl.org/NET/http-errata">
+ http://purl.org/NET/http-errata</a> - HTTP/1.1 Specification Errata
+ </li>
+ <li>
+ <a href="http://www.rfc-editor.org/errata.php">
+ http://www.rfc-editor.org/errata.php</a> - RFC Errata
+ </li>
+ <li>
+ <a href="http://ftp.ics.uci.edu/pub/ietf/http/#RFC">
+ http://ftp.ics.uci.edu/pub/ietf/http/#RFC</a> - A pre-compiled list
+ of HTTP related RFCs
+ </li>
+ </ul>
+
+ <div class="warning"><h3>Notice</h3>
+ <p>This document is not yet complete.</p>
+ </div>
+
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#http_recommendations">HTTP Recommendations</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#html_recommendations">HTML Recommendations</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authentication">Authentication</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#language_country_codes">Language/Country Codes</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="http_recommendations" id="http_recommendations">HTTP Recommendations</a></h2>
+
+ <p>Regardless of what modules are compiled and used, Apache as a
+ basic web server complies with the following IETF recommendations:</p>
+
+ <dl>
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc1945.txt">RFC 1945</a>
+ (Informational)</dt>
+
+ <dd>The Hypertext Transfer Protocol (HTTP) is an application-level
+ protocol with the lightness and speed necessary for distributed,
+ collaborative, hypermedia information systems. This documents
+ HTTP/1.0.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2616.txt">RFC 2616</a>
+ (Standards Track)</dt>
+
+ <dd>The Hypertext Transfer Protocol (HTTP) is an
+ application-level protocol for distributed, collaborative,
+ hypermedia information systems. This documents HTTP/1.1.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2396.txt">RFC 2396</a>
+ (Standards Track)</dt>
+
+ <dd>A Uniform Resource Identifier (URI) is a compact string of
+ characters for identifying an abstract or physical resource.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc4346.txt">RFC 4346</a>
+ (Standards Track)</dt>
+
+ <dd>The TLS protocol provides communications security over the
+ Internet. It provides encryption, and is designed to prevent
+ eavesdropping, tampering, and message forgery.</dd>
+ </dl>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="html_recommendations" id="html_recommendations">HTML Recommendations</a></h2>
+
+ <p>Regarding the Hypertext Markup Language, Apache complies with
+ the following IETF and W3C recommendations:</p>
+
+ <dl>
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2854.txt">RFC 2854</a>
+ (Informational)</dt>
+
+ <dd>This document summarizes the history of HTML development,
+ and defines the "text/html" MIME type by pointing to the relevant
+ W3C recommendations.</dd>
+
+ <dt><a href="http://www.w3.org/TR/html401">HTML 4.01 Specification</a>
+ (<a href="http://www.w3.org/MarkUp/html4-updates/errata">Errata</a>)
+ </dt>
+
+ <dd>This specification defines the HyperText Markup Language (HTML),
+ the publishing language of the World Wide Web. This specification
+ defines HTML 4.01, which is a subversion of HTML 4.</dd>
+
+ <dt><a href="http://www.w3.org/TR/REC-html32">HTML 3.2 Reference
+ Specification</a></dt>
+
+ <dd>The HyperText Markup Language (HTML) is a simple markup language
+ used to create hypertext documents that are portable from one
+ platform to another. HTML documents are SGML documents.</dd>
+
+ <dt><a href="http://www.w3.org/TR/xhtml11/">XHTML 1.1 -
+ Module-based XHTML</a>
+ (<a href="http://www.w3.org/MarkUp/2009/xhtml11-2nd-edition-errata.html">Errata</a>)
+ </dt>
+
+ <dd>This Recommendation defines a new XHTML document type
+ that is based upon the module framework and modules defined in
+ Modularization of XHTML.</dd>
+
+ <dt><a href="http://www.w3.org/TR/xhtml1">XHTML 1.0 The
+ Extensible HyperText Markup Language (Second Edition)</a>
+ (<a href="http://www.w3.org/2002/08/REC-xhtml1-20020801-errata/">Errata</a>)
+ </dt>
+
+ <dd>This specification defines the Second Edition of XHTML 1.0,
+ a reformulation of HTML 4 as an XML 1.0 application, and three
+ DTDs corresponding to the ones defined by HTML 4.</dd>
+ </dl>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="authentication" id="authentication">Authentication</a></h2>
+
+ <p>Concerning the different methods of authentication, Apache
+ follows the following IETF recommendations:</p>
+
+ <dl>
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2617.txt">RFC 2617</a>
+ (Standards Track)</dt>
+
+ <dd>"HTTP/1.0", includes the specification for a Basic
+ Access Authentication scheme.</dd>
+
+ </dl>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="language_country_codes" id="language_country_codes">Language/Country Codes</a></h2>
+
+ <p>The following links document ISO and other language and country
+ code information:</p>
+
+ <dl>
+ <dt><a href="http://www.loc.gov/standards/iso639-2/">ISO 639-2</a></dt>
+
+ <dd>ISO 639 provides two sets of language codes, one as a two-letter
+ code set (639-1) and another as a three-letter code set (this part
+ of ISO 639) for the representation of names of languages.</dd>
+
+ <dt><a href="http://www.iso.org/iso/country_codes">
+ ISO 3166-1</a></dt>
+
+ <dd>These pages document the country names (official short names
+ in English) in alphabetical order as given in ISO 3166-1 and the
+ corresponding ISO 3166-1-alpha-2 code elements.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/bcp/bcp47.txt">BCP 47</a>
+ (Best Current Practice),
+ <a href="http://www.rfc-editor.org/rfc/rfc3066.txt">RFC 3066</a></dt>
+
+ <dd>This document describes a language tag for use in cases where
+ it is desired to indicate the language used in an information
+ object, how to register values for use in this language tag,
+ and a construct for matching such language tags.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc3282.txt">RFC 3282</a>
+ (Standards Track)</dt>
+
+ <dd>This document defines a "Content-language:" header, for use in
+ cases where one desires to indicate the language of something that
+ has RFC 822-like headers, like MIME body parts or Web documents,
+ and an "Accept-Language:" header for use in cases where one wishes
+ to indicate one's preferences with regard to language.</dd>
+ </dl>
+
+ </div></div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/misc/relevant_standards.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/relevant_standards.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/relevant_standards.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/relevant_standards.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/relevant_standards.html.fr.utf8 b/docs/manual/misc/relevant_standards.html.fr.utf8
new file mode 100644
index 0000000..12b8663
--- /dev/null
+++ b/docs/manual/misc/relevant_standards.html.fr.utf8
@@ -0,0 +1,253 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Standards applicables - Serveur HTTP Apache Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p>
+<p class="apache">Serveur HTTP Apache Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">Serveur HTTP</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Documentations diverses</a></div><div id="page-content"><div id="preamble"><h1>Standards applicables</h1>
+<div class="toplang">
+<p><span>Langues Disponibles: </span><a href="../en/misc/relevant_standards.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/relevant_standards.html" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/relevant_standards.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
+</div>
+
+ <p>Cette page documente tous les standards applicables que suit le
+ serveur HTTP Apache, accompagnés d'une brève description.</p>
+
+ <p>Pour compléter les informations fournies ci-dessous, vous pouvez
+ consulter les ressources suivantes :</p>
+
+ <ul>
+ <li>
+ <a href="http://purl.org/NET/http-errata">
+ http://purl.org/NET/http-errata</a> - Corrections de la
+ spécification HTTP/1.1
+ </li>
+ <li>
+ <a href="http://www.rfc-editor.org/errata.php">
+ http://www.rfc-editor.org/errata.php</a> - Corrections des RFCs
+ </li>
+ <li>
+ <a href="http://ftp.ics.uci.edu/pub/ietf/http/#RFC">
+ http://ftp.ics.uci.edu/pub/ietf/http/#RFC</a> - Une liste
+ précompilée des RFCs en rapport avec HTTP
+ </li>
+ </ul>
+
+ <div class="warning"><h3>Avertissement</h3>
+ <p>Ce document n'est pas encore finalisé.</p>
+ </div>
+
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#http_recommendations">Recommandations HTTP</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#html_recommendations">Recommandations HTML</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authentication">Authentification</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#language_country_codes">Codes de langues et de
+ pays</a></li>
+</ul><h3>Voir aussi</h3><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="http_recommendations" id="http_recommendations">Recommandations HTTP</a></h2>
+
+ <p>Indépendamment des modules compilés et utilisés, Apache en
+ tant que serveur web de base respecte les recommandations IETF
+ suivantes :</p>
+
+ <dl>
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc1945.txt">RFC 1945</a>
+ (Informations)</dt>
+
+ <dd>Le Protocole de Transfert Hypertexte (Hypertext Transfer
+ Protocol - HTTP) est un protocole de niveau application avec la
+ clarté et la vitesse nécessaires pour les systèmes d'informations
+ distribués, collaboratifs et hypermédia. Cette RFC documente le
+ protocole HTTP/1.0.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2616.txt">RFC 2616</a>
+ (Série de standards)</dt>
+
+ <dd>Le Protocole de Transfert Hypertexte (Hypertext Transfer
+ Protocol - HTTP) est un protocole de niveau application pour les
+ systèmes d'informations distribués, collaboratifs et hypermédia.
+ Cette RFC documente le protocole HTTP/1.1.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2396.txt">RFC 2396</a>
+ (Série de standards)</dt>
+
+ <dd>Un Identificateur de Ressource Uniforme (Uniform Resource
+ Identifier - URI) est une chaîne de caractères compacte permettant
+ d'identifier une ressource physique ou abstraite.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc4346.txt">RFC 4346</a>
+ (Série de standards)</dt>
+
+ <dd>Le protocole TLS permet l'utilisation de communications
+ sécurisées sur l'Internet. Il fournit le chiffrement, et a été
+ conçu pour se prémunir contre l'interception, la modification et
+ la falsification de messages.</dd>
+ </dl>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="html_recommendations" id="html_recommendations">Recommandations HTML</a></h2>
+
+ <p>En ce qui concerne le langage HTML, Apache respecte les
+ recommandations IETF et W3C suivantes :</p>
+
+ <dl>
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2854.txt">RFC 2854</a>
+ (Informations)</dt>
+
+ <dd>Ce document résume l'historique du développement de HTML, et
+ définit le type MIME "text/html" en pointant les recommandations
+ W3C correspondantes.</dd>
+
+ <dt><a href="http://www.w3.org/TR/html401">Spécification HTML
+ 4.01</a>
+ (<a href="http://www.w3.org/MarkUp/html4-updates/errata">Corrections
+ d'erreurs</a>)
+ </dt>
+
+ <dd>Cette spécification définit le Langage à Balises HyperTexte
+ (HyperText Markup Language - HTML), le langage de publication du
+ World Wide Web. Elle définit HTML 4.01, qui est une sous-version
+ de HTML 4.</dd>
+
+ <dt><a href="http://www.w3.org/TR/REC-html32">Référence HTML
+ 3.2</a></dt>
+
+ <dd>Le langage à Balises HyperTexte (HyperText Markup Language -
+ HTML) est un langage à balises simple permettant de créer des
+ documents hypertextes portables. Les documents HTML sont aussi des
+ documents SGML.</dd>
+
+ <dt><a href="http://www.w3.org/TR/xhtml11/">XHTML 1.1 -
+ XHTML sous forme de modules</a>
+ (<a href="http://www.w3.org/MarkUp/2009/xhtml11-2nd-edition-errata.html">Corrections
+ d'erreurs</a>)
+ </dt>
+
+ <dd>Cette recommandation définit un nouveau type de document XHTML
+ basé sur le cadre de développement des modules et les modules
+ définis dans la modularisation de XHTML.</dd>
+
+ <dt><a href="http://www.w3.org/TR/xhtml1">XHTML 1.0, le Langage à
+ Balises Hypertexte Extensible (Extensible HyperText Markup
+ Language) - Seconde édition</a>
+ (<a href="http://www.w3.org/2002/08/REC-xhtml1-20020801-errata/">Corrections
+ d'erreurs</a>)
+ </dt>
+
+ <dd>Cette spécification définit la seconde édition de XHTML 1.0,
+ une reformulation de HTML 4 en tant qu'application XML 1.0, ainsi
+ que trois DTDs correspondant à celles définies par HTML 4.</dd>
+ </dl>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="authentication" id="authentication">Authentification</a></h2>
+
+ <p>En ce qui concerne les différentes méthodes d'authentification,
+ Apache respecte les recommandations IETF suivantes :</p>
+
+ <dl>
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2617.txt">RFC 2617</a>
+ (Le track des standards)</dt>
+
+ <dd>"HTTP/1.0", y compris la spécification d'un protocole basique
+ d'authentification et de contrôle d'accès.</dd>
+
+ </dl>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="language_country_codes" id="language_country_codes">Codes de langues et de
+ pays</a></h2>
+
+ <p>Les liens suivants fournissent des informations à propos des
+ codes de langues et de pays aux normes ISO ou autres :</p>
+
+ <dl>
+ <dt><a href="http://www.loc.gov/standards/iso639-2/">ISO 639-2</a></dt>
+
+ <dd>ISO 639 fournit deux jeux de codes de langues permettant de
+ représenter les noms des langues ; le premier est
+ un jeu de codes sur deux lettres (639-1), le second (celui
+ présenté dans le lien ci-dessus), est un jeu de codes sur trois
+ lettres (639-2).</dd>
+
+ <dt><a href="http://www.iso.org/iso/country_codes">
+ ISO 3166-1</a></dt>
+
+ <dd>Ce document présente les noms de pays (les noms raccourcis
+ officiels en anglais) dans l'ordre alphabétique, tels qu'ils sont
+ présentés dans la norme ISO 3166-1 et les éléments de codes
+ correspondants de la norme ISO 3166-1-alpha-2.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/bcp/bcp47.txt">BCP 47</a>
+ (Les meilleurs pratiques courantes),
+ <a href="http://www.rfc-editor.org/rfc/rfc3066.txt">RFC 3066</a></dt>
+
+ <dd>Ce document décrit une balise de langue permettant de
+ spécifier la langue utilisé dans un objet contenant des
+ informations, la manière d'enregistrer des valeurs à utiliser dans
+ cette balise de langage, et une méthode pour comparer les balises
+ de langue de ce style.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc3282.txt">RFC 3282</a>
+ (Série de standards)</dt>
+
+ <dd>Ce document définit un en-tête "Content-language:" permettant
+ de spécifier le langage d'un élément possédant des en-têtes du
+ style RFC 822, comme les portions de corps MIME ou les documents
+ Web, et un en-tête "Accept-Language:" permettant de spécifier des
+ préférences en matière de langue.</dd>
+ </dl>
+
+ </div></div>
+<div class="bottomlang">
+<p><span>Langues Disponibles: </span><a href="../en/misc/relevant_standards.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/relevant_standards.html" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/relevant_standards.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/relevant_standards.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/relevant_standards.html.ko.euc-kr b/docs/manual/misc/relevant_standards.html.ko.euc-kr
new file mode 100644
index 0000000..c1c8007
--- /dev/null
+++ b/docs/manual/misc/relevant_standards.html.ko.euc-kr
@@ -0,0 +1,221 @@
+<?xml version="1.0" encoding="EUC-KR"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head>
+<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title> ǥ - Apache HTTP Server Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p>
+<p class="apache">Apache HTTP Server Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1> ǥ</h1>
+<div class="toplang">
+<p><span> : </span><a href="../en/misc/relevant_standards.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/relevant_standards.html" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/relevant_standards.html" title="Korean">&nbsp;ko&nbsp;</a></p>
+</div>
+<div class="outofdate"> ֽ ƴմϴ.
