FreeBSD Manual Pages
MOHAWK.CONF(5) File Formats Manual MOHAWK.CONF(5) NAME mohawk.conf -- mohawk(8) configuration file DESCRIPTION mohawk.conf is the configuration file for the http daemon mohawk(8). Comments can be put anywhere in the file using a hash mark (`#'), and extend to the end of the current line. Arguments containing whitespace should be surrounded by double quotes ("). SERVER CONFIGURATION debug <on off> If mohawk(8) is compiled with -DUSE_DEBUG, this option control the debug mode. The cli option '-d' take precedence. on Activate the debug mode, this prevent mohawk(8) to fork in background as well as activeing verbose output. off (default) Run in background. For example, debug on chroot <directory> mohawk(8) will chroot itself in the given directory. For example, chroot /var/www/chroot include <pattern> Include file(s) that match pattern. If the default max level re- cursion (5) is not enought, recompile mohawk(8) with -DMAX_IN- CLUDE_DEPTH=your_level For example, include /usr/local/etc/mohawk.d/local.conf mime_type <file> Read mime type from file. For example, mime_type /etc/nginx/mime.types mime_type <key value> Global list of mime type (where type and extension(s) are autode- tected), delimited with brace. Default is application/octet- stream. Shortest extension come first. For example, mime_type { text/plain "c h" x application/xxx } mime_type { html text/html txt text/plain } Invert the two lines and a request for a 'h' document will return 'text/html' and a request for a 'x' document will return 'text/plain'. The first match win. pidfile <file> mohawk(8) write his pid in this file, before any chroot. The cli option '-p pidfile' take precedence. For example, pidfile /var/run/mohawk.pid syslog_facility <facility> Use facility for logging. See /usr/include/syslog.h for the list of facilities name. Default is daemon. For example, syslog_facility local2 user <username> Run mohawk(8) as another user, nobody by default. username must exists on the system. For example, user www-data VHOSTS CONFIGURATION A vhost is configured by a list of option, delimited with brace. A 'de- fault' vhost is mandatory. Each another vhost inherit her configura- tion from this vhost. Inherit configuration from another vhost is pos- sible with 'vhost child clone parent { }'. List of option could be uni or multi line, comment start with '#'. For example, vhost default { <list of option> } authentication <on off> Enable / disable (default) authentication. See auth_path below. For example, authentication off auth_blacklistd <on off> Send / not send (default) authentication result to blacklistd(8) (if available). For example, auth_blacklistd off cgi_expose_mohawk_version <on off> Enable / disable (default) the environment variable MOHAWK_VER- SION. For example, cgi_expose_mohawk_version on dirlist <on off> Enable / disable (default) directory listing. For example, dirlist on hostname_in_rootdir <on off> Use / don't use hostname (default) in rootdir. When vhost con- tains patterns, use it. For example, hostname_in_rootdir on x_forwarded_for <on off> Enable / disable (default) use X-Forwarded-For header auth_path <directory> Path to the authentication file. The rootdir of the vhost *must not* contains this directory. For example, auth_path /tmp/chroot/secure_vhost/secure charset <charset> Set the default charset. For example, charset iso-8859-15 dirlist_css_url <url> The custom css for directory listing page relative to the vhost rootdir. For example, dirlist_css_url /dirlist.css email_admin <email> Set the email of the administrator For example, email_admin foo.bar@example.com maxage <number> If defined, set Expires and Cache-Control headers For example, maxage 3600 mohawk_name <name> Set the environment variable SERVER_SOFTWARE and footer when listing directory For example, mohawk_name "What did you expect ?" rootdir <directory> The root directory for the given vhost. The 'document_root' is defined as chroot + rootdir. If hostname_in_root is on, the doc- ument_root is defined as chroot + rootdir + hostname. For 'de- fault' vhost, 'document_root' is always defined as chroot + root- dir. For example, rootdir /tmp/chroot/virtual-hosts status_url <url> The url for the status page (information concerning the running mohawk(8) process). auth_patterns <list of pattern> The glob patterns to determine which url require authentication. For a fully authentication vhost, use '*'. See auth_path option. For example, auth_patterns { /admin/* /secure/* } blacklist_patterns <list of pattern> The glob patterns to determine which url generate a BLACK- LIST_ABUSIVE_BEHAVIOR to blacklistd(8) (if available). For example, blacklist_patterns { *.php /honeypot/* } cgi_patterns <list of pattern> The glob patterns to determine which files are to be considered as CGIs. For example, cgi_patterns { *.cgi *.pl *.sh } index_names <list of pattern> List of file name to use as index directory For example, index_names { index.html index.htm default.html index.pl } no_auth_patterns <list of pattern> The glob patterns to determine which url does not require authen- tication. For example, no_auth_patterns { /css/* /js/* /img/* } no_cgi_maps <list of pattern> List the url that will not be mapped to cgi even if defined in a cgi_map. For example, no_cgi_map { /rescue/status* } no_log_patterns <list of pattern> Don't log if request match pattern. For example, no_log_patterns { /css/* /js/* /img/* /packages/* } grant_access <list of prefix/mask> If set, access is granted only if remote_addr match one of the prefixes. Using '!' deny access to the specified prefix/netmak. For example, grant_access { 127.0.0.0/8 192.168.0.0/16 2001:dead:beaf::/48 } grant_access { 192.168.0.0/24 !192.168.0.1 } # bad access / deny order: grant_access { !2001:dead:beaf:1::/64 2001:dead:beaf::/48 } # good access / deny order: cgi_env <list of key value> List of environnement variable to pass to CGIs in the form of: key "value" where key is the variable "value" is the content of the variable. For example, cgi_env { CBLOG_PATH "/var/db/cblog/" } cgi_env { VAR1 "value1" VAR2 "value2" # not use here #VAR3 "value3" } cgi_map <list of key value> List of url mapping that will in fact execute the given CGI in the form of: pattern path/url/to/the/cgi. pattern is a glob pat- tern. For example, cgi_map { /cblog/* /cblog.cgi /debug/* /cgi/printenv.sh } listen on <...> port <port> The listen on directive take a interface, hostname, ipv4 or ipv6 param. port is optionnal (http by default). Multiple directives are authorized. Be careful, without listen directive, mohawk(8). will listen on all interfaces port http. For example, listen on em0 listen on localhost port 2222 listen on 172.16.0.80 listen on 2001:dead:beef::1 port dns reset <option> Reset a option. The resettables options are: • authentication • auth_blacklistd • auth_path • auth_patterns • blacklist_patterns • cgi_env • cgi_map • cgi_patterns • charset • dirlist_css_url • email_admin • index_names • mohawk_name • no_auth_patterns • no_cgi_maps • no_log_patterns • grant_access • status_url EXAMPLES Minimal configuration: no chroot, listen on all interfaces, all ad- dresses, serve /tmp: mime_type { html text/html txt text/plain } vhost default { rootdir /tmp dirlist on } Complex configuration: chroot, listen on some interfaces, some ad- dresses, black hole default vhost, authentication, cgi: chroot /var/www/chroot user www-data mime_type { html text/html txt text/plain } # no HTTP 1.0 client vhost default { # chroot is defined, we need /var/www/chroot/var/empty rootdir /var/empty } # example.com vhost *.example.com { # em0 is the public interface listen on em0 port 8080 # vr0 is the local interface listen on vr0 # chroot is defined and it's not default vhost # a request http://www.example.com/index.html # become /var/www/chroot/srv/example.com/www.example.com/index.html rootdir /srv/example.com/ #authentication off #cgi_expose_mohawk_version #dirlist off # we listen on public interface port 8080, a proxy is present x_forwarded_for on # no authentication #auth_path charset latin1 dirlist_css_url /css/dir.css maxage 3600 mohawk_name "Mohawk rulez !!!" # we don't activate any status url # some informations may be sensible #status_url # no authentication #auth_patterns { } #no cgi #cgi_patterns { } # usual settings index_names { index.html index.htm default.html } # no authentication #no_auth_patterns { } # no cgi #no_cgi_maps { } # we log all #no_log_patterns { } # no restriction #grant_access { } # no cgi_env #cgi_env { } # no cgi_map #cgi_map { } } vhost secure.example.com { # add some listen listen on secure.example.com listen on 127.0.0.1 port 8888 # /var/www/chroot/classified/www/secure.example.com/ rootdir /classified/www # activate authentication authentication on # auth path # we can shared .htpasswd # /var/www/chroot/classified/authentication/.htpasswd auth_path /classified/authentication/ no_auth_patterns { /css/* /img/* /js/* } # don't log some stuff, same as no_auth_patterns no_log_patterns { /css/* /img/* /js/* } } vhost secret.example.com clone secure.example.com { # listen only on lo0 reset listen listen on lo0 # keep roodir, /var/www/chroot/classified/www/secret.example.com # don't share .htpasswd auth_path /classified/secret.example.com/ # all request require authentication reset no_auth_patterns auth_patterns { * } cgi_expose_mohawk_version off cgi_patterns { *.cgi *.pl } reset index_names index_names { crack.cgi buteforce.pl } reset no_cgi_maps cgi_map { /download/* /analyze.pl /upload/* /add_virus.cgi } cgi_env { DATABASE "postgresql:admin:Haxxor ftw" } grant_access { 127.0.0.0/8 } mohawk_name "" # we log all reset no_log_patterns } AUTHORS Baptiste Daroussin <bapt@FreeBSD.org> Freddy Dissaux <freddy.dsx@free.fr> FreeBSD Ports 14.quarterly Mar 11, 2012 MOHAWK.CONF(5)
NAME | DESCRIPTION | SERVER CONFIGURATION | VHOSTS CONFIGURATION | EXAMPLES | AUTHORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=mohawk.conf&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>