GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
MOHAWK.CONF(5) FreeBSD File Formats Manual MOHAWK.CONF(5)

mohawk.conf
mohawk(8) configuration file

mohawk.conf is the configuration file for the http daemon mohawk(8).

Comments can be put anywhere in the file using a hash mark (‘#’), and extend to the end of the current line.

Arguments containing whitespace should be surrounded by double quotes (").

on off
If mohawk(8) is compiled with -DUSE_DEBUG, this option control the debug mode. The cli option '-d' take precedence.
on
Activate the debug mode, this prevent mohawk(8) to fork in background as well as activeing verbose output.
off (default)
Run in background.

For example,

debug on
    
directory
mohawk(8) will chroot itself in the given directory.

For example,

chroot /var/www/chroot
    
pattern
Include file(s) that match pattern. If the default max level recursion (5) is not enought, recompile mohawk(8) with -DMAX_INCLUDE_DEPTH=your_level

For example,

include /usr/local/etc/mohawk.d/local.conf
    
file
Read mime type from file.

For example,

mime_type /etc/nginx/mime.types
    
key value
Global list of mime type (where type and extension(s) are autodetected), delimited with brace. Default is application/octet-stream. Shortest extension come first.

For example,

mime_type { text/plain "c h" x application/xxx }
mime_type { html text/html txt text/plain }
    
Invert the two lines and a request for a 'h' document will return 'text/html' and a request for a 'x' document will return 'text/plain'. The first match win.
file
mohawk(8) write his pid in this file, before any chroot. The cli option '-p pidfile' take precedence.

For example,

pidfile /var/run/mohawk.pid
    
facility
Use facility for logging. See /usr/include/syslog.h for the list of facilities name. Default is daemon.

For example,

syslog_facility local2
    
username
Run mohawk(8) as another user, nobody by default. username must exists on the system.

For example,

user www-data
    

A vhost is configured by a list of option, delimited with brace. A 'default' vhost is mandatory. Each another vhost inherit her configuration from this vhost. Inherit configuration from another vhost is possible with 'vhost child clone parent { }'.

List of option could be uni or multi line, comment start with '#'.

For example,

vhost default {
⟨list of option

⟩

}
on off
Enable / disable (default) authentication. See auth_path below.

For example,

authentication off
    
on off
Send / not send (default) authentication result to blacklistd(8) (if available).

For example,

auth_blacklistd off
    
on off
Enable / disable (default) the environment variable MOHAWK_VERSION.

For example,

cgi_expose_mohawk_version on
    
on off
Enable / disable (default) directory listing.

For example,

dirlist on
    
on off
Use / don't use hostname (default) in rootdir. When vhost contains patterns, use it.

For example,

hostname_in_rootdir on
    
on off
Enable / disable (default) use X-Forwarded-For header
directory
Path to the authentication file. The rootdir of the vhost *must not* contains this directory.

For example,

auth_path /tmp/chroot/secure_vhost/secure
    
charset
Set the default charset.

For example,

charset iso-8859-15
    
url
The custom css for directory listing page relative to the vhost rootdir.

For example,

dirlist_css_url /dirlist.css
    
email
Set the email of the administrator

For example,

email_admin foo.bar@example.com
    
number
If defined, set Expires and Cache-Control headers

For example,

maxage 3600
    
name
Set the environment variable SERVER_SOFTWARE and footer when listing directory

For example,

mohawk_name "What did you expect ?"
    
directory
The root directory for the given vhost. The 'document_root' is defined as chroot + rootdir. If hostname_in_root is on, the document_root is defined as chroot + rootdir + hostname. For 'default' vhost, 'document_root' is always defined as chroot + rootdir.

For example,

rootdir /tmp/chroot/virtual-hosts
    
url
The url for the status page (information concerning the running mohawk(8) process).
list of pattern
The glob patterns to determine which url require authentication. For a fully authentication vhost, use '*'. See auth_path option.

For example,

auth_patterns { /admin/* /secure/* }
    
list of pattern
The glob patterns to determine which url generate a BLACKLIST_ABUSIVE_BEHAVIOR to blacklistd(8) (if available).

For example,

blacklist_patterns { *.php /honeypot/* }
    
list of pattern
The glob patterns to determine which files are to be considered as CGIs.

For example,

cgi_patterns { *.cgi *.pl *.sh }
    
list of pattern
List of file name to use as index directory

For example,

index_names { index.html index.htm default.html index.pl }
    
list of pattern
The glob patterns to determine which url does not require authentication.

For example,

no_auth_patterns { /css/* /js/* /img/* }
    
list of pattern
List the url that will not be mapped to cgi even if defined in a cgi_map.

For example,

no_cgi_map { /rescue/status* }
    
list of pattern
Don't log if request match pattern.

For example,

no_log_patterns { /css/* /js/* /img/* /packages/* }
    
list of prefix/mask
If set, access is granted only if remote_addr match one of the prefixes. Using '!' deny access to the specified prefix/netmak.

