- •Table of Contents
- •Dedication
- •Foreword
- •Introduction
- •What Is FreeBSD?
- •How Did FreeBSD Get Here?
- •The BSD License: BSD Goes Public
- •The Birth of Modern FreeBSD
- •FreeBSD Development
- •Committers
- •Contributors
- •Users
- •Other BSDs
- •NetBSD
- •OpenBSD
- •Other UNIXes
- •Solaris
- •Linux
- •IRIX, HPUX, etc.
- •FreeBSD's Strengths
- •Portability
- •Power
- •Simplified Software Management
- •Optimized Upgrade Process
- •Filesystem
- •Who Should Use FreeBSD
- •FreeBSD as Your Desktop
- •Who Should Run Another BSD
- •Who Should Run a Proprietary Operating System
- •How to Read This Book
- •What Must You Know?
- •How to Think About UNIX
- •Channels of Communication
- •Working with Channels
- •The Command Line
- •Chapter 1: Installation
- •FreeBSD Hardware
- •Processor
- •Memory (RAM)
- •Hard Drives
- •Downloading FreeBSD
- •Installing by FTP
- •Other FTP Install Information
- •Hardware Setup
- •Actually Installing FreeBSD
- •Configuring the Kernel for ISA Cards
- •Sysinstall: The Ugly FreeBSD Installer
- •Disk Usage
- •Partitioning
- •Root
- •Swap Space
- •Swap Splitting
- •/var, /usr, and /home
- •A Second Hard Drive
- •Soft Updates
- •Block Size
- •What to Install
- •Installation Media
- •Committing
- •Root Password
- •Adding Users
- •Time Zone
- •Mouse
- •Configuring Network Cards
- •Xfree86
- •Software
- •Restart
- •A Note on Editors
- •Chapter 2: Getting More Help
- •Why Not Mail First?
- •The FreeBSD Attitude
- •Man Pages
- •The FreeBSD Manual
- •Man Page Headings
- •The FreeBSD Documentation
- •The Mailing List Archives
- •Other Web Sites
- •Checking the Handbook/FAQ
- •Checking the Man Pages
- •Checking the Mailing List Archives
- •Using Your Answer
- •Mailing for Help
- •Chapter 3: Read This Before You Break Something Else! (Backup and Recovery)
- •Overview
- •System Backups
- •Tape Devices
- •How to Read Dmesg.boot
- •Controlling Your Tape Drive
- •Device Nodes
- •Using the TAPE Variable
- •The mt Command
- •Backup Programs
- •Dump/Restore
- •Restoring from an Archive
- •Checking the Contents of an Archive
- •Extracting Data from an Archive
- •Restoring Interactively
- •Recording What Happened
- •Revision Control
- •Getting Older Versions
- •Breaking Locks
- •Viewing Log Messages
- •Reviewing a File's Revision History
- •Ident and ident Strings
- •Going Further
- •The Fixit Disk
- •Chapter 4: Kernel Games
- •Overview
- •What Is the Kernel?
- •Configuring Your Kernel
- •Sysctl
- •Changing Sysctls
- •Setting Sysctls at Boot
- •Kernel Configuration with Loader.conf
- •Manually Configuring the Loader
- •Viewing Loaded Modules
- •Loading and Unloading Modules
- •Customizing the Kernel
- •Preparation
- •Your Backup Kernel
- •Editing Kernel Files
- •Basic Options
- •Multiple Processors
- •Device Entries
- •Building Your Kernel
- •Troubleshooting Kernel Builds
- •Booting an Alternate Kernel
- •Adding to the Kernel
- •LINT
- •Fixing Errors with Options
- •Tweaking Kernel Performance
- •Sharing Kernels
- •Chapter 5: Networking
- •Overview
- •Network Layers
- •The Physical Layer
- •The Physical Protocol Layer
- •The Logical Protocol Layer
- •The Application Layer
- •The Network in Practice
- •Mbufs
- •What Is a Bit?
- •Ethernet
- •Broadcasting
- •Address Resolution
- •Hubs and Switches
- •Netmasks
- •Netmask Tricks
- •Hexadecimal Netmasks
- •Unusable IP Addresses
- •Routing
- •Network Ports
- •Connecting to an Ethernet Network
- •Multiple IP Addresses on One Interface
- •Using Netstat
- •Chapter 6: Upgrading FreeBSD
- •Overview
- •FreeBSD Versions
- •Release
- •Snapshots
- •Security Updates
- •Which Release Should You Use?
- •Upgrade Methods
- •Upgrading via Sysinstall
- •Upgrading via CVSup
- •Simplifying the CVSup Upgrade Process
- •Building a Local CVSup Server
- •Controlling Access
- •Authentication
- •Combining Authentication and Access
- •Chapter 7: Securing Your System
- •Overview
- •Who Is the Enemy?