+ ֱٿ ϼ.</div>
+
+ <p> Բ ġ
+ ǥ Ѵ.</p>
+
+ <p>Ʒ Ͽ ڷᵵ Ѵ:</p>
+
+ <ul>
+ <li>
+ <a href="http://purl.org/NET/http-errata">
+ http://purl.org/NET/http-errata</a> - HTTP/1.1 Ծ
+ ǥ
+ </li>
+ <li>
+ <a href="http://www.rfc-editor.org/errata.html">
+ http://www.rfc-editor.org/errata.html</a> - RFC ǥ
+ </li>
+ <li>
+ <a href="http://ftp.ics.uci.edu/pub/ietf/http/#RFC">
+ http://ftp.ics.uci.edu/pub/ietf/http/#RFC</a> - HTTP
+ RFC
+ </li>
+ </ul>
+
+ <div class="warning"><h3></h3>
+ <p> ʴ.</p>
+ </div>
+
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#http_recommendations">HTTP ǰ</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#html_recommendations">HTML ǰ</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authentication"></a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#language_country_codes">/ ڵ</a></li>
+</ul><h3></h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="http_recommendations" id="http_recommendations">HTTP ǰ</a></h2>
+
+ <p> ϰ ϴ ⺻
+ ġ IETF ǰ(recommendation) :</p>
+
+ <dl>
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc1945.txt">RFC 1945</a>
+ (Informational)</dt>
+
+ <dd>ؽƮ (Hypertext Transfer Protocol,
+ HTTP) л, , ۸ü ýۿ ʿ
+ ø̼ (application-level) ̴.
+ HTTP/1.0 Ѵ.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2616.txt">RFC 2616</a>
+ (Standards Track)</dt>
+
+ <dd>ؽƮ (Hypertext Transfer Protocol,
+ HTTP) л, , ۸ü ý ø̼
+ ̴. HTTP/1.1 Ѵ.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2396.txt">RFC 2396</a>
+ (Standards Track)</dt>
+
+ <dd>ǥ ڿ ĺ (Uniform Resource Identifier, URI)
+ ߻ Ȥ ڿ ĺϱ ª ڿ̴.</dd>
+ </dl>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="html_recommendations" id="html_recommendations">HTML ǰ</a></h2>
+
+ <p>ؽƮ ũ (Hypertext Markup Language,
+ HTML) Ͽ ġ IETF ǰ W3C ǰ :</p>
+
+ <dl>
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2854.txt">RFC 2854</a>
+ (Informational)</dt>
+
+ <dd> HTML ߰ ϰ, W3C ǰ
+ "text/html" MIME type Ѵ.</dd>
+
+ <dt><a href="http://www.w3.org/TR/html401">HTML 4.01 Ծ</a>
+ (<a href="http://www.w3.org/MarkUp/html4-updates/errata">Errata</a>)
+ </dt>
+
+ <dd> Ծ ̵ Ǿ ؽƮ ũ
+ (Hypertext Markup Language, HTML) Ѵ.
+ Ծ HTML 4 HTML 4.01 Ѵ.</dd>
+
+ <dt><a href="http://www.w3.org/TR/REC-html32">HTML 3.2 Ծ</a></dt>
+
+ <dd>ؽƮ ũ (Hypertext Markup Language,
+ HTML) ÷ ؽƮ
+ ũ ̴. HTML SGML ̱⵵ ϴ.</dd>
+
+ <dt><a href="http://www.w3.org/TR/xhtml11/">XHTML 1.1 -
+ XHTML</a>
+ (<a href="http://www.w3.org/2001/04/REC-xhtml-modularization-20060410-errata">ǥ</a>)
+ </dt>
+
+ <dd> ǰ Modularization of XHTML
+ ÷ӿũ ο XHTML document type
+ Ѵ.</dd>
+
+ <dt><a href="http://www.w3.org/TR/xhtml1">XHTML 1.0
+ Ȯ ؽƮ ũ (Extensible HyperText Markup
+ Language) (Second Edition)</a>
+ (<a href="http://www.w3.org/2002/08/REC-xhtml1-20060801-errata">ǥ</a>)
+ </dt>
+
+ <dd> HTML 4 XML 1.0 籸 XHTML 1.0
+ ι° HTML 4 شϴ DTD Ѵ.</dd>
+ </dl>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="authentication" id="authentication"></a></h2>
+
+ <p> ġ IETF ǰ :</p>
+
+ <dl>
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc2617.txt">RFC 2617</a>
+ (Draft standard)</dt>
+
+ <dd>Basic Access Authentication Ծ "HTTP/1.0".</dd>
+
+ </dl>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="language_country_codes" id="language_country_codes">/ ڵ</a></h2>
+
+ <p>Ʒ ũ ISO ٸ / ڵ ִ:</p>
+
+ <dl>
+ <dt><a href="http://www.loc.gov/standards/iso639-2/">ISO 639-2</a></dt>
+
+ <dd>ISO 639 ̸ Ÿ ΰ ڵ带
+ Ѵ. ϳ (639-1) ڵ̰ ٸ ϳ
+ ( ) ڵ̴.</dd>
+
+ <dt><a href="http://www.iso.ch/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/index.html">
+ ISO 3166-1</a></dt>
+
+ <dd> ISO 3166-1 ISO 3166-1-alpha-2 ڵ忡
+ ĺ ( ª ̸) Ѵ.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/bcp/bcp47.txt">BCP 47</a>
+ (Best Current Practice),
+ <a href="http://www.rfc-editor.org/rfc/rfc3066.txt">RFC 3066</a></dt>
+
+ <dd> ü  ˸
+ ±׿ ±׿ ϴ ,
+ ±׸ ã Ѵ.</dd>
+
+ <dt><a href="http://www.rfc-editor.org/rfc/rfc3282.txt">RFC 3282</a>
+ (Standards Track)</dt>
+
+ <dd> MIME κа RFC 822
+ ִ  ˸ "Content-language:"
+ , ȣϴ  Ÿ "Accept-Language:"
+ Ѵ.</dd>
+ </dl>
+
+ </div></div>
+<div class="bottomlang">
+<p><span> : </span><a href="../en/misc/relevant_standards.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/relevant_standards.html" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/relevant_standards.html" title="Korean">&nbsp;ko&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/relevant_standards.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/security_tips.html b/docs/manual/misc/security_tips.html
new file mode 100644
index 0000000..9324c2d
--- /dev/null
+++ b/docs/manual/misc/security_tips.html
@@ -0,0 +1,17 @@
+# GENERATED FROM XML -- DO NOT EDIT
+
+URI: security_tips.html.en
+Content-Language: en
+Content-type: text/html; charset=UTF-8
+
+URI: security_tips.html.fr.utf8
+Content-Language: fr
+Content-type: text/html; charset=UTF-8
+
+URI: security_tips.html.ko.euc-kr
+Content-Language: ko
+Content-type: text/html; charset=EUC-KR
+
+URI: security_tips.html.tr.utf8
+Content-Language: tr
+Content-type: text/html; charset=UTF-8
diff --git a/docs/manual/misc/security_tips.html.en b/docs/manual/misc/security_tips.html.en
new file mode 100644
index 0000000..1aabfe3
--- /dev/null
+++ b/docs/manual/misc/security_tips.html.en
@@ -0,0 +1,491 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Security Tips - Apache HTTP Server Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1>Security Tips</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/misc/security_tips.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div>
+
+ <p>Some hints and tips on security issues in setting up a web server.
+ Some of the suggestions will be general, others specific to Apache.</p>
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#uptodate">Keep up to Date</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dos">Denial of Service (DoS) attacks</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#serverroot">Permissions on ServerRoot Directories</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ssi">Server Side Includes</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#cgi">CGI in General</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi">Non Script Aliased CGI</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi">Script Aliased CGI</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dynamic">Other sources of dynamic content</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dynamicsec">Dynamic content security</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Protecting System Settings</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Protect Server Files by Default</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Watching Your Logs</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#merging">Merging of configuration sections</a></li>
+</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="uptodate" id="uptodate">Keep up to Date</a></h2>
+
+ <p>The Apache HTTP Server has a good record for security and a
+ developer community highly concerned about security issues. But
+ it is inevitable that some problems -- small or large -- will be
+ discovered in software after it is released. For this reason, it
+ is crucial to keep aware of updates to the software. If you have
+ obtained your version of the HTTP Server directly from Apache, we
+ highly recommend you subscribe to the <a href="http://httpd.apache.org/lists.html#http-announce">Apache
+ HTTP Server Announcements List</a> where you can keep informed of
+ new releases and security updates. Similar services are available
+ from most third-party distributors of Apache software.</p>
+
+ <p>Of course, most times that a web server is compromised, it is
+ not because of problems in the HTTP Server code. Rather, it comes
+ from problems in add-on code, CGI scripts, or the underlying
+ Operating System. You must therefore stay aware of problems and
+ updates with all the software on your system.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="dos" id="dos">Denial of Service (DoS) attacks</a></h2>
+
+
+
+ <p>All network servers can be subject to denial of service attacks
+ that attempt to prevent responses to clients by tying up the
+ resources of the server. It is not possible to prevent such
+ attacks entirely, but you can do certain things to mitigate the
+ problems that they create.</p>
+
+ <p>Often the most effective anti-DoS tool will be a firewall or
+ other operating-system configurations. For example, most
+ firewalls can be configured to restrict the number of simultaneous
+ connections from any individual IP address or network, thus
+ preventing a range of simple attacks. Of course this is no help
+ against Distributed Denial of Service attacks (DDoS).</p>
+
+ <p>There are also certain Apache HTTP Server configuration
+ settings that can help mitigate problems:</p>
+
+ <ul>
+ <li>The <code class="directive"><a href="../mod/mod_reqtimeout.html#requestreadtimeout">RequestReadTimeout</a></code>
+ directive allows to limit the time a client may take to send the
+ request.</li>
+
+ <li>The <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code> directive
+ should be lowered on sites that are subject to DoS attacks.
