vfs: check userland buffers before reading them.
[haiku.git] / src / apps / poorman / libhttpd / config.h
blobd5e0c7ac41e8f996884896ac1592fd649f9885eb
1 /* config.h - configuration defines for thttpd and libhttpd
2 **
3 ** Copyright © 1995,1998,1999,2000,2001 by Jef Poskanzer <jef@mail.acme.com>.
4 ** All rights reserved.
5 **
6 ** Redistribution and use in source and binary forms, with or without
7 ** modification, are permitted provided that the following conditions
8 ** are met:
9 ** 1. Redistributions of source code must retain the above copyright
10 ** notice, this list of conditions and the following disclaimer.
11 ** 2. Redistributions in binary form must reproduce the above copyright
12 ** notice, this list of conditions and the following disclaimer in the
13 ** documentation and/or other materials provided with the distribution.
15 ** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 ** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 ** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 ** ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 ** FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 ** DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 ** OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 ** HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 ** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 ** OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 ** SUCH DAMAGE.
28 #ifndef _CONFIG_H_
29 #define _CONFIG_H_
32 /* The following configuration settings are sorted in order of decreasing
33 ** likelihood that you'd want to change them - most likely first, least
34 ** likely last.
36 ** In case you're not familiar with the convention, "#ifdef notdef"
37 ** is a Berkeleyism used to indicate temporarily disabled code.
38 ** The idea here is that you re-enable it by just moving it outside
39 ** of the ifdef.
42 /* CONFIGURE: CGI programs must match this pattern to get executed. It's
43 ** a simple shell-style wildcard pattern, with * meaning any string not
44 ** containing a slash, ** meaning any string at all, and ? meaning any
45 ** single character; or multiple such patterns separated by |. The
46 ** patterns get checked against the filename part of the incoming URL.
48 ** Restricting CGI programs to a single directory lets the site administrator
49 ** review them for security holes, and is strongly recommended. If there
50 ** are individual users that you trust, you can enable their directories too.
52 ** You can also specify a CGI pattern on the command line, with the -c flag.
53 ** Such a pattern overrides this compiled-in default.
55 ** If no CGI pattern is specified, neither here nor on the command line,
56 ** then CGI programs cannot be run at all. If you want to disable CGI
57 ** as a security measure that's how you do it, just don't define any
58 ** pattern here and don't run with the -c flag.
60 #ifdef notdef
61 /* Some sample patterns. Allow programs only in one central directory: */
62 #define CGI_PATTERN "/cgi-bin/*"
63 /* Allow programs in a central directory, or anywhere in a trusted
64 ** user's tree: */
65 #define CGI_PATTERN "/cgi-bin/*|/jef/**"
66 /* Allow any program ending with a .cgi: */
67 #define CGI_PATTERN "**.cgi"
68 /* When virtual hosting, enable the central directory on every host: */
69 #define CGI_PATTERN "/*/cgi-bin/*"
70 #endif
72 /* CONFIGURE: How many seconds to allow CGI programs to run before killing
73 ** them. This is in case someone writes a CGI program that goes into an
74 ** infinite loop, or does a massive database lookup that would take hours,
75 ** or whatever. If you don't want any limit, comment this out, but that's
76 ** probably a really bad idea.
78 //#define CGI_TIMELIMIT 30
80 /* CONFIGURE: Maximum number of simultaneous CGI programs allowed.
81 ** If this many are already running, then attempts to run more will
82 ** return an HTTP 503 error. If this is not defined then there's
83 ** no limit (and you'd better have a lot of memory). This can also be
84 ** set in the runtime config file.
86 #ifdef notdef
87 #define CGI_LIMIT 50
88 #endif
90 /* CONFIGURE: How many seconds to allow for reading the initial request
91 ** on a new connection.
93 #define IDLE_READ_TIMELIMIT 60
95 /* CONFIGURE: How many seconds before an idle connection gets closed.
97 #define IDLE_SEND_TIMELIMIT 300
99 /* CONFIGURE: The syslog facility to use. Using this you can set up your
100 ** syslog.conf so that all thttpd messages go into a separate file. Note
101 ** that even if you use the -l command line flag to send logging to a
102 ** file, errors still get sent via syslog.
