Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
MOHAWK.CONF(5)		  FreeBSD File Formats Manual		MOHAWK.CONF(5)

NAME
     mohawk.conf -- mohawk(8) configuration file

DESCRIPTION
     mohawk.conf is the	configuration file for the http	daemon mohawk(8).

     Comments can be put anywhere in the file using a hash mark	(`#'), and ex-
     tend to the end of	the current line.

     Arguments containing whitespace should be surrounded by double quotes
     (").

SERVER CONFIGURATION
     debug <on off>
	   If mohawk(8)	is compiled with -DUSE_DEBUG, this option control the
	   debug mode.	The cli	option '-d' take precedence.

	   on	 Activate the debug mode, this prevent mohawk(8) to fork in
		 background as well as activeing verbose output.

	   off (default)
		 Run in	background.

	   For example,

		 debug on

     chroot <directory>
	   mohawk(8) will chroot itself	in the given directory.

	   For example,

		 chroot	/var/www/chroot

     include <pattern>
	   Include file(s) that	match pattern. If the default max level	recur-
	   sion	(5) is not enought, recompile mohawk(8)	with -DMAX_IN-
	   CLUDE_DEPTH=your_level

	   For example,

		 include /usr/local/etc/mohawk.d/local.conf

     mime_type <file>
	   Read	mime type from file.

	   For example,

		 mime_type /etc/nginx/mime.types

     mime_type <key value>
	   Global list of mime type (where type	and extension(s) are autode-
	   tected), delimited with brace. Default is application/octet-stream.
	   Shortest extension come first.

	   For example,

		 mime_type { text/plain	"c h" x	application/xxx	}
		 mime_type { html text/html txt	text/plain }
	   Invert the two lines	and a request for a 'h'	document will return
	   'text/html' and a request for a 'x' document	will return
	   'text/plain'.  The first match win.

     pidfile <file>
	   mohawk(8) write his pid in this file, before	any chroot. The	cli
	   option '-p pidfile' take precedence.

	   For example,

		 pidfile /var/run/mohawk.pid

     syslog_facility <facility>
	   Use facility	for logging. See /usr/include/syslog.h for the list of
	   facilities name. Default is daemon.

	   For example,

		 syslog_facility local2

     user <username>
	   Run mohawk(8) as another user, nobody by default.  username must
	   exists on the system.

	   For example,

		 user www-data

VHOSTS CONFIGURATION
     A vhost is	configured by a	list of	option,	delimited with brace. A	'de-
     fault' vhost is mandatory.	 Each another vhost inherit her	configuration
     from this vhost. Inherit configuration from another vhost is possible
     with 'vhost child clone parent { }'.

     List of option could be uni or multi line,	comment	start with '#'.

     For example,

	   vhost default {
	   <list of option>
	   }

     authentication <on	off>
	   Enable / disable (default) authentication. See auth_path below.

	   For example,

		 authentication	off

     cgi_expose_mohawk_version <on off>
	   Enable / disable (default) the environment variable MOHAWK_VERSION.

	   For example,

		 cgi_expose_mohawk_version on

     dirlist <on off>
	   Enable / disable (default) directory	listing.

	   For example,

		 dirlist on

     hostname_in_rootdir <on off>
	   Use / don't use hostname (default) in rootdir. When vhost contains
	   patterns, use it.

	   For example,

		 hostname_in_rootdir on

     x_forwarded_for <on off>
	   Enable / disable (default) use X-Forwarded-For header

     auth_path <directory>
	   Path	to the authentication file. The	rootdir	of the vhost *must
	   not*	contains this directory.

	   For example,

		 auth_path /tmp/chroot/secure_vhost/secure

     charset <charset>
	   Set the default charset.

	   For example,

		 charset iso-8859-15

     dirlist_css_url <url>
	   The custom css for directory	listing	page relative to the vhost
	   rootdir.