+ Setting this to as low as a few seconds may be appropriate.
+ As <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code> is currently
+ used for several different operations, setting it to a low value
+ introduces problems with long running CGI scripts.</li>
+
+ <li>The <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code>
+ directive may be also lowered on sites that are subject to DoS
+ attacks. Some sites even turn off the keepalives completely via
+ <code class="directive"><a href="../mod/core.html#keepalive">KeepAlive</a></code>, which has of course
+ other drawbacks on performance.</li>
+
+ <li>The values of various timeout-related directives provided by
+ other modules should be checked.</li>
+
+ <li>The directives
+ <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestfields">LimitRequestFields</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestfieldsize">LimitRequestFieldSize</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestline">LimitRequestLine</a></code>, and
+ <code class="directive"><a href="../mod/core.html#limitxmlrequestbody">LimitXMLRequestBody</a></code>
+ should be carefully configured to limit resource consumption
+ triggered by client input.</li>
+
+ <li>On operating systems that support it, make sure that you use
+ the <code class="directive"><a href="../mod/core.html#acceptfilter">AcceptFilter</a></code> directive
+ to offload part of the request processing to the operating
+ system. This is active by default in Apache httpd, but may
+ require reconfiguration of your kernel.</li>
+
+ <li>Tune the <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> directive to allow
+ the server to handle the maximum number of simultaneous
+ connections without running out of resources. See also the <a href="perf-tuning.html">performance tuning
+ documentation</a>.</li>
+
+ <li>The use of a threaded <a href="../mpm.html">mpm</a> may
+ allow you to handle more simultaneous connections, thereby
+ mitigating DoS attacks. Further, the
+ <code class="module"><a href="../mod/event.html">event</a></code> mpm
+ uses asynchronous processing to avoid devoting a thread to each
+ connection. Due to the nature of the OpenSSL library the
+ <code class="module"><a href="../mod/event.html">event</a></code> mpm is currently incompatible with
+ <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> and other input filters. In these
+ cases it falls back to the behaviour of the
+ <code class="module"><a href="../mod/worker.html">worker</a></code> mpm.</li>
+
+ <li>There are a number of third-party modules available
+ that can restrict certain client behaviors and thereby mitigate
+ DoS problems.</li>
+
+ </ul>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="serverroot" id="serverroot">Permissions on ServerRoot Directories</a></h2>
+
+
+
+ <p>In typical operation, Apache is started by the root user, and it
+ switches to the user defined by the <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> directive to serve hits. As is the
+ case with any command that root executes, you must take care that it is
+ protected from modification by non-root users. Not only must the files
+ themselves be writeable only by root, but so must the directories, and
+ parents of all directories. For example, if you choose to place
+ ServerRoot in <code>/usr/local/apache</code> then it is suggested that
+ you create that directory as root, with commands like these:</p>
+
+ <div class="example"><p><code>
+ mkdir /usr/local/apache <br />
+ cd /usr/local/apache <br />
+ mkdir bin conf logs <br />
+ chown 0 . bin conf logs <br />
+ chgrp 0 . bin conf logs <br />
+ chmod 755 . bin conf logs
+ </code></p></div>
+
+ <p>It is assumed that <code>/</code>, <code>/usr</code>, and
+ <code>/usr/local</code> are only modifiable by root. When you install the
+ <code class="program"><a href="../programs/httpd.html">httpd</a></code> executable, you should ensure that it is
+ similarly protected:</p>
+
+ <div class="example"><p><code>
+ cp httpd /usr/local/apache/bin <br />
+ chown 0 /usr/local/apache/bin/httpd <br />
+ chgrp 0 /usr/local/apache/bin/httpd <br />
+ chmod 511 /usr/local/apache/bin/httpd
+ </code></p></div>
+
+ <p>You can create an htdocs subdirectory which is modifiable by other
+ users -- since root never executes any files out of there, and shouldn't
+ be creating files in there.</p>
+
+ <p>If you allow non-root users to modify any files that root either
+ executes or writes on then you open your system to root compromises.
+ For example, someone could replace the <code class="program"><a href="../programs/httpd.html">httpd</a></code> binary so
+ that the next time you start it, it will execute some arbitrary code. If
+ the logs directory is writeable (by a non-root user), someone could replace
+ a log file with a symlink to some other system file, and then root
+ might overwrite that file with arbitrary data. If the log files
+ themselves are writeable (by a non-root user), then someone may be
+ able to overwrite the log itself with bogus data.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="ssi" id="ssi">Server Side Includes</a></h2>
+
+
+
+ <p>Server Side Includes (SSI) present a server administrator with
+ several potential security risks.</p>
+
+ <p>The first risk is the increased load on the server. All
+ SSI-enabled files have to be parsed by Apache, whether or not
+ there are any SSI directives included within the files. While this
+ load increase is minor, in a shared server environment it can become
+ significant.</p>
+
+ <p>SSI files also pose the same risks that are associated with CGI
+ scripts in general. Using the <code>exec cmd</code> element, SSI-enabled
+ files can execute any CGI script or program under the permissions of the
+ user and group Apache runs as, as configured in
+ <code>httpd.conf</code>.</p>
+
+ <p>There are ways to enhance the security of SSI files while still
+ taking advantage of the benefits they provide.</p>
+
+ <p>To isolate the damage a wayward SSI file can cause, a server
+ administrator can enable <a href="../suexec.html">suexec</a> as
+ described in the <a href="#cgi">CGI in General</a> section.</p>
+
+ <p>Enabling SSI for files with <code>.html</code> or <code>.htm</code>
+ extensions can be dangerous. This is especially true in a shared, or high
+ traffic, server environment. SSI-enabled files should have a separate
+ extension, such as the conventional <code>.shtml</code>. This helps keep
+ server load at a minimum and allows for easier management of risk.</p>
+
+ <p>Another solution is to disable the ability to run scripts and
+ programs from SSI pages. To do this replace <code>Includes</code>
+ with <code>IncludesNOEXEC</code> in the <code class="directive"><a href="../mod/core.html#options">Options</a></code> directive. Note that users may
+ still use <code>&lt;--#include virtual="..." --&gt;</code> to execute CGI
+ scripts if these scripts are in directories designated by a <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code> directive.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="cgi" id="cgi">CGI in General</a></h2>
+
+
+
+ <p>First of all, you always have to remember that you must trust the
+ writers of the CGI scripts/programs or your ability to spot potential
+ security holes in CGI, whether they were deliberate or accidental. CGI
+ scripts can run essentially arbitrary commands on your system with the
+ permissions of the web server user and can therefore be extremely
+ dangerous if they are not carefully checked.</p>
+
+ <p>All the CGI scripts will run as the same user, so they have potential
+ to conflict (accidentally or deliberately) with other scripts e.g. User
+ A hates User B, so he writes a script to trash User B's CGI database. One
+ program which can be used to allow scripts to run as different users is
+ <a href="../suexec.html">suEXEC</a> which is included with Apache as of
+ 1.2 and is called from special hooks in the Apache server code. Another
+ popular way of doing this is with
+ <a href="http://cgiwrap.sourceforge.net/">CGIWrap</a>.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="nsaliasedcgi" id="nsaliasedcgi">Non Script Aliased CGI</a></h2>
+
+
+
+ <p>Allowing users to execute CGI scripts in any directory should only be
+ considered if:</p>
+
+ <ul>
+ <li>You trust your users not to write scripts which will deliberately
+ or accidentally expose your system to an attack.</li>
+ <li>You consider security at your site to be so feeble in other areas,
+ as to make one more potential hole irrelevant.</li>
+ <li>You have no users, and nobody ever visits your server.</li>
+ </ul>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="saliasedcgi" id="saliasedcgi">Script Aliased CGI</a></h2>
+
+
+
+ <p>Limiting CGI to special directories gives the admin control over what
+ goes into those directories. This is inevitably more secure than non
+ script aliased CGI, but only if users with write access to the
+ directories are trusted or the admin is willing to test each
+ new CGI script/program for potential security holes.</p>
+
+ <p>Most sites choose this option over the non script aliased CGI
+ approach.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="dynamic" id="dynamic">Other sources of dynamic content</a></h2>
+
+
+
+ <p>Embedded scripting options which run as part of the server itself,
+ such as <code>mod_php</code>, <code>mod_perl</code>, <code>mod_tcl</code>,
+ and <code>mod_python</code>, run under the identity of the server itself
+ (see the <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> directive), and
+ therefore scripts executed by these engines potentially can access anything
+ the server user can. Some scripting engines may provide restrictions, but
+ it is better to be safe and assume not.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="dynamicsec" id="dynamicsec">Dynamic content security</a></h2>
+
+
+
+ <p>When setting up dynamic content, such as <code>mod_php</code>,
+ <code>mod_perl</code> or <code>mod_python</code>, many security considerations
+ get out of the scope of <code>httpd</code> itself, and you need to consult
+ documentation from those modules. For example, PHP lets you setup <a href="http://www.php.net/manual/en/ini.sect.safe-mode.php">Safe Mode</a>,
+ which is most usually disabled by default. Another example is <a href="http://www.hardened-php.net/suhosin/">Suhosin</a>, a PHP addon for more
+ security. For more information about those, consult each project
+ documentation.</p>
+
+ <p>At the Apache level, a module named <a href="http://modsecurity.org/">mod_security</a>
+ can be seen as a HTTP firewall and, provided you configure it finely enough,
+ can help you enhance your dynamic content security.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="systemsettings" id="systemsettings">Protecting System Settings</a></h2>
+
+
+
+ <p>To run a really tight ship, you'll want to stop users from setting
+ up <code>.htaccess</code> files which can override security features
+ you've configured. Here's one way to do it.</p>
+
+ <p>In the server configuration file, put</p>
+
+ <pre class="prettyprint lang-config">&lt;Directory "/"&gt;
+ AllowOverride None
+&lt;/Directory&gt;</pre>
+
+
+ <p>This prevents the use of <code>.htaccess</code> files in all
+ directories apart from those specifically enabled.</p>
+
+ <p>Note that this setting is the default since Apache 2.3.9.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="protectserverfiles" id="protectserverfiles">Protect Server Files by Default</a></h2>
+
+
+
+ <p>One aspect of Apache which is occasionally misunderstood is the
+ feature of default access. That is, unless you take steps to change it,
+ if the server can find its way to a file through normal URL mapping
+ rules, it can serve it to clients.</p>
+
+ <p>For instance, consider the following example:</p>
+
+ <div class="example"><p><code>
+ # cd /; ln -s / public_html <br />
+ Accessing <code>http://localhost/~root/</code>
+ </code></p></div>
+
+ <p>This would allow clients to walk through the entire filesystem. To
+ work around this, add the following block to your server's
+ configuration:</p>
+
+ <pre class="prettyprint lang-config">&lt;Directory "/"&gt;
+ Require all denied
+&lt;/Directory&gt;</pre>
+
+
+ <p>This will forbid default access to filesystem locations. Add
+ appropriate <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> blocks to
+ allow access only in those areas you wish. For example,</p>
+
+ <pre class="prettyprint lang-config">&lt;Directory "/usr/users/*/public_html"&gt;
+ Require all granted
+&lt;/Directory&gt;
+&lt;Directory "/usr/local/httpd"&gt;
+ Require all granted
+&lt;/Directory&gt;</pre>
+
+
+ <p>Pay particular attention to the interactions of <code class="directive"><a href="../mod/core.html#location">Location</a></code> and <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> directives; for instance, even
+ if <code>&lt;Directory "/"&gt;</code> denies access, a <code>
+ &lt;Location "/"&gt;</code> directive might overturn it.</p>
+
+ <p>Also be wary of playing games with the <code class="directive"><a href="../mod/mod_userdir.html#userdir">UserDir</a></code> directive; setting it to