104 #define LOG_FACILITY LOG_DAEMON
106 /* CONFIGURE: Tilde mapping. Many URLs use ~username to indicate a
107 ** user's home directory. thttpd provides two options for mapping
108 ** this construct to an actual filename.
110 ** 1) Map ~username to <prefix>/username. This is the recommended choice.
111 ** Each user gets a subdirectory in the main chrootable web tree, and
112 ** the tilde construct points there. The prefix could be something
113 ** like "users", or it could be empty. See also the makeweb program
114 ** for letting users create their own web subdirectories.
116 ** 2) Map ~username to <user's homedir>/<postfix>. The postfix would be
117 ** the name of a subdirectory off of the user's actual home dir, something
118 ** like "public_html". This is what Apache and other servers do. The problem
119 ** is, you can't do this and chroot() at the same time, so it's inherently
120 ** a security hole. This is strongly dis-recommended, but it's here because
121 ** some people really want it. Use at your own risk.
123 ** You can also leave both options undefined, and thttpd will not do
124 ** anything special about tildes. Enabling both options is an error.
126 //#ifdef notdef
127 //#define TILDE_MAP_1 "users"
128 //#define TILDE_MAP_2 "public_html"
129 //#endif
131 /* CONFIGURE: The file to use for authentication. If this is defined then
132 ** thttpd checks for this file in the local directory before every fetch.
133 ** If the file exists then authentication is done, otherwise the fetch
134 ** proceeds as usual.
136 ** If you undefine this then thttpd will not implement authentication
137 ** at all and will not check for auth files, which saves a bit of CPU time.
139 //#define AUTH_FILE ".htpasswd"
141 /* CONFIGURE: The default character set name to use with text MIME types.
142 ** This gets substituted into the MIME types where they have a "%s".
144 ** You can override this in the config file with the "charset" setting,
145 ** or on the command like with the -T flag.
147 #define DEFAULT_CHARSET "iso-8859-1"
150 /* Most people won't want to change anything below here. */
152 /* CONFIGURE: This controls the SERVER_NAME environment variable that gets
153 ** passed to CGI programs. By default thttpd does a gethostname(), which
154 ** gives the host's canonical name. If you want to always use some other name
155 ** you can define it here.
157 ** Alternately, if you want to run the same thttpd binary on multiple
158 ** machines, and want to build in alternate names for some or all of
159 ** them, you can define a list of canonical name to altername name
160 ** mappings. thttpd seatches the list and when it finds a match on
161 ** the canonical name, that alternate name gets used. If no match
162 ** is found, the canonical name gets used.
164 ** If both SERVER_NAME and SERVER_NAME_LIST are defined here, thttpd searches
165 ** the list as above, and if no match is found then SERVER_NAME gets used.
167 ** In any case, if thttpd is started with the -h flag, that name always
168 ** gets used.
170 #ifdef notdef
171 #define SERVER_NAME "your.hostname.here"
172 #define SERVER_NAME_LIST \
173 "canonical.name.here/alternate.name.here", \
174 "canonical.name.two/alternate.name.two"
175 #endif
177 /* CONFIGURE: Undefine this if you want thttpd to hide its specific version
178 ** when returning into to browsers. Instead it'll just say "thttpd" with
179 ** no version.
181 //#define SHOW_SERVER_VERSION
183 /* CONFIGURE: Define this if you want to always chroot(), without having
184 ** to give the -r command line flag. Some people like this as a security
185 ** measure, to prevent inadvertant exposure by accidentally running without -r.
186 ** You can still disable it at runtime with the -nor flag.
188 #ifdef notdef
189 #define ALWAYS_CHROOT
190 #endif
192 /* CONFIGURE: Define this if you want to always do virtual hosting, without
193 ** having to give the -v command line flag. You can still disable it at
194 ** runtime with the -nov flag.