- •Script Kiddies
- •Disaffected Users
- •Skilled Attackers
- •FreeBSD Security Announcements
- •Subscribing
- •What You'll Get
- •Installation Security Profiles
- •Moderate
- •Extreme
- •Root, Groups, and Permissions
- •The root Password
- •Groups of Users
- •Primary Group
- •Some Interesting Default Groups
- •Group Permissions
- •Changing Permissions
- •Changing File Ownership
- •Assigning Permissions
- •File Flags
- •Viewing a File's Flags
- •Setting Flags
- •Securelevels
- •Setting Securelevels
- •Which Securelevel Do You Need?
- •What Won't Securelevel and File Flags Do?
- •Living with Securelevels
- •Programs That Can Be Hacked
- •Putting It All Together
- •Chapter 8: Advanced Security Features
- •Traffic Control
- •Default Accept vs. Default Deny
- •TCP Wrappers
- •Configuring Wrappers
- •Daemon Name
- •The Client List
- •Putting It All Together
- •Packet Filtering
- •IPFilter
- •IPFW
- •Default Accept and Default Deny in Packet Filtering
- •Basic Concepts of Packet Filtering
- •Implementing IPFilter
- •Configuring Your Server to Use Jail
- •Configuring Your Kernel to Use Jail
- •Client Setup
- •Final Jail Setup
- •Starting the Jail
- •Managing Jails
- •Shutting Down a Jail
- •Monitoring System Security
- •If You're Hacked
- •Chapter 9: Too Much Information About /etc
- •Overview
- •Varieties of /etc Files
- •Default Files
- •/etc/defaults/rc.conf
- •/etc/adduser.conf
- •/etc/crontab
- •/etc/dhclient.conf
- •/etc/fstab
- •/etc/hosts.allow
- •/etc/hosts.equiv
- •/etc/hosts.lpd
- •/etc/inetd.conf
- •/etc/locate.rc
- •/etc/login.access
- •/etc/login.conf
- •Specifying Default Environment Settings
- •/etc/mail/mailer.conf
- •/etc/make.conf and /etc/defaults/make.conf
- •/etc/master.passwd
- •/etc/motd
- •/etc/mtree/*
- •/etc/namedb/*
- •/etc/newsyslog.conf
- •/etc/passwd
- •/etc/periodic.conf and /etc/defaults/periodic.conf
- •/etc/printcap
- •Working with Printcap Entries
- •/etc/profile
- •/etc/protocols
- •/etc/rc.conf and /etc/defaults/rc.conf
- •/etc/resolv.conf
- •/etc/security
- •/etc/services
- •/etc/shells
- •/etc/spwd.db
- •/etc/sysctl.conf
- •/etc/syslog.conf
- •Chapter 10: Making Your System Useful
- •Overview
- •Making Software
- •The Pain and Pleasure of Source Code
- •Debugging
- •The Ports and Packages System
- •Ports
- •Finding Software
- •Legal Restrictions
- •Using Packages
- •Installing via FTP
- •What Does a Package Install?
- •Uninstalling Packages
- •Package Information
- •Controlling Pkg_add
- •Package Problems
- •Forcing an Install
- •Using Ports
- •Installing a Port
- •Using Make Install
- •Uninstalling and Reinstalling
- •Cleaning Up with Make Clean
- •Building Packages
- •Changing the Install Path
- •Setting Make Options Permanently
- •Upgrading Ports and Packages
- •Upgrading the Ports Collection
- •Ports Collection Upgrade Issues
- •Checking Software Versions
- •Hints for Upgrading
- •Chapter 11: Advanced Software Management
- •Overview
- •Startup and Shutdown Scripts
- •Typical Startup Script
- •Using Scripts to Manage Running Programs
- •Managing Shared Libraries
- •Ldconfig
- •Running Software from the Wrong OS
- •Recompilation
- •Emulation
- •ABI Implementation
- •Foreign Software Libraries
- •Installing and Enabling Linux Mode
- •Identifying Programs
- •What Is Linux_base?
- •Adding to Linux_base
- •Configuring Linux Shared Libraries
- •Installing Extra Linux Packages as RPMs
- •What Is SMP?
