Networking / Beginners

---

Defining Where Things Are Stored

The DocumentRoot directive, which was mentioned earlier, defines the directory that contains the web server documents. For security reasons, this is not the same directory that holds the configuration files. The ServerRoot directive defines the location of the server configuration files. On our sample Red Hat system, DocumentRoot and ServerRoot are

DocumentRoot "/var/www/html"
ServerRoot "/etc/httpd"

The PidFile and ScoreBoardFile directives both define the paths of files that relate to process status. The PidFile is the file in which httpd stores its process ID; the ScoreBoardFile is the file in which httpd writes process status information. If the ScoreBoardFile is not defined, Apache uses a shared-memory segment instead of a file, which improves performance.

The Alias directive and the ScriptAlias directive both map a URL path to a directory on the server. For example:

Alias /icons/ "/var/www/icons/"
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

The first line maps the URL path /icons/ to the directory /var/www/icons/. Thus, a request for www.example.org/icons/ is mapped to www.example.org/var/www/icons/.

The Red Hat configuration contains several Alias directives to handle several different mappings, and one global ScriptAlias directive. The ScriptAlias directive functions in exactly the same ways as the Alias directive, except that the directory it points to contains executable CGI programs. Therefore, httpd grants this directory execution privileges. ScriptAlias is particularly important because it allows you to maintain executable web scripts in a directory that is separate from the DocumentRoot. CGI scripts are the single biggest security threat to your server. Maintaining them separately allows you to provide tighter controls on who has access to the scripts.

The UserDir directive enables personal user web pages, and points to the directory that contains the user pages. UserDir usually points to public_html. With this default setting, users create a directory named public_html in their home directories to hold their personal web pages. When a request comes in for www.example.org/~joe, it is mapped to www.example.org/home/joe/public_html.

An alternative is to define a full pathname such as /home/userpages on the UserDir command line. Then the administrator creates the directory, and allows each user to store personal pages in subdirectories of this directory. A request for www.example.org/~joe maps to www.example.org/home/homepages/sara . The advantages of this approach are that it improves security by making it easier for you to monitor the content of user pages, and it makes it easier to control who can publish pages, rather than allowing all users to do so.

The DirectoryIndex option defines the name of the file that is retrieved if the client's request does not include a filename. Our sample Red Hat system has the following values for this option:

DirectoryIndex index.html index.htm index.shtml index.php index.php4
index.php3 index.phtml index.cgi

Given the value defined for DocumentRoot and this value, if the server gets a request for http://www.example.org/songbirds/, it first attempts to locate a file named /var/www/html/songbirds/ index.html. Notice that the DocumentRoot is prepended to any request, and the DirectoryIndex is appended to any request that doesn't end in a filename. If the server finds a file with that name, it serves the client the file. If it does not find the file, it tries index.htm and then index.shtml, and so on down the line to index.cgi. If none of the files defined by DirectoryIndex is found, httpd sends the client a listing of the directory. Several directives control how that directory listing is formatted.