196 #ifdef notdef
197 #define ALWAYS_VHOST
198 #endif
200 /* CONFIGURE: If you're using the vhost feature and you have a LOT of
201 ** virtual hostnames (like, hundreds or thousands), you will want to
202 ** enable this feature. It avoids a problem with most Unix filesystems,
203 ** where if there are a whole lot of items in a directory then name lookup
204 ** becomes very slow. This feature makes thttpd use subdirectories
205 ** based on the first characters of each hostname. You can set it to use
206 ** from one to three characters. If the hostname starts with "www.", that
207 ** part is skipped over. Dots are also skipped over, and if the name isn't
208 ** long enough then "_"s are used. Here are some examples of how hostnames
209 ** would get turned into directory paths, for each different setting:
210 ** 1: www.acme.com -> a/www.acme.com
211 ** 1: foobar.acme.com -> f/foobar.acme.com
212 ** 2: www.acme.com -> a/c/www.acme.com
213 ** 2: foobar.acme.com -> f/o/foobar.acme.com
214 ** 3: www.acme.com -> a/c/m/www.acme.com
215 ** 3: foobar.acme.com -> f/o/o/foobar.acme.com
216 ** 3: m.tv -> m/t/v/m.tv
217 ** 4: m.tv -> m/t/v/_/m.tv
218 ** Note that if you compile this setting in but then forget to set up
219 ** the corresponding subdirectories, the only error indication you'll
220 ** get is a "404 Not Found" when you try to visit a site. So be careful.
222 #ifdef notdef
223 #define VHOST_DIRLEVELS 1
224 #define VHOST_DIRLEVELS 2
225 #define VHOST_DIRLEVELS 3
226 #endif
228 /* CONFIGURE: Define this if you want to always use a global passwd file,
229 ** without having to give the -P command line flag. You can still disable
230 ** it at runtime with the -noP flag.
232 #ifdef notdef
233 #define ALWAYS_GLOBAL_PASSWD
234 #endif
236 /* CONFIGURE: When started as root, the default username to switch to after
237 ** initializing. If this user (or the one specified by the -u flag) does
238 ** not exist, the program will refuse to run.
240 #define DEFAULT_USER "nobody"
242 /* CONFIGURE: When started as root, the program can automatically chdir()
243 ** to the home directory of the user specified by -u or DEFAULT_USER.
244 ** An explicit -d still overrides this.
246 #ifdef notdef
247 #define USE_USER_DIR
248 #endif
250 /* CONFIGURE: If this is defined, some of the built-in error pages will
251 ** have more explicit information about exactly what the problem is.
252 ** Some sysadmins don't like this, for security reasons.
254 #define EXPLICIT_ERROR_PAGES
256 /* CONFIGURE: Subdirectory for custom error pages. The error filenames are
257 ** $WEBDIR/$ERR_DIR/err%d.html - if virtual hosting is enabled then
258 ** $WEBDIR/hostname/$ERR_DIR/err%d.html is searched first. This allows
259 ** different custom error pages for each virtual hosting web server. If
260 ** no custom page for a given error can be found, the built-in error page
261 ** is generated. If ERR_DIR is not defined at all, only the built-in error
262 ** pages will be generated.
264 #define ERR_DIR "errors"
266 /* CONFIGURE: Define this if you want a standard HTML tail containing
267 ** $SERVER_SOFTWARE and $SERVER_ADDRESS to be appended to the custom error
268 ** pages. (It is always appended to the built-in error pages.)
270 #define ERR_APPEND_SERVER_INFO
272 /* CONFIGURE: nice(2) value to use for CGI programs. If this is undefined,
273 ** CGI programs run at normal priority.
275 //#define CGI_NICE 10
277 /* CONFIGURE: $PATH to use for CGI programs.
279 #define CGI_PATH "/usr/local/bin:/usr/ucb:/bin:/usr/bin"
281 /* CONFIGURE: If defined, $LD_LIBRARY_PATH to use for CGI programs.
283 #ifdef notdef
284 #define CGI_LD_LIBRARY_PATH "/usr/local/lib:/usr/lib"
285 #endif
287 /* CONFIGURE: How often to run the occasional cleanup job.
289 #define OCCASIONAL_TIME 120
291 /* CONFIGURE: Seconds between stats syslogs. If this is undefined then
292 ** no stats are accumulated and no stats syslogs are done.