+ something like <code>./</code> would have the same effect, for root, as
+ the first example above. We strongly
+ recommend that you include the following line in your server
+ configuration files:</p>
+
+ <pre class="prettyprint lang-config">UserDir disabled root</pre>
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="watchyourlogs" id="watchyourlogs">Watching Your Logs</a></h2>
+
+
+
+ <p>To keep up-to-date with what is actually going on against your server
+ you have to check the <a href="../logs.html">Log Files</a>. Even though
+ the log files only reports what has already happened, they will give you
+ some understanding of what attacks is thrown against the server and
+ allow you to check if the necessary level of security is present.</p>
+
+ <p>A couple of examples:</p>
+
+ <div class="example"><p><code>
+ grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br />
+ grep "client denied" error_log | tail -n 10
+ </code></p></div>
+
+ <p>The first example will list the number of attacks trying to exploit the
+ <a href="http://online.securityfocus.com/bid/4876/info/">Apache Tomcat
+ Source.JSP Malformed Request Information Disclosure Vulnerability</a>,
+ the second example will list the ten last denied clients, for example:</p>
+
+ <div class="example"><p><code>
+ [Thu Jul 11 17:18:39 2002] [error] [client foo.example.com] client denied
+ by server configuration: /usr/local/apache/htdocs/.htpasswd
+ </code></p></div>
+
+ <p>As you can see, the log files only report what already has happened, so
+ if the client had been able to access the <code>.htpasswd</code> file you
+ would have seen something similar to:</p>
+
+ <div class="example"><p><code>
+ foo.example.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1"
+ </code></p></div>
+
+ <p>in your <a href="../logs.html#accesslog">Access Log</a>. This means
+ you probably commented out the following in your server configuration
+ file:</p>
+
+ <pre class="prettyprint lang-config">&lt;Files ".ht*"&gt;
+ Require all denied
+&lt;/Files&gt;</pre>
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="merging" id="merging">Merging of configuration sections</a></h2>
+
+
+
+ <p> The merging of configuration sections is complicated and sometimes
+ directive specific. Always test your changes when creating dependencies
+ on how directives are merged.</p>
+
+ <p> For modules that don't implement any merging logic, such as
+ <code class="module"><a href="../mod/mod_access_compat.html">mod_access_compat</a></code>, the behavior in later sections
+ depends on whether the later section has any directives
+ from the module. The configuration is inherited until a change is made,
+ at which point the configuration is <em>replaced</em> and not merged.</p>
+ </div></div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/misc/security_tips.html" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/security_tips.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/security_tips.html.fr.utf8 b/docs/manual/misc/security_tips.html.fr.utf8
new file mode 100644
index 0000000..b99e3e9
--- /dev/null
+++ b/docs/manual/misc/security_tips.html.fr.utf8
@@ -0,0 +1,513 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Conseils sur la sécurité - Serveur HTTP Apache Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p>
+<p class="apache">Serveur HTTP Apache Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">Serveur HTTP</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Documentations diverses</a></div><div id="page-content"><div id="preamble"><h1>Conseils sur la sécurité</h1>
+<div class="toplang">
+<p><span>Langues Disponibles: </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/security_tips.html" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div>
+
+ <p>Ce document propose quelques conseils et astuces concernant les
+ problèmes de sécurité liés
+ à l'installation d'un serveur web. Certaines suggestions seront à caractère
+ général, tandis que d'autres seront spécifiques à Apache.</p>
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#uptodate">Maintenez votre serveur à jour</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dos">Attaques de type "Déni de service"
+ (Denial of Service - DoS)</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#serverroot">Permissions sur les répertoires de la racine du serveur</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ssi">Inclusions côté serveur</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#cgi">Les CGI en général</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi">CGI sans alias de script</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi">CGI avec alias de script</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dynamic">Autres sources de contenu dynamique</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Protection de la configuration du système</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Protection par défaut des fichiers du serveur</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Surveillez vos journaux</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#merging">Fusion des sections de configuration</a></li>
+</ul><h3>Voir aussi</h3><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="uptodate" id="uptodate">Maintenez votre serveur à jour</a></h2>
+
+ <p>Le serveur HTTP Apache a une bonne réputation en matière de sécurité
+ et possède une communauté de développeurs très sensibilisés aux problèmes
+ de sécurité. Mais il est inévitable de trouver certains problèmes
+ -- petits ou grands -- une fois le logiciel mis à disposition. C'est pour
+ cette raison qu'il est crucial de se tenir informé des mises à jour. Si
+ vous avez obtenu votre version du serveur HTTP directement depuis Apache,
+ nous vous conseillons grandement de vous abonner à la <a href="http://httpd.apache.org/lists.html#http-announce">Liste de diffusion
+ des annonces du serveur HTTP</a> qui vous informera de
+ la parution des nouvelles versions et des mises à jour de sécurité. La
+ plupart des distributeurs tiers d'Apache fournissent des services
+ similaires.</p>
+
+ <p>Gardez cependant à l'esprit que lorsqu'un serveur web est compromis, le
+ code du serveur HTTP n'est la plupart du temps pas en cause. Les problèmes
+ proviennent plutôt de code ajouté, de scripts CGI, ou du système
+ d'exploitation sous-jacent. Vous devez donc vous tenir informé des
+ problèmes et mises à jour concernant tous les logiciels présents sur
+ votre système.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="dos" id="dos">Attaques de type "Déni de service"
+ (Denial of Service - DoS)</a></h2>
+
+
+
+ <p>Tous les services réseau peuvent faire l'objet d'attaques de type
+ "Déni de service" qui tentent de les empêcher de répondre aux clients en
+ saturant leurs ressources. Il est impossible de se prémunir totalement
+ contre ce type d'attaques, mais vous pouvez accomplir certaines actions
+ afin de minimiser les problèmes qu'elles créent.</p>
+
+ <p>Souvent, l'outil anti-DoS le plus efficace sera constitué par le
+ pare-feu ou certaines configurations du système d'exploitation. Par
+ exemple, la plupart des pare-feu peuvent être configurés de façon à
+ limiter le nombre de connexions simultanées depuis une adresse IP ou un
+ réseau, ce qui permet de prévenir toute une gamme d'attaques simples.
+ Bien sûr, ceci n'est d'aucun secours contre les attaques de type
+ "Déni de service" distribuées (DDoS).</p>
+
+ <p>Certains réglages de la configuration d'Apache peuvent aussi
+ minimiser les problèmes :</p>
+
+ <ul>
+ <li>La directive <code class="directive"><a href="../mod/mod_reqtimeout.html#requestreadtimeout">RequestReadTimeout</a></code> permet de
+ limiter le temps que met le client pour envoyer sa requête.</li>
+
+ <li>La valeur de la directive
+ <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code> doit être diminuée sur les
+ sites sujets aux attaques DoS. Une valeur de quelques secondes devrait
+ convenir. Cependant, comme <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code>
+ est actuellement concerné par de nombreuses opérations différentes, lui
+ attribuer une valeur trop faible peut provoquer des problèmes avec les
+ scripts CGI qui présentent un long temps de réponse.</li>
+
+ <li>La valeur de la directive
+ <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> doit aussi être
+ diminuée sur les sites sujets aux attaques DoS. Certains sites
+ désactivent même complètement le "maintien en vie" (keepalives)
+ à l'aide de la directive
+ <code class="directive"><a href="../mod/core.html#keepalive">KeepAlive</a></code>, ce qui bien sûr
+ présente des inconvénients en matière de performances.</li>
+
+ <li>Les valeurs des différentes directives fournies par d'autres modules
+ et en rapport avec des délais doivent aussi être vérifiées.</li>
+
+ <li>Les directives
+ <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestfields">LimitRequestFields</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestfieldsize">LimitRequestFieldSize</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestline">LimitRequestLine</a></code>, et
+ <code class="directive"><a href="../mod/core.html#limitxmlrequestbody">LimitXMLRequestBody</a></code> doivent être
+ configurées avec prudence afin de limiter la consommation de ressources
+ induite par les demandes des clients.
+ </li>
+
+ <li>Sur les systèmes d'exploitation qui le supportent, assurez-vous que
+ la directive <code class="directive"><a href="../mod/core.html#acceptfilter">AcceptFilter</a></code> est
+ activée afin de déléguer une partie du traitement des requêtes au
+ système d'exploitation. Elle est activée par défaut dans le démon httpd
+ d'Apache, mais peut nécessiter une reconfiguration de votre noyau.</li>
+
+ <li>Optimisez la directive <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> de façon à définir le nombre
+ maximum de connexions simultanées au dessus duquel les ressources
+ s'épuisent. Voir aussi la <a href="perf-tuning.html">documentation sur l'optimisation des
+ performances</a>.</li>
+
+ <li>L'utilisation d'un <a href="../mpm.html">module mpm</a> threadé
+ vous permet de traiter d'avantage de connexions simultanées, ce qui
+ minimise l'effet des attaques DoS. Dans le futur, le module mpm
+ <code class="module"><a href="../mod/event.html">event</a></code> utilisera un traitement asynchrone afin de ne pas
+ dédier un thread à chaque connexion. De par la
+ nature de la bibliothèque OpenSSL, le module mpm <code class="module"><a href="../mod/event.html">event</a></code> est actuellement incompatible
+ avec le module <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ainsi que d'autres filtres
+ en entrée. Dans ces cas, son comportement se ramène à celui
+ du module mpm <code class="module"><a href="../mod/worker.html">worker</a></code>.</li>
+
+ <li>Il existe de nombreux modules tiers qui peuvent restreindre les
+ comportements de certains clients et ainsi minimiser les problèmes de
+ DoS.</li>
+
+ </ul>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="serverroot" id="serverroot">Permissions sur les répertoires de la racine du serveur</a></h2>
+
+
+
+ <p>Typiquement, Apache est démarré par l'utilisateur root, puis il devient
+ la propriété de l'utilisateur défini par la directive <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> afin de répondre aux demandes. Comme
+ pour toutes les commandes exécutées par root, vous devez vous assurer
+ qu'elle n'est pas modifiable par les utilisateurs autres que root. Les
+ fichiers eux-mêmes, mais aussi les répertoires ainsi que leurs parents ne
+ doivent être modifiables que par root. Par exemple, si vous avez choisi de
+ placer la racine du serveur dans <code>/usr/local/apache</code>, il est conseillé de
+ créer le répertoire en tant que root, avec des commandes du style :</p>
+
+ <div class="example"><p><code>
+ mkdir /usr/local/apache <br />
+ cd /usr/local/apache <br />
+ mkdir bin conf logs <br />
+ chown 0 . bin conf logs <br />
+ chgrp 0 . bin conf logs <br />
+ chmod 755 . bin conf logs
+ </code></p></div>
+
+ <p>Nous supposerons que <code>/</code>, <code>/usr</code> et
+ <code>/usr/local</code> ne sont modifiables que par
+ root. Quand vous installez l'exécutable <code class="program"><a href="../programs/httpd.html">httpd</a></code>, vous
+ devez vous assurer qu'il possède des protections similaires :</p>
+
+ <div class="example"><p><code>
+ cp httpd /usr/local/apache/bin <br />
+ chown 0 /usr/local/apache/bin/httpd <br />
+ chgrp 0 /usr/local/apache/bin/httpd <br />
+ chmod 511 /usr/local/apache/bin/httpd
+ </code></p></div>
+
+ <p>Vous pouvez créer un sous-répertoire htdocs modifiable par d'autres
+ utilisateurs -- car root ne crée ni exécute aucun fichier dans ce
+ sous-répertoire.</p>
+
+ <p>Si vous permettez à des utilisateurs non root de modifier des fichiers
+ que root écrit ou exécute, vous exposez votre système à une compromission
+ de l'utilisateur root. Par exemple, quelqu'un pourrait remplacer le binaire
+ <code class="program"><a href="../programs/httpd.html">httpd</a></code> de façon à ce que la prochaine fois que vous le
+ redémarrerez, il exécutera un code arbitraire. Si le répertoire des
