Sling Academy
Home/DevOps/Apache Web Server Directives: A Cheat Sheet

Apache Web Server Directives: A Cheat Sheet

Last updated: January 20, 2024

Table of Contents

  1. Introduction
  2. Basic Configuration Directives
    1. ServerRoot
    2. DocumentRoot
    3. Listen
    4. LoadModule
  3. Client Request Handling
    1. DirectoryIndex
    2. Alias
  4. Access Control Directives
    1. Require
    2. Order, Allow, Deny
  5. Performance and Optimization Directives
    1. KeepAlive
    2. MaxKeepAliveRequests
    3. KeepAliveTimeout
  6. Logging Directives
    1. ErrorLog
    2. LogLevel
  7. Security Directives
    1. ServerTokens
    2. ServerSignature
  8. Mod_Rewrite: URL Rewriting Directives
    1. RewriteEngine
    2. RewriteRule
  9. SSL/TLS Directives
    1. SSLEngine
    2. SSLCertificateFile
    3. SSLCertificateKeyFile
  10. Conclusion

Introduction

Apache HTTP Server is a powerful and flexible web server software. One of its core strengths is the ability to customize its configuration to meet the needs of any application. In this tutorial, we’ll cover some of the most important Apache directives that every web developer should know, providing a cheat sheet to help you manage your server configurations with ease.

Basic Configuration Directives

ServerRoot

ServerRoot "/etc/httpd"

The ServerRoot directive specifies the directory in which the configuration files of the Apache server are located.

DocumentRoot

DocumentRoot "/var/www/html"

The DocumentRoot directive sets the directory from which Apache will serve files. For a typical website, this is where you will upload your HTML files and assets.

Listen

Listen 80

The Listen directive tells Apache on which IP and port to listen for incoming connections. Port 80 is the standard port for HTTP traffic.

LoadModule

LoadModule ssl_module modules/mod_ssl.so

This directive is used to load additional modules. The above line would load the SSL module, enabling HTTPS on the server.

Client Request Handling

DirectoryIndex

DirectoryIndex index.php index.html

The DirectoryIndex specifies the file to serve when a directory is requested. If index.php is not found, index.html will be served, and so on.

Alias

Alias /images "/var/www/html/images"

The Alias directive maps a URL to a file path, allowing you to serve files from a location outside the DocumentRoot.

Access Control Directives

Require

<Directory "/var/www/html/restricted"> 
    Require all denied 
    Require ip 192.168.1.0/24 
</Directory>

The Require directive is used under <Directory> blocks to control access to certain parts of the website. Above, we block access to all except for the specified IP range.

Order, Allow, Deny

<Directory "/var/www/html/old"> 
    Order allow,deny 
    Deny from all 
    Allow from 192.168.1.5 
</Directory>

This set of directives, used in Apache versions prior to 2.4, sets the order in which Allow and Deny rules are processed. It specifically allows only one IP address access to the directory.

Performance and Optimization Directives

KeepAlive

KeepAlive On

When KeepAlive is set to On, connections are kept open for multiple requests per session, reducing latency and increasing throughput.

MaxKeepAliveRequests

MaxKeepAliveRequests 100

Specifies the maximum number of requests allowed per connection when KeepAlive is on. It’s a balance between performance and resource usage.

KeepAliveTimeout

KeepAliveTimeout 5

This directive sets the amount of time the server will wait for subsequent requests on a persistent connection. A lower timeout can free up server resources faster.

Logging Directives

ErrorLog

ErrorLog "/var/log/httpd/error_log"

The ErrorLog directive defines the location of the error log file where Apache will record any errors it encounters.

LogLevel

LogLevel warn

LogLevel specifies the level of verbosity of the error logs. Levels include: debug, info, notice, warn, error, crit, alert, and emerg.

Security Directives

ServerTokens

ServerTokens Prod

This directive configures the HTTP response header Server field to minimize the amount of version information given to clients, enhancing security by obfuscating server details.

ServerSignature

ServerSignature Off

ServerSignature controls the inclusion of server version information on error pages and server-generated documents, which is typically turned off for security.

Mod_Rewrite: URL Rewriting Directives

RewriteEngine

RewriteEngine On

Enables or disables the runtime rewriting engine provided by mod_rewrite.

RewriteRule

RewriteRule ^oldpage.html$ newpage.html [R=301,L]

The RewriteRule directive is used to rewrite URL patterns to new locations, with flags like R=301 for permanent redirections, and L to indicate the last rule.

SSL/TLS Directives

SSLEngine

SSLEngine on

The SSLEngine directive configures a web server to handle secure transactions by enabling SSL/TLS protocol support.

SSLCertificateFile

SSLCertificateFile /etc/ssl/certs/server-cert.pem

Specifies the file containing the server’s certificate file needed to establish a secure connection.

SSLCertificateKeyFile

SSLCertificateKeyFile /etc/ssl/private/server-key.pem

Points to the file containing the private key associated with the server’s certificate.

Conclusion

This cheat sheet provides an overview of some of the most common and useful Apache directives that you are likely to use when configuring your Apache web server. These directives offer powerful ways to manage how your server processes requests, secures communications, redirects URLs, and much more. As always, ensure you read the full documentation for each module when configuring your server to gain comprehensive understanding of these directives.

Remember that after any configuration changes, you should always restart Apache to apply the new settings. This can typically be done with commands like sudo systemctl restart apache2 on Linux systems running systemd.

With this knowledge, you can begin to master the configuration of your Apache server and ensure it runs efficiently, securely, and in alignment with the needs of your website or application. Happy coding!

Next Article: Apache .htaccess file: A beginner’s guide (with simple examples)

Previous Article: Managing Log Files in Apache: Access Log, Error Log, Custom Log

Series: Apache Tutorials

DevOps

You May Also Like

  • How to reset Ubuntu to factory settings (4 approaches)
  • Making GET requests with cURL: A practical guide (with examples)
  • Git: What is .DS_Store and should you ignore it?
  • NGINX underscores_in_headers: Explained with examples
  • How to use Jenkins CI with private GitHub repositories
  • Terraform: Understanding State and State Files (with Examples)
  • SHA1, SHA256, and SHA512 in Terraform: A Practical Guide
  • CSRF Protection in Jenkins: An In-depth Guide (with examples)
  • Terraform: How to Merge 2 Maps
  • Terraform: How to extract filename/extension from a path
  • JSON encoding/decoding in Terraform: Explained with examples
  • Sorting Lists in Terraform: A Practical Guide
  • Terraform: How to trigger a Lambda function on resource creation
  • How to use Terraform templates
  • Understanding terraform_remote_state data source: Explained with examples
  • Jenkins Authorization: A Practical Guide (with examples)
  • Solving Jenkins Pipeline NotSerializableException: groovy.json.internal.LazyMap
  • Understanding Artifacts in Jenkins: A Practical Guide (with examples)
  • Using Jenkins with AWS EC2 and S3: A Practical Guide