294 #define STATS_TIME 3600
296 /* CONFIGURE: The mmap cache tries to keep the total number of mapped
297 ** files below this number, so you don't run out of kernel file descriptors.
298 ** If you have reconfigured your kernel to have more descriptors, you can
299 ** raise this and thttpd will keep more maps cached. However it's not
300 ** a hard limit, thttpd will go over it if you really are accessing
301 ** a whole lot of files.
303 #define DESIRED_MAX_MAPPED_FILES 1000
305 /* CONFIGURE: The mmap cache also tries to keep the total mapped bytes
306 ** below this number, so you don't run out of address space. Again
307 ** it's not a hard limit, thttpd will go over it if you really are
308 ** accessing a bunch of large files.
310 #define DESIRED_MAX_MAPPED_BYTES 1000000000
312 /* CONFIGURE: Minimum and maximum intervals between child-process reaping,
313 ** in seconds.
315 #define MIN_REAP_TIME 30
316 #define MAX_REAP_TIME 900
319 /* You almost certainly don't want to change anything below here. */
321 /* CONFIGURE: When throttling CGI programs, we don't know how many bytes
322 ** they send back to the client because it would be inefficient to
323 ** interpose a counter. CGI programs are much more expensive than
324 ** regular files to serve, so we set an arbitrary and high byte count
325 ** that gets applied to all CGI programs for throttling purposes.
327 #define CGI_BYTECOUNT 25000
329 /* CONFIGURE: The default port to listen on. 80 is the standard HTTP port.
331 #define DEFAULT_PORT 80
333 /* CONFIGURE: A list of index filenames to check. The files are searched
334 ** for in this order.
336 //#define INDEX_NAMES "index.html", "index.htm", "index.xhtml", "index.xht", "Default.htm", "index.cgi"
338 /* CONFIGURE: If this is defined then thttpd will automatically generate
339 ** index pages for directories that don't have an explicit index file.
340 ** If you want to disable this behavior site-wide, perhaps for security
341 ** reasons, just undefine this. Note that you can disable indexing of
342 ** individual directories by merely doing a "chmod 711" on them - the
343 ** standard Unix file permission to allow file access but disable "ls".
345 #define GENERATE_INDEXES
347 /* CONFIGURE: Whether to log unknown request headers. Most sites will not
348 ** want to log them, which will save them a bit of CPU time.
350 //#ifdef notdef
351 //#define LOG_UNKNOWN_HEADERS
352 //#endif
354 /* CONFIGURE: Whether to fflush() the log file after each request. If
355 ** this is turned off there's a slight savings in CPU cycles.
357 #define FLUSH_LOG_EVERY_TIME
359 /* CONFIGURE: Time between updates of the throttle table's rolling averages. */
360 #define THROTTLE_TIME 2
362 /* CONFIGURE: The listen() backlog queue length. The 1024 doesn't actually
363 ** get used, the kernel uses its maximum allowed value. This is a config
364 ** parameter only in case there's some OS where asking for too high a queue
365 ** length causes an error. Note that on many systems the maximum length is
366 ** way too small - see http://www.acme.com/software/thttpd/notes.html
368 #define LISTEN_BACKLOG 1024
370 /* CONFIGURE: Maximum number of throttle patterns that any single URL can
371 ** be included in. This has nothing to do with the number of throttle
372 ** patterns that you can define, which is unlimited.
374 #define MAXTHROTTLENUMS 10
376 /* CONFIGURE: Number of file descriptors to reserve for uses other than
377 ** connections. Currently this is 10, representing one for the listen fd,
378 ** one for dup()ing at connection startup time, one for reading the file,
379 ** one for syslog, and possibly one for the regular log file, which is
380 ** five, plus a factor of two for who knows what.
382 #define SPARE_FDS 10
384 /* CONFIGURE: How many milliseconds to leave a connection open while doing a
385 ** lingering close.
387 #define LINGER_TIME 500
389 /* CONFIGURE: Maximum number of symbolic links to follow before
390 ** assuming there's a loop.
392 #define MAX_LINKS 32
394 /* CONFIGURE: You don't even want to know.
396 #define MIN_WOULDBLOCK_DELAY 100L
398 #endif /* _CONFIG_H_ */