+ journaux a les droits en écriture (pour un utilisateur non root), quelqu'un
+ pourrait remplacer un fichier journal par un lien symbolique vers un autre
+ fichier système, et root pourrait alors écraser ce fichier avec des données
+ arbitraires. Si les fichiers journaux eux-mêmes ont des droits en
+ écriture (pour un utilisateur non root), quelqu'un pourrait
+ modifier les journaux eux-mêmes avec des données fausses.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="ssi" id="ssi">Inclusions côté serveur</a></h2>
+
+
+
+ <p>Les inclusions côté serveur (Server Side Includes - SSI) exposent
+ l'administrateur du serveur à de nombreux risques potentiels en matière de
+ sécurité.</p>
+
+ <p>Le premier risque est l'augmentation de la charge du serveur. Tous les
+ fichiers où SSI est activé doivent être analysés par Apache, qu'ils
+ contiennent des directives SSI ou non. L'augmentation de la charge induite
+ est minime, mais peut devenir significative dans le contexte d'un
+ serveur partagé.</p>
+
+ <p>Les fichiers SSI présentent les mêmes risques que les scripts CGI en
+ général. Les fichiers où SSI est activé peuvent exécuter tout script CGI
+ ou autre programme à l'aide de la commande <code>"exec cmd"</code> avec les permissions
+ des utilisateur et groupe sous lesquels Apache s'exécute, comme défini
+ dans <code>httpd.conf</code>.</p>
+
+ <p>Des méthodes existent pour améliorer la sécurité des fichiers SSI, tout
+ en tirant parti des bénéfices qu'ils apportent.</p>
+
+ <p>Pour limiter les dommages qu'un fichier SSI agressif pourrait causer,
+ l'administrateur du serveur peut activer<a href="../suexec.html">suexec</a>
+ comme décrit dans la section <a href="#cgi">Les CGI en général</a>.</p>
+
+ <p>L'activation des SSI pour des fichiers possédant des extensions
+ <code>.html</code> ou
+ <code>.htm</code> peut s'avérer dangereux. Ceci est particulièrement vrai dans un
+ environnement de serveur partagé ou étant le siège d'un traffic élevé. Les
+ fichiers où SSI est activé doivent posséder une extension spécifique, telle
+ que la conventionnelle <code>.shtml</code>. Ceci permet de limiter la charge du serveur
+ à un niveau minimum et de simplifier la gestion des risques.</p>
+
+ <p>Une autre solution consiste à interdire l'exécution de scripts et
+ programmes à partir de pages SSI. Pour ce faire, remplacez
+ <code>Includes</code> par <code>IncludesNOEXEC</code> dans la directive
+ <code class="directive"><a href="../mod/core.html#options">Options</a></code>. Notez que les utilisateurs
+ pourront encore utiliser <code>&lt;--#include virtual="..." --&gt;</code> pour exécuter
+ des scripts CGI si ces scripts sont situés dans des répertoires spécifiés
+ par une directive
+ <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="cgi" id="cgi">Les CGI en général</a></h2>
+
+
+
+ <p>Tout d'abord, vous devez toujours garder à l'esprit que vous devez
+ faire confiance aux développeurs de scripts ou programmes CGI ainsi qu'à
+ vos compétences pour déceler les trous de sécurité potentiels dans les
+ CGI, que ceux-ci soient délibérés ou accidentels. Les scripts CGI peuvent
+ essentiellement exécuter des commandes arbitraires sur votre système avec
+ les droits de l'utilisateur du serveur web, et peuvent par conséquent être
+ extrèmement dangereux s'ils ne sont pas vérifiés avec soin.</p>
+
+ <p>Tous les scripts CGI s'exécutent sous le même utilisateur, il peuvent
+ donc entrer en conflit (accidentellement ou délibérément) avec d'autres
+ scripts. Par exemple, l'utilisateur A hait l'utilisateur B, il écrit donc
+ un script qui efface la base de données CGI de l'utilisateur B. Vous pouvez
+ utiliser le programme <a href="../suexec.html">suEXEC</a> pour faire en
+ sorte que les scripts s'exécutent sous des utilisateurs différents. Ce
+ programme est inclus dans la distribution d'Apache depuis la version 1.2
+ et est appelé à partir de certaines portions de code du serveur Apache. Une
+ autre méthode plus connue est l'utilisation de
+ <a href="http://cgiwrap.sourceforge.net/">CGIWrap</a>.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="nsaliasedcgi" id="nsaliasedcgi">CGI sans alias de script</a></h2>
+
+
+
+ <p>Vous ne devez permettre aux utilisateurs d'exécuter des scripts CGI
+ depuis n'importe quel répertoire que dans l'éventualité où :</p>
+
+ <ul>
+ <li>Vous faites confiance à vos utilisateurs pour ne pas écrire de
+ scripts qui vont délibérément ou accidentellement exposer votre
+ système à une attaque.</li>
+ <li>Vous estimez que le niveau de sécurité dans les autres parties de
+ votre site est si faible qu'un trou de sécurité de plus ou de moins
+ n'est pas très important.</li>
+ <li>Votre système ne comporte aucun utilisateur, et personne ne visite
+ jamais votre site.</li>
+ </ul>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="saliasedcgi" id="saliasedcgi">CGI avec alias de script</a></h2>
+
+
+
+ <p>Le confinement des CGI dans des répertoires spécifiques permet à
+ l'administrateur de contrôler ce que l'on met dans ces répertoires. Ceci
+ est bien entendu mieux sécurisé que les CGI sans alias de script, mais
+ seulement à condition que les utilisateurs avec les droits en écriture sur
+ les répertoires soient dignes de confiance, et que l'administrateur ait la
+ volonté de tester chaque programme ou script CGI à la recherche d'éventuels
+ trous de sécurité.</p>
+
+ <p>La plupart des sites choisissent cette approche au détriment des CGI
+ sans alias de script.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="dynamic" id="dynamic">Autres sources de contenu dynamique</a></h2>
+
+
+
+ <p>
+ Les options de scripting intégrées qui s'exécutent en tant que partie du
+ serveur lui-même, comme <code>mod_php</code>, <code>mod_perl</code>,
+ <code>mod_tcl</code>, et <code>mod_python</code>,
+ s'exécutent sous le même utilisateur que le serveur (voir la directive
+ <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code>), et par conséquent,
+ les scripts que ces moteurs exécutent peuvent accéder aux mêmes ressources
+ que le serveur. Certains moteurs de scripting peuvent proposer des
+ restrictions, mais pour plus de sûreté, il vaut mieux partir du principe
+ que ce n'est pas le cas.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="systemsettings" id="systemsettings">Protection de la configuration du système</a></h2>
+
+
+
+ <p>Pour contrôler étroitement votre serveur, vous pouvez interdire
+ l'utilisation des fichiers <code>.htaccess</code> qui permettent de
+ passer outre les fonctionnalités de sécurité que vous avez configurées.
+ Voici un moyen pour y parvenir :</p>
+
+ <p>Ajoutez dans le fichier de configuration du serveur</p>
+
+ <pre class="prettyprint lang-config">&lt;Directory "/"&gt;
+ AllowOverride None
+&lt;/Directory&gt;</pre>
+
+
+ <p>Ceci interdit l'utilisation des fichiers <code>.htaccess</code> dans
+ tous les répertoires, sauf ceux pour lesquels c'est explicitement
+ autorisé.</p>
+
+ <p>Notez que c'est la configuration par défaut depuis Apache 2.3.9.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="protectserverfiles" id="protectserverfiles">Protection par défaut des fichiers du serveur</a></h2>
+
+
+
+ <p>Le concept d'accès par défaut est un aspect d'Apache qui est parfois mal
+ compris. C'est à dire que, à moins que vous ne changiez explicitement ce
+ comportement, si le serveur trouve son chemin vers un fichier en suivant
+ les règles normales de correspondance URL - fichier, il peut le retourner
+ aux clients.</p>
+
+ <p>Considérons l'exemple suivant :</p>
+
+ <div class="example"><p><code>
+ # cd /; ln -s / public_html <br />
+ puis accès à <code>http://localhost/~root/</code>
+ </code></p></div>
+
+ <p>Ceci permettrait aux clients de parcourir l'ensemble du système de
+ fichiers. Pour l'éviter, ajoutez le bloc suivant à la configuration
+ de votre serveur :</p>
+
+ <pre class="prettyprint lang-config">&lt;Directory "/"&gt;
+ Require all denied
+&lt;/Directory&gt;</pre>
+
+
+ <p>ceci va interdire l'accès par défaut à tous les fichiers du système de
+ fichiers. Vous devrez ensuite ajouter les blocs
+ <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> appropriés correspondant
+ aux répertoires auxquels vous voulez autorisez l'accès. Par exemple,</p>
+
+ <pre class="prettyprint lang-config">&lt;Directory "/usr/users/*/public_html"&gt;
+ Require all granted
+&lt;/Directory&gt;
+&lt;Directory "/usr/local/httpd"&gt;
+ Require all granted
+&lt;/Directory&gt;</pre>
+
+
+ <p>Portez une attention particulière aux interactions entre les directives
+ <code class="directive"><a href="../mod/core.html#location">Location</a></code> et
+ <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> ; par exemple, si une
+ directive <code>&lt;Directory ""/&gt;</code> interdit un accès, une
+ directive <code>&lt;Location "/"&gt;</code> pourra passer outre.</p>
+
+ <p>De même, soyez méfiant en jouant avec la directive
+ <code class="directive"><a href="../mod/mod_userdir.html#userdir">UserDir</a></code> ; la positionner à
+ <code>"./"</code> aurait le même effet, pour root, que le premier exemple plus haut.
+ Nous vous conseillons
+ fortement d'inclure la ligne suivante dans le fichier de configuration de
+ votre serveur :</p>
+
+ <pre class="prettyprint lang-config">UserDir disabled root</pre>
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="watchyourlogs" id="watchyourlogs">Surveillez vos journaux</a></h2>
+
+
+
+ <p>Pour vous tenir informé de ce qui se passe réellement dans votre
+ serveur, vous devez consulter vos
+ <a href="../logs.html">fichiers journaux</a>. Même si les fichiers journaux
+ ne consignent que des évènements qui se sont déjà produits, ils vous
+ informeront sur la nature des attaques qui sont lancées contre le serveur
+ et vous permettront de vérifier si le niveau de sécurité nécessaire est
+ atteint.</p>
+
+ <p>Quelques exemples :</p>
+
+ <div class="example"><p><code>
+ grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br />
+ grep "client denied" error_log | tail -n 10
+ </code></p></div>
+
+ <p>Le premier exemple listera les attaques essayant d'exploiter la
+ <a href="http://online.securityfocus.com/bid/4876/info/">vulnérabilité
+ d'Apache Tomcat pouvant provoquer la divulgation d'informations par des
+ requêtes Source.JSP mal formées</a>, le second donnera la liste des dix
+ dernières interdictions client ; par exemple :</p>
+
+ <div class="example"><p><code>
+ [Thu Jul 11 17:18:39 2002] [error] [client foo.example.com] client denied
+ by server configuration: /usr/local/apache/htdocs/.htpasswd
+ </code></p></div>
+
+ <p>Comme vous le voyez, les fichiers journaux ne consignent que ce qui
+ s'est déjà produit ; ainsi, si le client a pu accéder au fichier
+ <code>.htpasswd</code>, vous devriez avoir quelque chose du style :</p>
+
+ <div class="example"><p><code>
+ foo.example.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1"
+ </code></p></div>
+
+ <p>dans votre <a href="../logs.html#accesslog">journal des accès</a> ; ce
+ qui signifie que vous avez probablement mis en commentaire ce qui suit dans
+ le fichier de configuration de votre serveur :</p>
+
+ <pre class="prettyprint lang-config">&lt;Files ".ht*"&gt;
+ Require all denied
+&lt;/Files&gt;</pre>
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="merging" id="merging">Fusion des sections de configuration</a></h2>
+
+
+
+ <p>La fusion des sections de configuration est complexe et dépend
+ souvent des directives utilisées. Vous devez systématiquement tester
+ vos modifications pour vérifier la manière dont les directives sont
+ fusionnées.</p>
+
+ <p>Concernant les modules qui n'implémentent aucune logique de
+ fusion, comme <code class="module"><a href="../mod/mod_access_compat.html">mod_access_compat</a></code>, le
+ comportement des sections suivantes est tributaire de la présence
+ dans ces dernières de directives appartenant à ces modules. La
+ configuration est héritée jusqu'à ce qu'une modification soit
+ effectuée ; à ce moment, la configuration est <em>remplacée</em> et
+ non fusionnée.</p>
+ </div></div>
+<div class="bottomlang">
+<p><span>Langues Disponibles: </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/security_tips.html" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/security_tips.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/security_tips.html.ko.euc-kr b/docs/manual/misc/security_tips.html.ko.euc-kr
new file mode 100644
index 0000000..f186361
--- /dev/null
+++ b/docs/manual/misc/security_tips.html.ko.euc-kr
@@ -0,0 +1,373 @@
+<?xml version="1.0" encoding="EUC-KR"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head>
+<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title> - Apache HTTP Server Version 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p>
+<p class="apache">Apache HTTP Server Version 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.4</a> &gt; <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1> </h1>
+<div class="toplang">
+<p><span> : </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/security_tips.html" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="T&#252;rk&#231;e">&nbsp;tr&nbsp;</a></p>
+</div>
+<div class="outofdate"> ֽ ƴմϴ.
+ ֱٿ ϼ.</div>
+
+ <p> Ҷ Ʈ ̴.