For example,

grant_access { 127.0.0.0/8 192.168.0.0/16 2001:dead:beaf::/48 }
grant_access { 192.168.0.0/24 !192.168.0.1 } # bad access / deny order:
grant_access { !2001:dead:beaf:1::/64 2001:dead:beaf::/48 } # good access / deny order:
    
list of key value
List of environnement variable to pass to CGIs in the form of: key "value" where key is the variable "value" is the content of the variable.

For example,

cgi_env { CBLOG_PATH "/var/db/cblog/" }
cgi_env {
  VAR1 "value1"
  VAR2 "value2"
  # not use here
  #VAR3 "value3"
}
    
list of key value
List of url mapping that will in fact execute the given CGI in the form of: pattern path/url/to/the/cgi. pattern is a glob pattern.

For example,

cgi_map { /cblog/* /cblog.cgi /debug/* /cgi/printenv.sh }
    
on...portport
The listen on directive take a interface, hostname, ipv4 or ipv6 param. port is optionnal (http by default). Multiple directives are authorized. Be careful, without listen directive, mohawk(8). will listen on all interfaces port http.

For example,

listen on em0
listen on localhost port 2222
listen on 172.16.0.80
listen on 2001:dead:beef::1 port dns
    
option
Reset a option. The resettables options are:
  • authentication
  • auth_blacklistd
  • auth_path
  • auth_patterns
  • blacklist_patterns
  • cgi_env
  • cgi_map
  • cgi_patterns
  • charset
  • dirlist_css_url
  • email_admin
  • index_names
  • mohawk_name
  • no_auth_patterns
  • no_cgi_maps
  • no_log_patterns
  • grant_access
  • status_url

Minimal configuration: no chroot, listen on all interfaces, all addresses, serve /tmp:
mime_type { html text/html txt text/plain }

vhost default {
  rootdir /tmp
  dirlist on
}

Complex configuration: chroot, listen on some interfaces, some addresses, black hole default vhost, authentication, cgi:

chroot /var/www/chroot
user www-data
mime_type { html text/html txt text/plain }

# no HTTP 1.0 client
vhost default {
  # chroot is defined, we need /var/www/chroot/var/empty
  rootdir /var/empty
}

# example.com
vhost *.example.com {
  # em0 is the public interface
  listen on em0 port 8080
  # vr0 is the local interface
  listen on vr0

  # chroot is defined and it's not default vhost
  # a request http://www.example.com/index.html
  # become /var/www/chroot/srv/example.com/www.example.com/index.html
  rootdir /srv/example.com/

  #authentication off
  #cgi_expose_mohawk_version
  #dirlist off

  # we listen on public interface port 8080, a proxy is present
  x_forwarded_for on

  # no authentication
  #auth_path
  charset latin1

  dirlist_css_url /css/dir.css

  maxage 3600
  mohawk_name "Mohawk rulez !!!"

  # we don't activate any status url
  # some informations may be sensible
  #status_url

  # no authentication
  #auth_patterns { }

  #no cgi
  #cgi_patterns { }

  # usual settings
  index_names { index.html index.htm default.html }

  # no authentication
  #no_auth_patterns { }

  # no cgi
  #no_cgi_maps { }

  # we log all
  #no_log_patterns { }

  # no restriction
  #grant_access { }

  # no cgi_env
  #cgi_env { }

  # no cgi_map
  #cgi_map { }
}

vhost secure.example.com {
  # add some listen
  listen on secure.example.com
  listen on 127.0.0.1 port 8888

  # /var/www/chroot/classified/www/secure.example.com/
  rootdir /classified/www

  # activate authentication
  authentication on

  # auth path
  # we can shared .htpasswd
  # /var/www/chroot/classified/authentication/.htpasswd
  auth_path /classified/authentication/

  no_auth_patterns { /css/* /img/* /js/* }

  # don't log some stuff, same as no_auth_patterns
  no_log_patterns { /css/* /img/* /js/* }
}

vhost secret.example.com clone secure.example.com {
  # listen only on lo0
  reset listen
  listen on lo0

  # keep roodir, /var/www/chroot/classified/www/secret.example.com

  # don't share .htpasswd
  auth_path /classified/secret.example.com/

  # all request require authentication
  reset no_auth_patterns
  auth_patterns { * }

  cgi_expose_mohawk_version off
  cgi_patterns { *.cgi *.pl }
  reset index_names
  index_names { crack.cgi buteforce.pl }

  reset no_cgi_maps
  cgi_map {
    /download/* /analyze.pl
    /upload/*   /add_virus.cgi
  }
  cgi_env {
    DATABASE "postgresql:admin:Haxxor ftw"
  }

  grant_access { 127.0.0.0/8 }
  mohawk_name ""
  # we log all
  reset no_log_patterns
}

Baptiste Daroussin <bapt@FreeBSD.org>
Freddy Dissaux <freddy.dsx@free.fr>
March 11, 2012 FreeBSD 13.1-RELEASE

Search for    or go to Top of page |  Section 5 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.