	   For example,

		 dirlist_css_url /dirlist.css

     email_admin <email>
	   Set the email of the	administrator

	   For example,

		 email_admin foo.bar@example.com

     maxage <number>
	   If defined, set Expires and Cache-Control headers

	   For example,

		 maxage	3600

     mohawk_name <name>
	   Set the environment variable	SERVER_SOFTWARE	and footer when	list-
	   ing directory

	   For example,

		 mohawk_name "What did you expect ?"

     rootdir <directory>
	   The root directory for the given vhost. The 'document_root' is de-
	   fined as chroot + rootdir.  If hostname_in_root is on, the docu-
	   ment_root is	defined	as chroot + rootdir + hostname.	 For 'default'
	   vhost, 'document_root' is always defined as chroot +	rootdir.

	   For example,

		 rootdir /tmp/chroot/virtual-hosts

     status_url	<url>
	   The url for the status page (information concerning the running
	   mohawk(8) process).

     auth_patterns <list of pattern>
	   The glob pattens to determine which url require authentication. For
	   a fully authentication vhost, use '*'.  See auth_path option.

	   For example,

		 auth_patterns { /admin/* /secure/* }

     cgi_patterns <list	of pattern>
	   The glob pattens to determine which files are to be considered as
	   CGIs.

	   For example,

		 cgi_patterns {	*.cgi *.pl *.sh	}

     index_names <list of pattern>
	   List	of file	name to	use as index directory

	   For example,

		 index_names { index.html index.htm default.html index.pl }

     no_auth_patterns <list of pattern>
	   The glob pattens to determine which url does	not require authenti-
	   cation.

	   For example,

		 no_auth_patterns { /css/* /js/* /img/*	}

     no_cgi_maps <list of pattern>
	   List	the url	that will not be mapped	to cgi even if defined in a
	   cgi_map.

	   For example,

		 no_cgi_map { /rescue/status* }

     no_log_patterns <list of pattern>
	   Don't log if	request	match pattern.

	   For example,

		 no_log_patterns { /css/* /js/*	/img/* /packages/* }

     grant_access <list	of prefix/mask>
	   If set, access is granted only if remote_addr match one of the pre-
	   fixes.  Using '!' deny access to the	specified prefix/netmak.

	   For example,

		 grant_access {	127.0.0.0/8 192.168.0.0/16 2001:dead:beaf::/48 }
		 grant_access {	192.168.0.0/24 !192.168.0.1 } #	bad access / deny order:
		 grant_access {	!2001:dead:beaf:1::/64 2001:dead:beaf::/48 } # good access / deny order:

     cgi_env <list of key value>
	   List	of environnement variable to pass to CGIs in the form of: key
	   "value" where key is	the variable "value" is	the content of the
	   variable.

	   For example,

		 cgi_env { CBLOG_PATH "/var/db/cblog/" }
		 cgi_env {
		   VAR1	"value1"
		   VAR2	"value2"
		   # not use here
		   #VAR3 "value3"
		 }

     cgi_map <list of key value>
	   List	of url mapping that will in fact execute the given CGI in the
	   form	of: pattern path/url/to/the/cgi. pattern is a glob pattern.

	   For example,

		 cgi_map { /cblog/* /cblog.cgi /debug/*	/cgi/printenv.sh }

     listen on <...> port <port>
	   The listen on directive take	a interface, hostname, ipv4 or ipv6
	   param. port is optionnal (http by default).	Multiple directives
	   are authorized. Be careful, without listen directive, mohawk(8).
	   will	listen on all interfaces port http.