+  Ϲ̰,  ġ شϴ ̴.</p>
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#uptodate">ֽ ϱ</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#serverroot">ServerRoot 丮 </a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ssi">Server Side Includes</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#cgi">Ϲ CGI</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi">ScriptAlias CGI</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi">ScriptAlias CGI</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dynamic"> ϴ ٸ </a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">ý ȣϱ</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">⺻ ִ ȣϱ</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">α 캸</a></li>
+</ul><h3></h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="uptodate" id="uptodate">ֽ ϱ</a></h2>
+
+ <p>ġ
+ ü ϴ. ׷ ũ ۰ ǥ ߰ߵǴ
+ . ׷ Ʈ ֽŹ ϴ
+ ߿ϴ. ġ ٿεߴٸ,
+ ο Ʈ ˷ִ <a href="http://httpd.apache.org/lists.html#http-announce">ġ
+ ǥ ϸƮ</a> ϱ Ѵ.
+ ġ Ʈ ϴ ڵ鵵 񽺸
+ Ѵ.</p>
+
+ <p> ڵ嶧 ϴ
+ ʴ. ׺ ߰ ڵ, CGI ũƮ, ü
+ ϴ 찡 . ׷Ƿ ׻ ϸ
+ ý Ʈ Ʈؾ Ѵ.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="serverroot" id="serverroot">ServerRoot 丮 </a></h2>
+
+
+
+ <p> root ڰ ġ , û ϱ
+ <code class="directive"><a href="../mod/mpm_common.html#user">User</a></code> þ
+ ڷ ȯѴ. root ϴ ɾ ִٸ,
+ root ̿ ڰ ϵ ؾ Ѵ.
+ ϵ root ־ ϰ, 丮 丮
+ . , ServerRoot /usr/local/apache
+ Ѵٸ root ڰ 丮
+ Ѵ:</p>
+
+ <div class="example"><p><code>
+ mkdir /usr/local/apache <br />
+ cd /usr/local/apache <br />
+ mkdir bin conf logs <br />
+ chown 0 . bin conf logs <br />
+ chgrp 0 . bin conf logs <br />
+ chmod 755 . bin conf logs
+ </code></p></div>
+
+ <p>׷ /, /usr, /usr/local root ִ.
+ httpd ġҶ ȣؾ Ѵ:</p>
+
+ <div class="example"><p><code>
+ cp httpd /usr/local/apache/bin <br />
+ chown 0 /usr/local/apache/bin/httpd <br />
+ chgrp 0 /usr/local/apache/bin/httpd <br />
+ chmod 511 /usr/local/apache/bin/httpd
+ </code></p></div>
+
+ <p>htdocs 丮 ٸ ڵ ֵ
+ ִ -- root װ ִ ,
+ ʾƾ Ѵ.</p>
+
+ <p>root ƴ ڰ root ϰų Ⱑ
+ ִٸ ý root ĥ ִ.
+ , httpd Ͽٸ Ҷ
+ ڵ带 ϰ ȴ. logs 丮 (root ƴ
+ ڿ) Ⱑϴٸ α ٸ ýϷ
+ ɺũ ɾ root Ͽ ڷḦ 
+ ִ. α (root ƴ ڿ) Ⱑϴٸ
+ α׿ ̻ ڷḦ ִ.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="ssi" id="ssi">Server Side Includes</a></h2>
+
+
+
+ <p>Server Side Includes (SSI) ڿ Ȼ 
+ ̴.</p>
+
+ <p>ù° ϸ ø ̴. ġ Ͽ
+ SSI þ ִ ο SSI мؾ
+ Ѵ. ϰ , ϴ
+ ȯ濡 ɰ ִ.</p>
+
+ <p>, SSI Ϲ CGI ũƮ
+ . SSI Ͽ "exec cmd" ϸ httpd.conf
+ ġ ϵ ڿ ׷ CGI
+ ũƮ α׷ ִ.</p>
+
+ <p> Ȱϸ鼭 SSI Ű
+ ִ.</p>
+
+ <p>SSI ִ ظ ݸϱ ڴ
+ <a href="#cgi">Ϲ CGI</a> ϴ
+ <a href="../suexec.html">suexec</a> ִ</p>
+
+ <p>.html̳ .htm Ȯڸ SSI Ϸ ϴ ϴ.
+ Ư ϰų ŷ ȯ濡
+ ϴ. SSI Ϲ ϴ .shtml
+ Ȯڸ Ѵ. ׷ ϸ ּȭϰ
+ Ҹ ִ.</p>
+
+ <p>ٸ SSI ũƮ α׷
+ ϵ ̴. <code class="directive"><a href="../mod/core.html#options">Options</a></code> þ <code>Includes</code>
+ <code>IncludesNOEXEC</code> Ѵ. ׷ ũƮ
+ <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code> þ
+ 丮 ִٸ &lt;--#include virtual="..." --&gt;
+ Ͽ CGI ũƮ ϶.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="cgi" id="cgi">Ϲ CGI</a></h2>
+
+
+
+ <p>ᱹ ׻ CGI ũƮ/α׷ ڸ ŷؾ
+ ϰ, ǰ Ǽ̰ CGI Ȼ ߰
+ ־ Ѵ. ⺻ CGI ũƮ
+ ýۿ  ɾ ֱ⶧
+ ְ Ȯ ſ ϴ.</p>
+
+ <p> CGI ũƮ ڷ DZ⶧ ٸ
+ ũƮ (ǰ Ǽ̰) 浹 ɼ ִ.
+ , A B ſ ȾϿ, B CGI
+ ͺ̽ ũƮ ۼ ִ. ġ
+ 1.2 ԵǾ ġ Ư (hook)
+ ϴ <a href="../suexec.html">suEXEC</a> ũƮ
+ ٸ ڷ ϴ ϳ. ٸ
+ <a href="http://cgiwrap.unixtools.org/">CGIWrap</a> ִ.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="nsaliasedcgi" id="nsaliasedcgi">ScriptAlias CGI</a></h2>
+
+
+
+ <p> Ҷ ڰ  丮
+ CGI ũƮ ϵ ִ:</p>
+
+ <ul>
+ <li> ǰ Ǽ̰ ڰ ý ݿ Ű
+ ũƮ ۼ ʴ´ٰ ϴ´.</li>
+ <li>ý ٸ κ ؼ,
+ ϳ  ٰ ϴ .</li>
+ <li>ڰ , Ƹ ƹ 湮ʴ .</li>
+ </ul>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="saliasedcgi" id="saliasedcgi">ScriptAlias CGI</a></h2>
+
+
+
+ <p>Ư 丮 CGI ֵ ϸ ڴ
+ ̵ 丮 ִ. scriptalias
+ CGI Ȯ ϴ. , ŷϴ ڸ 丮
+ ְ, ڰ ο CGI ũƮ/α׷
+ Ȼ ˻ ̰ ִٸ.</p>
+
+ <p>κ Ʈ scriptalias CGI
+ Ѵ.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="dynamic" id="dynamic"> ϴ ٸ </a></h2>
+
+
+
+ <p>
+ mod_php, mod_perl, mod_tcl, mod_python Ϻη
+ ϴ Ӻ ũƮ ڷ (<code class="directive"><a href="../mod/mpm_common.html#user">User</a></code> þ ) DZ⶧,
+ ũƮ ϴ ũƮ ڰ
+ ִ Ϳ ִ.  ũƮ
+ , ϴٰ ʴ .</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="systemsettings" id="systemsettings">ý ȣϱ</a></h2>
+
+
+
+ <p> Ϸ ڰ
+ <code>.htaccess</code> Ͽ ȱ
+ ϱ ٶ ̴. ׷
+ ִ.</p>
+
+ <p> Ͽ ߰Ѵ</p>
+
+ <div class="example"><p><code>
+ &lt;Directory /&gt; <br />
+ AllowOverride None <br />
+ &lt;/Directory&gt;
+ </code></p></div>
+
+ <p>׷ 밡ϵ 丮 ϰ
+ <code>.htaccess</code> .</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="protectserverfiles" id="protectserverfiles">⺻ ִ ȣϱ</a></h2>
+
+
+
+ <p> ġ ⺻ ٿ ߸ ˰ִ.
+ , Ϲ URL Ģ Ͽ ã
+ ִٸ, Ư ġ ʴ Ŭ̾Ʈ
+ 񽺵 ִ.</p>
+
+ <p> , Ʒ :</p>
+
+ <div class="example"><p><code>
+ # cd /; ln -s / public_html <br />
+ <code>http://localhost/~root/</code> Ѵ
+ </code></p></div>
+
+ <p>׷ Ŭ̾Ʈ ü Ͻý ƴٴ ִ.
+ ̸ ġ Ѵ:</p>
+
+ <div class="example"><p><code>
+ &lt;Directory /&gt; <br />
+ Order Deny,Allow <br />
+ Deny from all <br />
+ &lt;/Directory&gt;
+ </code></p></div>
+
+ <p>׷ Ͻý ġ ⺻ źεȴ.
+ ϴ ֵ <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> ߰Ѵ.</p>
+
+ <div class="example"><p><code>
+ &lt;Directory /usr/users/*/public_html&gt; <br />
+ Order Deny,Allow <br />
+ Allow from all <br />
+ &lt;/Directory&gt; <br />
+ &lt;Directory /usr/local/httpd&gt; <br />
+ Order Deny,Allow <br />
+ Allow from all <br />
+ &lt;/Directory&gt;
+ </code></p></div>
+
+ <p><code class="directive"><a href="../mod/core.html#location">Location</a></code> <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> þ ϴ
+ Ư Ǹ ←. , <code>&lt;Directory
+ /&gt;</code> źϴ <code>&lt;Location
+ /&gt;</code> þ ̸ ִ</p>
+
+ <p><code class="directive"><a href="../mod/mod_userdir.html#userdir">UserDir</a></code> þ
+ ϴ 쿡 ϶. þ "./" ϸ
+ root ڿ ٷ ߻Ѵ.
+ ġ 1.3 ̻ Ѵٸ Ͽ Ʒ ߰ϱ
+ Ѵ:</p>
+
+ <div class="example"><p><code>
+ UserDir disabled root
+ </code></p></div>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="watchyourlogs" id="watchyourlogs">α 캸</a></h2>
+
+
+
+ <p> ־ ִ ˷ <a href="../logs.html">α</a> Ѵ. α
+ ̹ Ͼ ϸ ,  ־
+ ˷ְ ʿ ŭ Ȯϰ ش.</p>
+
+ <p> :</p>
+
+ <div class="example"><p><code>
+ grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br />
+ grep "client denied" error_log | tail -n 10
+ </code></p></div>
+
+ <p>ù° <a href="http://online.securityfocus.com/bid/4876/info/">߸
+ Source.JSP û ˾Ƴ ִ Tomcat
+ </a> ̿Ϸ Ƚ ˷ְ, ι°
+ źε ֱ Ŭ̾Ʈ 10 ش:</p>
+
+ <div class="example"><p><code>
+ [Thu Jul 11 17:18:39 2002] [error] [client foo.bar.com] client denied
+ by server configuration: /usr/local/apache/htdocs/.htpasswd
+ </code></p></div>
+
+ <p> α ̹ ߻ Ǹ Ѵ.
