MOHAWK.CONF(5) BSD File Formats Manual MOHAWK.CONF(5)NAMEmohawk.conf — mohawk(8) configuration file
DESCRIPTIONmohawk.conf is the configuration file for the http daemon mohawk(8).
Comments can be put anywhere in the file using a hash mark (‘#’), and
extend to the end of the current line.
Arguments containing whitespace should be surrounded by double quotes
(").
SERVER CONFIGURATION
debug ⟨on off⟩
If mohawk(8) is compiled with -DUSE_DEBUG, this option control the
debug mode. The cli option '-d' take precedence.
on Activate the debug mode, this prevent mohawk(8) to fork in
background as well as activeing verbose output.
off (default)
Run in background.
For example,
debug on
chroot ⟨directory⟩
mohawk(8) will chroot itself in the given directory.
For example,
chroot /var/www/chroot
include ⟨pattern⟩
Include file(s) that match pattern. If the default max level recur‐
sion (5) is not enought, recompile mohawk(8) with
-DMAX_INCLUDE_DEPTH=your_level
For example,
include /usr/local/etc/mohawk.d/local.conf
mime_type ⟨file⟩
Read mime type from file.
For example,
mime_type /etc/nginx/mime.types
mime_type ⟨key value⟩
Global list of mime type (where type and extension(s) are autode‐
tected), delimited with brace. Default is application/octet-stream.
Shortest extension come first.
For example,
mime_type { text/plain "c h" x application/xxx }
mime_type { html text/html txt text/plain }
Invert the two lines and a request for a 'h' document will return
'text/html' and a request for a 'x' document will return
'text/plain'. The first match win.
pidfile ⟨file⟩
mohawk(8) write his pid in this file, before any chroot. The cli
option '-p pidfile' take precedence.
For example,
pidfile /var/run/mohawk.pid
syslog_facility ⟨facility⟩
Use facility for logging. See /usr/include/syslog.h for the list of
facilities name. Default is daemon.
For example,
syslog_facility local2
user ⟨username⟩
Run mohawk(8) as another user, nobody by default. username must
exists on the system.
For example,
user www-data
VHOSTS CONFIGURATION
A vhost is configured by a list of option, delimited with brace. A
'default' vhost is mandatory. Each another vhost inherit her configura‐
tion from this vhost. Inherit configuration from another vhost is possi‐
ble with 'vhost child clone parent { }'.
List of option could be uni or multi line, comment start with '#'.
For example,
vhost default {
⟨list of option⟩
}
authentication ⟨on off⟩
Enable / disable (default) authentication. See auth_path below.
For example,
authentication off
cgi_expose_mohawk_version ⟨on off⟩
Enable / disable (default) the environment variable MOHAWK_VERSION.
For example,
cgi_expose_mohawk_version on
dirlist ⟨on off⟩
Enable / disable (default) directory listing.
For example,
dirlist on
hostname_in_rootdir ⟨on off⟩
Use / don't use hostname (default) in rootdir. When vhost contains
patterns, use it.
For example,
hostname_in_rootdir on
x_forwarded_for ⟨on off⟩
Enable / disable (default) use X-Forwarded-For header
auth_path ⟨directory⟩
Path to the authentication file. The rootdir of the vhost *must
not* contains this directory.
For example,
auth_path /tmp/chroot/secure_vhost/secure
charset ⟨charset⟩
Set the default charset.
For example,
charset iso-8859-15
dirlist_css_url ⟨url⟩
The custom css for directory listing page relative to the vhost
rootdir.
For example,
dirlist_css_url /dirlist.css
email_admin ⟨email⟩
Set the email of the administrator
For example,
email_admin foo.bar@example.com
maxage ⟨number⟩
If defined, set Expires and Cache-Control headers
For example,
maxage 3600
mohawk_name ⟨name⟩
Set the environment variable SERVER_SOFTWARE
For example,
mohawk_name "What did you expect ?"
rootdir ⟨directory⟩
The root directory for the given vhost. The 'document_root' is
defined as chroot + rootdir. If hostname_in_root is on, the docu‐
ment_root is defined as chroot + rootdir + hostname. For 'default'
vhost, 'document_root' is always defined as chroot + rootdir.
For example,
rootdir /tmp/chroot/virtual-hosts
status_url ⟨url⟩
The url for the status page (information concerning the running
mohawk(8) process).
auth_patterns ⟨list of pattern⟩
The glob pattens to determine which url require authentication. For
a fully authentication vhost, use '*'. See auth_path option.
For example,
auth_patterns { /admin/* /secure/* }
cgi_patterns ⟨list of pattern⟩
The glob pattens to determine which files are to be considered as
CGIs.
For example,
cgi_patterns { *.cgi *.pl *.sh }
index_names ⟨list of pattern⟩
List of file name to use as index directory
For example,
index_names { index.html index.htm default.html index.pl }
no_auth_patterns ⟨list of pattern⟩
The glob pattens to determine which url does not require authenti‐
cation.
For example,
no_auth_patterns { /css/* /js/* /img/* }
no_cgi_maps ⟨list of pattern⟩
List the url that will not be mapped to cgi even if defined in a
cgi_map.