	   For example,

		 listen	on em0
		 listen	on localhost port 2222
		 listen	on 172.16.0.80
		 listen	on 2001:dead:beef::1 port dns

     reset <option>
	   Reset a option. The resettables options are:
		 +o   auth_path
		 +o   auth_patterns
		 +o   cgi_env
		 +o   cgi_map
		 +o   cgi_patterns
		 +o   charset
		 +o   dirlist_css_url
		 +o   email_admin
		 +o   index_names
		 +o   mohawk_name
		 +o   no_auth_patterns
		 +o   no_cgi_maps
		 +o   no_log_patterns
		 +o   grant_access
		 +o   status_url

EXAMPLES
     Minimal configuration: no chroot, listen on all interfaces, all ad-
     dresses, serve /tmp:

	   mime_type { html text/html txt text/plain }

	   vhost default {
	     rootdir /tmp
	     dirlist on
	   }

     Complex configuration: chroot, listen on some interfaces, some addresses,
     black hole	default	vhost, authentication, cgi:

	   chroot /var/www/chroot
	   user	www-data
	   mime_type { html text/html txt text/plain }

	   # no	HTTP 1.0 client
	   vhost default {
	     # chroot is defined, we need /var/www/chroot/var/empty
	     rootdir /var/empty
	   }

	   # example.com
	   vhost *.example.com {
	     # em0 is the public interface
	     listen on em0 port	8080
	     # vr0 is the local	interface
	     listen on vr0

	     # chroot is defined and it's not default vhost
	     # a request http://www.example.com/index.html
	     # become /var/www/chroot/srv/example.com/www.example.com/index.html
	     rootdir /srv/example.com/

	     #authentication off
	     #cgi_expose_mohawk_version
	     #dirlist off

	     # we listen on public interface port 8080,	a proxy	is present
	     x_forwarded_for on

	     # no authentication
	     #auth_path
	     charset latin1

	     dirlist_css_url /css/dir.css

	     maxage 3600
	     mohawk_name "Mohawk rulez !!!"

	     # we don't	activate any status url
	     # some informations may be	sensible
	     #status_url

	     # no authentication
	     #auth_patterns { }

	     #no cgi
	     #cgi_patterns { }

	     # usual settings
	     index_names { index.html index.htm	default.html }

	     # no authentication
	     #no_auth_patterns { }

	     # no cgi
	     #no_cgi_maps { }

	     # we log all
	     #no_log_patterns {	}

	     # no restriction
	     #grant_access { }

	     # no cgi_env
	     #cgi_env {	}

	     # no cgi_map
	     #cgi_map {	}
	   }

	   vhost secure.example.com {
	     # add some	listen
	     listen on secure.example.com
	     listen on 127.0.0.1 port 8888

	     # /var/www/chroot/classified/www/secure.example.com/
	     rootdir /classified/www

	     # activate	authentication
	     authentication on

	     # auth path
	     # we can shared .htpasswd
	     # /var/www/chroot/classified/authentication/.htpasswd
	     auth_path /classified/authentication/

	     no_auth_patterns {	/css/* /img/* /js/* }

	     # don't log some stuff, same as no_auth_patterns
	     no_log_patterns { /css/* /img/* /js/* }
	   }

	   vhost secret.example.com clone secure.example.com {
	     # listen only on lo0
	     reset listen
	     listen on lo0

	     # keep roodir, /var/www/chroot/classified/www/secret.example.com

	     # don't share .htpasswd
	     auth_path /classified/secret.example.com/

	     # all request require authentication
	     reset no_auth_patterns
	     auth_patterns { * }

	     cgi_expose_mohawk_version off
	     cgi_patterns { *.cgi *.pl }
	     reset index_names
	     index_names { crack.cgi buteforce.pl }

	     reset no_cgi_maps
	     cgi_map {
	       /download/* /analyze.pl
	       /upload/*   /add_virus.cgi
	     }
	     cgi_env {
	       DATABASE	"postgresql:admin:Haxxor ftw"
	     }

	     grant_access { 127.0.0.0/8	}
	     mohawk_name ""
	     # we log all
	     reset no_log_patterns
	   }

AUTHORS
     Baptiste Daroussin	<bapt@FreeBSD.org>
     Freddy Dissaux <freddy.dsx@free.fr>

FreeBSD	13.0			 Mar 11, 2012			  FreeBSD 13.0

NAME | DESCRIPTION | SERVER CONFIGURATION | VHOSTS CONFIGURATION | EXAMPLES | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=mohawk.conf&sektion=5&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help