+ ׷ Ŭ̾Ʈ <code>.htpasswd</code> Ͽ
+ ־ٸ <a href="../logs.html#accesslog"> α</a>
+ ̴:</p>
+
+ <div class="example"><p><code>
+ foo.bar.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1"
+ </code></p></div>
+
+ <p>, Ͽ κ ּó
+ ̴:</p>
+
+ <div class="example"><p><code>
+ &lt;Files ".ht*"&gt; <br />
+ Order allow,deny <br />
+ Deny from all <br />
+ &lt;Files&gt;
+ </code></p></div>
+
+ </div></div>
+<div class="bottomlang">
+<p><span> : </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Fran&#231;ais">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/security_tips.html" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="T&#252;rk&#231;e">&nbsp;tr&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/security_tips.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file
diff --git a/docs/manual/misc/security_tips.html.tr.utf8 b/docs/manual/misc/security_tips.html.tr.utf8
new file mode 100644
index 0000000..4a46578
--- /dev/null
+++ b/docs/manual/misc/security_tips.html.tr.utf8
@@ -0,0 +1,485 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="tr" xml:lang="tr"><head>
+<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+<!--
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ This file is generated from xml source: DO NOT EDIT
+ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+ -->
+<title>Güvenlik İpuçları - Apache HTTP Sunucusu Sürüm 2.4</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body id="manual-page"><div id="page-header">
+<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p>
+<p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Sunucusu</a> &gt; <a href="http://httpd.apache.org/docs/">Belgeleme</a> &gt; <a href="../">Sürüm 2.4</a> &gt; <a href="./">Çeşitli Belgeler</a></div><div id="page-content"><div id="preamble"><h1>Güvenlik İpuçları</h1>
+<div class="toplang">
+<p><span>Mevcut Diller: </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/security_tips.html" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div>
+
+ <p>Bir HTTP Sunucusunu ayarlarken dikkat edilmesi gerekenler ve bazı
+ ipuçları. Öneriler kısmen Apache’ye özel kısmen de genel olacaktır.</p>
+ </div>
+<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#uptodate">Güncel Tutma</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dos">Hizmet Reddi (DoS) Saldırıları</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#serverroot"><code>ServerRoot</code> Dizinlerinin İzinleri</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ssi">Sunucu Taraflı İçerik Yerleştirme</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#cgi">CGI Genelinde</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi"><code>ScriptAlias</code>’sız CGI</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi"><code>ScriptAlias</code>’lı CGI</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dynamic">Devingen içerikli kaynaklar</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dynamicsec">Devingen içeriğin güvenliği</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Sistem Ayarlarının Korunması</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Sunucu dosyalarının öntanımlı olarak korunması</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Günlüklerin İzlenmesi</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#merging">Yapılandırma bölümlerinin birleştirilmesi</a></li>
+</ul><h3>Ayrıca bakınız:</h3><ul class="seealso"><li><a href="#comments_section">Yorumlar</a></li></ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="uptodate" id="uptodate">Güncel Tutma</a></h2>
+
+ <p>Apache HTTP Sunucusu iyi bir güvenlik sicilinin yanında güvenlik
+ konularıyla oldukça ilgili bir geliştirici topluluğuna sahiptir. Fakat,
+ bir yazılımın dağıtılmasının ardından küçük ya da büyük bazı sorunların
+ keşfedilmesi kaçınılmazdır. Bu sebeple, yazılım güncellemelerinden
+ haberdar olmak oldukça önem kazanır. HTTP sunucunuzu doğrudan
+ Apache’den temin ediyorsanız yeni sürümler ve güvenlik güncellemeleri
+ ile ilgili bilgileri tam zamanında alabilmek için <a href="http://httpd.apache.org/lists.html#http-announce">Apache
+ HTTP Sunucusu Duyuru Listesi</a>ne mutlaka üye olmanızı öneririz.
+ Apache yazılımının üçüncü parti dağıtımlarını yapanların da buna benzer
+ hizmetleri vardır.</p>
+
+ <p>Şüphesiz, bir HTTP sunucusu, sunucu kodunda bir sorun olmasa da
+ tehlike altındadır. Eklenti kodları, CGI betikleri hatta işletim
+ sisteminden kaynaklanan sorunlar nedeniyle bu ortaya çıkabilir. Bu
+ bakımdan, sisteminizdeki tüm yazılımların sorunları ve güncellemeleri
+ hakkında bilgi sahibi olmalısınız.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="dos" id="dos">Hizmet Reddi (DoS) Saldırıları</a></h2>
+
+
+ <p>Tüm ağ sunucuları, istemcilerin sistem kaynaklarından yararlanmalarını
+ engellemeye çalışan hizmet reddi saldırılarına (HRS) maruz kalabilir.
+ Bu tür saldırıları tamamen engellemek mümkün değildir, fakat
+ yarattıkları sorunları azaltmak için bazı şeyler yapabilirsiniz.</p>
+
+ <p>Çoğunlukla en etkili anti-HRS aracı bir güvenlik duvarı veya başka bir
+ işletim sistemi yapılandırmasıdır. Örneğin, çoğu güvenlik duvarı
+ herhangi bir IP adresinden aynı anda yapılan bağlantıların sayısına bir
+ sınırlama getirmek üzere yapılandırılabilir. Böylece basit saldırılar
+ engellenebilir. Ancak bunun dağıtık hizmet reddi saldırılarına (DHRS)
+ karşı bir etkisi olmaz.</p>
+
+ <p>Bunların yanında Apache HTTP Sunucusunun da sorunları azaltıcı
+ tedbirler alınmasını sağlayacak bazı yapılandırmaları vardır:</p>
+
+ <ul>
+ <li><code class="directive"><a href="../mod/mod_reqtimeout.html#requestreadtimeout">RequestReadTimeout</a></code>
+ yönergesi bir istemcinin isteği göndermek için harcadığı zamanı
+ sınırlamayı sağlar.</li>
+
+ <li>HRS’ye maruz kalması olası sitelerde <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code> yönergesinin değeri düşürülmelidir. Birkaç
+ saniye gibi mümkün olduğunca düşük bir ayar uygun olabilir. Ancak
+ <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code> başka işlemlerde de
+ kullanıldığından çok düşük değerler, örneğin, uzun süre çalışan CGI
+ betiklerinde sorunlar çıkmasına sebep olabilir.</li>
+
+ <li>HRS’ye maruz kalması olası sitelerde <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> yönergesinin değeri de düşürülebilir.
+ Hatta bazı siteler başarımı arttırmak amacıyla <code class="directive"><a href="../mod/core.html#keepalive">KeepAlive</a></code> yönergesi üzerinden kalıcı
+ bağlantıları tamamen kapatabilirler.</li>
+
+ <li>Zaman aşımıyla ilgili yönergeler bakımından diğer modüller de
+ araştırılmalıdır.</li>
+
+ <li><code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestfields">LimitRequestFields</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestfieldsize">LimitRequestFieldSize</a></code>,
+ <code class="directive"><a href="../mod/core.html#limitrequestline">LimitRequestLine</a></code> ve
+ <code class="directive"><a href="../mod/core.html#limitxmlrequestbody">LimitXMLRequestBody</a></code> yönergeleri,
+ istemci girdileri ile tetiklenen özkaynak tüketimini sınırlamak için
+ yapılandırılırken dikkatli olunmalıdır.</li>
+
+ <li>İşletim sisteminiz desteklediği takdirde, işletim sisteminin isteği
+ işleyen kısmını yüksüz bırakmak için <code class="directive"><a href="../mod/core.html#acceptfilter">AcceptFilter</a></code> yönergesinin etkin olmasını sağlamalısınız.
+ Bu, Apache HTTP Sunucusunda zaten öntanımlı olarak etkindir.
+ Yapacağınız şey işletim sistemi çekirdeğini buna göre yapılandırmak
+ olacaktır.</li>
+
+ <li>Sunucu tarafından özkaynakları tüketmeden aynı anda işlenebilecek
+ bağlantıların sayısını sınırlamak için <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> yönergesini kullanın. Ayrıca, <a href="perf-tuning.html">başarım arttırma belgesine</a> de
+ bakabilirsiniz.</li>
+
+ <li>HRS’lerin etkilerini azaltmak için aynı andaki bağlantı sayısını
+ arttırabilecek evreli <a href="../mpm.html">MPM</a>’lerden birini
+ kullanmak iyi olabilir. Dahası, <code class="module"><a href="../mod/event.html">event</a></code> MPM’i
+ her bağlantıya yeni bir evre atanmaması için eşzamansız işlem yapar.
+ OpenSSL kütüphanesinin doğası nedeniyle
+ <code class="module"><a href="../mod/event.html">event</a></code> MPM’i <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ve diğer girdi
+ süzgeçleri ile henüz uyumlu değildir. Bu durumlarda,
+ <code class="module"><a href="../mod/worker.html">worker</a></code> MPM'inin davranışına geri döner.</li>
+
+ <li>Belli istemci davranışlarını sınırlayacak ve HRS ile
+ ilgili sorunları azaltmaya yardımcı olacak üçüncü parti modüller
+ bulunabilir.</li>
+ </ul>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="serverroot" id="serverroot"><code>ServerRoot</code> Dizinlerinin İzinleri</a></h2>
+
+
+ <p>Normalde, Apache root kullanıcı tarafından başlatılır ve hizmetleri
+ sunarken <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> yönergesi
+ tarafından tanımlanan kullanıcının aidiyetinde çalışır. Root tarafından
+ çalıştırılan komutlarda olduğu gibi, root olmayan kullanıcıların
+ yapacakları değişikliklerden korunmak konusunda da dikkatli
+ olmalısınız. Dosyaların sadece root tarafından yazılabilir olmasını
+ sağlamak yeterli değildir, bu dizinler ve üst dizinler için de
+ yapılmalıdır. Örneğin, sunucu kök dizininin
+ <code>/usr/local/apache</code> olmasına karar verdiyseniz, bu dizini
+ root olarak şöyle oluşturmanız önerilir:</p>
+
+ <div class="example"><p><code>
+ mkdir /usr/local/apache <br />
+ cd /usr/local/apache <br />
+ mkdir bin conf logs <br />
+ chown 0 . bin conf logs <br />
+ chgrp 0 . bin conf logs <br />
+ chmod 755 . bin conf logs
+ </code></p></div>
+
+ <p><code>/</code>, <code>/usr</code>, <code>/usr/local</code>
+ dizinlerinde sadece root tarafından değişiklik yapılabileceği kabul
+ edilir. <code class="program"><a href="../programs/httpd.html">httpd</a></code> çalıştırılabilirini kurarken de benzer
+ bir önlemin alındığından emin olmalısınız:</p>
+
+ <div class="example"><p><code>
+ cp httpd /usr/local/apache/bin <br />
+ chown 0 /usr/local/apache/bin/httpd <br />
+ chgrp 0 /usr/local/apache/bin/httpd <br />
+ chmod 511 /usr/local/apache/bin/httpd
+ </code></p></div>
+
+ <p>Diğer kullanıcıların değişiklik yapabileceği bir dizin olarak bir
+ <code>htdocs</code> dizini oluşturabilirsiniz. Bu dizine root
+ tarafından çalıştırılabilecek dosyalar konulmamalı ve burada root
+ tarafından hiçbir dosya oluşturulmamalıdır.</p>
+
+ <p>Diğer kullanıcılara root tarafından yazılabilen ve çalıştırılabilen
+ dosyalarda değişiklik yapma hakkını tanırsanız, onlara root
+ kullanıcısını ele geçirilebilme hakkını da tanımış olursunuz. Örneğin,
+ biri <code class="program"><a href="../programs/httpd.html">httpd</a></code> çalıştırılabilirini zararlı bir programla
+ değiştirebilir ve o programı tekrar çalıştırdığınız sırada program
+ yapacağını yapmış olur. Günlükleri kaydettiğiniz dizin herkes
+ tarafından yazılabilen bir dizin olduğu takdirde, birileri bir günlük
+ dosyasını bir sistem dosyasına sembolik bağ haline getirerek root
+ kullanıcısının bu dosyaya ilgisiz şeyler yazmasına sebep olabilir.