For example,
no_cgi_map { /rescue/status* }
no_log_patterns ⟨list of pattern⟩
Don't log if request match pattern.
For example,
no_log_patterns { /css/* /js/* /img/* /packages/* }
grant_access ⟨list of prefix/mask⟩
If set, access is granted only if remote_addr match one of the pre‐
fixes. Using '!' deny access to the specified prefix/netmak.
For example,
grant_access { 127.0.0.0/8 192.168.0.0/16 2001:dead:beaf::/48 }
grant_access { 192.168.0.0/24 !192.168.0.1 } # bad access / deny order:
grant_access { !2001:dead:beaf:1::/64 2001:dead:beaf::/48 } # good access / deny order:
cgi_env ⟨list of key value⟩
List of environnement variable to pass to CGIs in the form of: key
"value" where key is the variable "value" is the content of the
variable.
For example,
cgi_env { CBLOG_PATH "/var/db/cblog/" }
cgi_env {
VAR1 "value1"
VAR2 "value2"
# not use here
#VAR3 "value3"
}
cgi_map ⟨list of key value⟩
List of url mapping that will in fact execute the given CGI in the
form of: pattern path/url/to/the/cgi. pattern is a glob pattern.
For example,
cgi_map { /cblog/* /cblog.cgi /debug/* /cgi/printenv.sh }
listen on ⟨...⟩ port ⟨port⟩
The listen on directive take a interface, hostname, ipv4 or ipv6
param. port is optionnal (http by default). Multiple directives
are authorized. Be careful, without listen directive, mohawk(8).
will listen on all interfaces port http.
For example,
listen on em0
listen on localhost port 2222
listen on 172.16.0.80
listen on 2001:dead:beef::1 port dns
reset ⟨option⟩
Reset a option. The resettables options are:
· auth_path
· auth_patterns
· cgi_env
· cgi_map
· cgi_patterns
· charset
· dirlist_css_url
· email_admin
· index_names
· mohawk_name
· no_auth_patterns
· no_cgi_maps
· no_log_patterns
· grant_access
· status_url
EXAMPLES
Minimal configuration: no chroot, listen on all interfaces, all
addresses, serve /tmp:
mime_type { html text/html txt text/plain }
vhost default {
rootdir /tmp
dirlist on
}
Complex configuration: chroot, listen on some interfaces, some addresses,
black hole default vhost, authentication, cgi:
chroot /var/www/chroot
user www-data
mime_type { html text/html txt text/plain }
# no HTTP 1.0 client
vhost default {
# chroot is defined, we need /var/www/chroot/var/empty
rootdir /var/empty
}
# example.com
vhost *.example.com {
# em0 is the public interface
listen on em0 port 8080
# vr0 is the local interface
listen on vr0
# chroot is defined and it's not default vhost
# a request http://www.example.com/index.html
# become /var/www/chroot/srv/example.com/www.example.com/index.html
rootdir /srv/example.com/
#authentication off
#cgi_expose_mohawk_version
#dirlist off
# we listen on public interface port 8080, a proxy is present
x_forwarded_for on
# no authentication
#auth_path
charset latin1
dirlist_css_url /css/dir.css
maxage 3600
mohawk_name "Mohawk rulez !!!"
# we don't activate any status url
# some informations may be sensible
#status_url
# no authentication
#auth_patterns { }
#no cgi
#cgi_patterns { }
# usual settings
index_names { index.html index.htm default.html }
# no authentication
#no_auth_patterns { }
# no cgi
#no_cgi_maps { }
# we log all
#no_log_patterns { }
# no restriction
#grant_access { }
# no cgi_env
#cgi_env { }
# no cgi_map
#cgi_map { }
}
vhost secure.example.com {
# add some listen
listen on secure.example.com
listen on 127.0.0.1 port 8888
# /var/www/chroot/classified/www/secure.example.com/
rootdir /classified/www
# activate authentication
authentication on
# auth path
# we can shared .htpasswd
# /var/www/chroot/classified/authentication/.htpasswd
auth_path /classified/authentication/
no_auth_patterns { /css/* /img/* /js/* }
# don't log some stuff, same as no_auth_patterns
no_log_patterns { /css/* /img/* /js/* }
}
vhost secret.example.com clone secure.example.com {
# listen only on lo0
reset listen
listen on lo0
# keep roodir, /var/www/chroot/classified/www/secret.example.com
# don't share .htpasswd
auth_path /classified/secret.example.com/
# all request require authentication
reset no_auth_patterns
auth_patterns { * }
cgi_expose_mohawk_version off
cgi_patterns { *.cgi *.pl }
reset index_names
index_names { crack.cgi buteforce.pl }
reset no_cgi_maps
cgi_map {
/download/* /analyze.pl
/upload/* /add_virus.cgi
}
cgi_env {
DATABASE "postgresql:admin:Haxxor ftw"
}
grant_access { 127.0.0.0/8 }
mohawk_name ""
# we log all
reset no_log_patterns
}
AUTHORS
Baptiste Daroussin <bapt@FreeBSD.org>
Freddy Dissaux <freddy.dsx@free.fr>
BSD Mar 11, 2012 BSD