+ Günlüklerin dosyaları herkes tarafından yazılabilir olduğu takdirde ise
+ birileri dosyaya yanıltıcı veriler girebilir.</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="ssi" id="ssi">Sunucu Taraflı İçerik Yerleştirme</a></h2>
+
+
+ <p>SSI sayfaları bir sunucu yöneticisi açısından çeşitli olası risklere
+ kaynaklık edebilir.</p>
+
+ <p>İlk risk, sunucu yükündeki artış olasılığıdır. Tüm SSI sayfaları, SSI
+ kodu içersin içermesin Apache tarafından çözümlenir. Bu küçük bir artış
+ gibi görünürse de bir paylaşımlı sunucu ortamında önemli bir yük haline
+ gelebilir.</p>
+
+ <p>SSI sayfaları, CGI betikleriyle ilgili riskleri de taşır. <code>exec
+ cmd</code> elemanı kullanılarak bir SSI sayfasından herhangi bir CGI
+ betiğini veya bir sistem programını Apache’nin aidiyetinde olduğu
+ kullanıcının yetkisiyle çalıştırmak mümkündür.</p>
+
+ <p>SSI sayfalarının yararlı özelliklerinden yararlanırken güvenliğini de
+ arttırmanın bazı yolları vardır.</p>
+
+ <p>Sunucu yöneticisi, bir başıbozuk SSI sayfasının sebep olabileceği
+ zararları bertaraf etmek için <a href="#cgi">CGI Genelinde</a>
+ bölümünde açıklandığı gibi <a href="../suexec.html">suexec</a>’i etkin
+ kılabilir.</p>
+
+ <p>SSI sayfalarını <code>.html</code> veya <code>.htm</code>
+ uzantılarıyla etkinleştirmek tehlikeli olabilir. Bu özellikle
+ paylaşımlı ve yüksek trafikli bir sunucu ortamında önemlidir. SSI
+ sayfalarını normal sayfalardan farklı olarak <code>.shtml</code> gibi
+ bildik bir uzantıyla etkinleştirmek gerekir. Bu, sunucu yükünü asgari
+ düzeyde tutmaya ve risk yönetimini kolaylaştırmaya yarar.</p>
+
+ <p>Diğer bir çözüm de SSI sayfalarından betik ve program çalıştırmayı
+ iptal etmektir. Bu, <code class="directive"><a href="../mod/core.html#options">Options</a></code>
+ yönergesine değer olarak <code>Includes</code> yerine
+ <code>IncludesNOEXEC</code> vererek sağlanır. Ancak, eğer betiklerin
+ bulunduğu dizinde <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>
+ yönergesiyle CGI betiklerinin çalışması mümkün kılınmışsa,
+ kullanıcıların <code>&lt;--#include virtual="..." --&gt;</code> ile bu
+ betikleri çalıştırabileceklerine dikkat ediniz.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="cgi" id="cgi">CGI Genelinde</a></h2>
+
+
+ <p>Herşeyden önce ya CGI betiğini/programını yazanlara ya da kendinizin
+ CGI'deki güvenlik açıklarını (ister kasıtlı olsun ister tesadüfi)
+ yakalama becerinize güvenmek zorundasınız. CGI betikleri esasen
+ sisteminizdeki komutları site kullanıcılarının izinleriyle
+ çalıştırırlar. Bu bakımdan dikkatle denenmedikleri takdirde oldukça
+ tehlikeli olabilirler.</p>
+
+ <p>CGI betiklerinin hepsi aynı kullanıcının aidiyetinde çalışırsa diğer
+ betiklerle aralarında çelişkilerin ortaya çıkması ister istemez
+ kaçınılmazdır. Örneğin A kullanıcısının B kullanıcısına garezi varsa
+ bir betik yazıp B’nin CGI veritabanını silebilir. Bu gibi durumların
+ ortaya çıkmaması için betiklerin farklı kullanıcıların aidiyetlerinde
+ çalışmasını sağlayan ve 1.2 sürümünden beri Apache ile dağıtılan <a href="../suexec.html">suEXEC</a> diye bir program vardır. Başka bir yol
+ da <a href="http://cgiwrap.sourceforge.net/">CGIWrap</a> kullanmaktır.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="nsaliasedcgi" id="nsaliasedcgi"><code>ScriptAlias</code>’sız CGI</a></h2>
+
+
+ <p>Kullanıcıların sitenin her yerinde CGI betiklerini çalıştırmalarına
+ izin vermek ancak şu koşullarda mümkün olabilir:</p>
+
+ <ul>
+ <li>Kullanıcılarınızın kasıtlı ya da kasıtsız sistemi saldırıya açık
+ hale getirecek betikler yazmayacaklarına tam güveniniz vardır.</li>
+ <li>Sitenizin güvenliği zaten o kadar kötüdür ki, bir delik daha
+ açılmasının mahzuru yoktur.</li>
+ <li>Sitenizin sizden başka kullanıcısı yoktur ve sunucunuzu sizden
+ başka hiç kimsenin ziyaret etmesi mümkün değildir.</li>
+ </ul>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="saliasedcgi" id="saliasedcgi"><code>ScriptAlias</code>’lı CGI</a></h2>
+
+
+ <p>CGI’yi belli dizinlerle sınırlamak yöneticiye bu dizinlerde daha iyi
+ denetim imkanı sağlar. Bu kaçınılmaz olarak <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>’sız CGI’den çok daha
+ güvenlidir, ancak bu dizinlere yazma hakkı olan kullanıcılarınız
+ güvenilir kişiler olması ve site yöneticisinin de olası güvenlik
+ açıklarına karşı CGI betiklerini ve programlarını denemeye istekli
+ olması şartıyla.</p>
+
+ <p>Çoğu site yöneticisi <code>ScriptAlias</code>’sız CGI yerine bu
+ yaklaşımı seçer.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="dynamic" id="dynamic">Devingen içerikli kaynaklar</a></h2>
+
+
+ <p>Sunucunun bir parçası gibi çalışan, <code>mod_php</code>,
+ <code>mod_perl</code>, <code>mod_tcl</code> ve <code>mod_python</code>
+ gibi gömülü betik çalıştırma seçenekleri sunucuyu çalıştıran
+ kullanıcının aidiyetinde çalışırlar (<code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> yönergesine bakınız). Bu bakımdan bu betik
+ yorumlayıcılar tarafından çalıştırılan betikler, sunucu kullanıcısının
+ eriştiği herşeye erişebilirler. Bazı betik yorumlayıcıların getirdiği
+ bazı sınırlamalar varsa da bunlara pek güvenmemek, gerekli sınamaları
+ yine de yapmak gerekir.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="dynamicsec" id="dynamicsec">Devingen içeriğin güvenliği</a></h2>
+
+
+ <p><code>mod_php</code>, <code>mod_perl</code> veya
+ <code>mod_python</code> gibi devingen içeriği yapılandırırken
+ güvenlikle ilgili değerlendirmelerin çoğu <code>httpd</code>'nin
+ kapsamından çıkar ve bu modüllerin belgelerini incelemek ihtiyacı
+ duyarsınız. Örneğin, PHP çoğu zaman kapalı tutulan
+ <a href="http://www.php.net/manual/en/ini.sect.safe-mode.php">Güvenli
+ Kip</a> ayarını etkin kılmanızı önerir. Daha fazla güvenlik için bir
+ diğer örnek bir PHP eklentisi olan
+ <a href="http://www.hardened-php.net/suhosin/">Suhosin</a>'dir. Bunlar
+ hakkında daha ayrıntılı bilgi için her projenin kendi belgelerine
+ başvurun.</p>
+
+ <p>Apache seviyesinde, <a href="http://modsecurity.org/">mod_security</a>
+ adı verilen modülü bir HTTP güvenlik duvarı gibi ele alabilir, devingen
+ içeriğin güvenliğini arttırmanıza yardımcı olmak üzere inceden inceye
+ yapılandırabilirsiniz.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="systemsettings" id="systemsettings">Sistem Ayarlarının Korunması</a></h2>
+
+
+ <p>Güvenliği gerçekten sıkı tutmak istiyorsanız, kullanıcılarınızın
+ yapılandırmanızdaki güvenlik ayarlarını geçersiz kılmak için
+ <code>.htaccess</code> dosyalarını kullanabilmelerinin de önüne
+ geçmelisiniz. Bunu yapmanın tek bir yolu vardır.</p>
+
+ <p>Sunucu yapılandırma dosyanıza şunu yerleştirin:</p>
+
+ <pre class="prettyprint lang-config">&lt;Directory "/"&gt;
+ AllowOverride None
+&lt;/Directory&gt;</pre>
+
+
+ <p>Böylece, belli dizinlerde özellikle etkinleştirilmedikçe bütün
+ dizinlerde <code>.htaccess</code> dosyalarının kullanımını engellemiş
+ olursunuz.</p>
+
+ <p>Bu ayar Apache 2.3.9 itibariyle öntanımlıdır.</p>
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="protectserverfiles" id="protectserverfiles">Sunucu dosyalarının öntanımlı olarak korunması</a></h2>
+
+
+ <p>Apache’nin ister istemez yanlış anlaşılan yönlerinden biri öntanımlı
+ erişim özelliğidir. Yani siz aksine bir şeyler yapmadıkça, sunucu normal
+ URL eşleme kurallarını kullanarak bir dosyayı bulabildiği sürece onu
+ istemciye sunacaktır.</p>
+
+ <p>Örneğin, aşağıdaki durumu ele alalım:</p>
+
+ <div class="example"><p><code>
+ # cd /; ln -s / public_html
+ </code></p></div>
+
+ <p>Ve, tarayıcınıza <code>http://localhost/~root/</code> yazın.</p>
+
+ <p>Böylece, istemcilerin tüm dosya sisteminizi gezmelerine izin vermiş
+ olursunuz. Bu işlemin sonuçlarının önünü almak için sunucu yapılandırma
+ dosyanıza şunları yazın:</p>
+
+ <pre class="prettyprint lang-config">&lt;Directory "/"&gt;
+ Require all denied
+&lt;/Directory&gt;</pre>
+
+
+ <p>Bu suretle, dosya sisteminize öntanımlı erişimi yasaklamış olursunuz.
+ Erişime izin vermek istediğiniz dizinler için uygun <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> bölümleri eklemeniz yeterli
+ olacaktır. Örnek:</p>
+
+ <pre class="prettyprint lang-config">&lt;Directory "/usr/users/*/public_html"&gt;
+ Require all granted
+&lt;/Directory&gt;
+&lt;Directory "/usr/local/httpd"&gt;
+ Require all granted
+&lt;/Directory&gt;</pre>
+
+
+ <p><code class="directive"><a href="../mod/core.html#location">Location</a></code> ve <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> yönergelerinin etkileşimine de
+ özellikle önem vermelisiniz; örneğin <code>&lt;Directory "/"&gt;</code>
+ erişimi yasaklarken bir <code>&lt;Location "/"&gt;</code> yönergesi bunu
+ ortadan kaldırabilir.</p>
+
+ <p><code class="directive"><a href="../mod/mod_userdir.html#userdir">UserDir</a></code> yönergesi de size
+ buna benzer bir oyun oynayabilir; yönergeye <code>./</code> atamasını
+ yaparsanız, root kullanıcısı söz konusu olduğunda yukarıda ilk örnekteki
+ durumla karşılaşırız. Sunucu yapılandırma dosyanızda aşağıdaki satırın
+ mutlaka bulunmasını öneririz:</p>
+
+ <pre class="prettyprint lang-config">UserDir disabled root</pre>
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="watchyourlogs" id="watchyourlogs">Günlüklerin İzlenmesi</a></h2>
+
+
+ <p>Sunucunuzda olup biteni günü gününe bilmek istiyorsanız <a href="../logs.html">günlük dosyalarına</a> bakmalısınız. Günlük dosyaları
+ sadece olup biteni raporlamakla kalmaz, sunucunuza ne tür saldırılar
+ yapıldığını ve güvenlik seviyenizin yeterli olup olmadığını anlamanızı da
+ sağlarlar.</p>
+
+ <p>Bazı örnekler:</p>
+
+ <div class="example"><p><code>
+ grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br />
+ grep "client denied" error_log | tail -n 10
+ </code></p></div>
+
+ <p>İlk örnek, <a href="http://online.securityfocus.com/bid/4876/info/">Apache Tomcat Source.JSP Bozuk İstek Bilgilerini İfşa Açığı</a>nı
+ istismar etmeyi deneyen saldırıların sayısını verirken ikinci örnek,
+ reddedilen son on istemciyi listeler; örnek:</p>
+
+ <div class="example"><p><code>
+ [Thu Jul 11 17:18:39 2002] [error] [client foo.example.com] client denied
+ by server configuration: /usr/local/apache/htdocs/.htpasswd
+ </code></p></div>
+
+ <p>Gördüğünüz gibi günlük dosyaları sadece ne olup bittiğini raporlar, bu
+ bakımdan eğer istemci <code>.htpasswd</code> dosyasına erişebiliyorsa <a href="../logs.html#accesslog">erişim günlüğünüzde</a> şuna benzer bir
+ kayıt görürsünüz:</p>
+
+ <div class="example"><p><code>
+ foo.example.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1"
+ </code></p></div>
+
+ <p>Bu, sunucu yapılandırma dosyanızda aşağıdaki yapılandırmayı iptal
+ ettiğiniz anlamına gelir:</p>
+
+ <pre class="prettyprint lang-config">&lt;Files ".ht*"&gt;
+ Require all denied
+&lt;/Files&gt;</pre>
+
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="merging" id="merging">Yapılandırma bölümlerinin birleştirilmesi</a></h2>
+
+
+
+ <p>Yapılandırma bölümlerinin birleştirilmesi karmaşık bir işlem olup bazı
+ durumlarda yönergelere bağlıdır. Yönergeleri bir araya getirirken
+ aralarındaki bağımlılıkları daima sınayın.</p>
+
+ <p><code class="module"><a href="../mod/mod_access_compat.html">mod_access_compat</a></code> gibi henüz yönerge katıştırma
+ mantığını gerçeklememiş modüller için sonraki bölümlerdeki davranış, bu
+ modüllerin yönergelerini içerip içermemesine bağlıdır. Yapılandırmada
+ yönergelerin <em>yerleri değiştirildiğinde</em> fakat bir katıştırma
+ yapılmadığında, yapılandırma bir değişiklik yapılana kadar miras
+ alınır.</p>
+ </div></div>
+<div class="bottomlang">
+<p><span>Mevcut Diller: </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
+<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a> |
+<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a> |
+<a href="../tr/misc/security_tips.html" title="Türkçe">&nbsp;tr&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Yorumlar</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our <a href="https://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/security_tips.html';
+(function(w, d) {
+ if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
+ }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2023 The Apache Software Foundation.<br /><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> altında lisanslıdır.</p>
+<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+ prettyPrint();
+}
+//--><!]]></script>
+</body></html> \ No newline at end of file