- •Kernel Assumptions
- •FreeBSD 3.0 SMP
- •FreeBSD 5 SMP
- •Using SMP
- •SMP and Upgrades
- •Chapter 12: Finding Hosts With DNS
- •How DNS Works
- •Basic DNS Tools
- •The Host Command
- •Getting Detailed Information with Dig
- •Looking Up Hostnames with Dig
- •More Dig Options
- •Configuring a DNS Client: The Resolver
- •Domain or Search Keywords
- •The Nameserver List
- •DNS Information Sources
- •The Hosts File
- •The Named Daemon
- •Zone Files
- •A Real Sample Zone
- •named.conf
- •/var/named/master/absolutebsd.com
- •Making Changes Work
- •Starting Named at Boottime
- •Checking DNS
- •Named Configuration Errors
- •Named Security
- •Controlling Information Order
- •More About BIND
- •Chapter 13: Managing Small Network Services
- •Bandwidth Control
- •Configuring IPFW
- •Reviewing IPFW Rules
- •Dummynet Queues
- •Directional Traffic Shaping
- •Certificates
- •Create a Request
- •Being Your Own CA
- •Testing SSH
- •Enabling SSH
- •Basics of SSH
- •Creating Keys
- •Confirming SSH Identity
- •SSH Clients
- •Connecting via SSH
- •Configuring SSH
- •System Time
- •Setting the Time Zone
- •Network Time Protocol
- •Ntpdate
- •Ntpd
- •Inetd
- •/etc/inetd.conf
- •Configuring Programs in Inetd
- •Inetd Security
- •Starting Inetd
- •Changing Inetd's Behavior
- •Chapter 14: Email Services
- •Email Overview
- •Where FreeBSD Fits In
- •The Email Protocol
- •Email Programs
- •Who Needs Sendmail?
- •Replacing Sendmail
- •Installing Postfix
- •Pieces of Postfix
- •Configuring Postfix
- •Email Aliases
- •Email Logging
- •Virtual Domains
- •Postfix Commands
- •Finding the Correct Mail Host
- •Undeliverable Mail
- •Installing POP3
- •Testing POP3
- •POP3 Logging
- •POP3 Modes
- •Qpopper Preconfiguration Questions
- •Default Qpopper Configuration
- •APOP Setup
- •Configuring Pop3ssl
- •Qpopper Security
- •Chapter 15: Web and FTP Services
- •Overview
- •How a Web Server Works
- •The Apache Web Server
- •Apache Configuration Files
- •Configuring Apache
- •Controlling Apache
- •Virtual Hosting
- •Tweaking Virtual Hosts
- •.NET on FreeBSD
- •Installing the SSCLI
- •FTP Security
- •The FTP Client
- •The FTP Server
- •Chapter 16: Filsystems and Disks
- •Device Nodes
- •Hard Disks and Partitions
- •The /etc/fstab File
- •Disk Basics
- •The Fast File System
- •Vnodes
- •FFS Mount Types
- •FFS Mount Options
- •What's Mounted Now?
- •Dirty Disks
- •Fsck
- •Mounting and Unmounting Disks
- •Mounting Standard Filesystems
- •Mounting with Options
- •Mounting All Standard Filesystems
- •Mounting at Nonstandard Locations
- •Unmounting
- •Soft Updates
- •Enabling Soft Updates
- •IDE Write Caching and Soft Updates
- •Virtual Memory Directory Caching
- •Mounting Foreign Filesystems
- •Using Foreign Mounts
- •Foreign Filesystem Types
- •Mount Options and Foreign Filesystems
- •Filesystem Permissions
- •Removable Media and /etc/fstab
- •Creating a Floppy
- •Creating an FFS Filesystem
- •The Basics of SCSI
- •SCSI Types
- •SCSI Adapters
- •SCSI Buses
- •Termination and Cabling
- •SCSI IDs and LUNs
- •FreeBSD and SCSI
- •Wiring Down Devices
- •Adding New Hard Disks
- •Creating Slices
- •Creating Partitions
- •Configuring /etc/fstab
- •Installing Existing Files onto New Disks
- •Temporary Mounts
- •Moving Files
- •Stackable Mounts
- •Chapter 17: RAID
- •Hardware vs. Software RAID
- •RAID Levels
- •Software RAID
- •Vinum Disk Components
- •Vinum Plex Types
- •Preparing Vinum Drives
- •Dedicating Partitions to Vinum
- •Configuring Vinum
- •Concatenated Plex
- •Removing Vinum Configuration
- •Striped Volumes
- •Mirrored Volumes
- •Starting Vinum at Boot
- •Other Vinum Commands
- •Replacing a Failed Mirrored Plex
- •Chapter 18: System Performance
- •Overview
- •Computer Resources
- •Disk Input/Output
- •Network Bandwidth
- •CPU and Memory
- •Using Top
- •Memory Usage
- •Swap Space Usage
- •CPU Usage
- •When Swap Goes Bad
- •Paging
- •Swapping
- •Are You Swapping or Paging?
- •Fairness in Benchmarking
- •The Initial Test
- •Using Both CPUs
- •Directory Caching
- •Moving /usr/obj
- •Lessons Learned
- •Chapter 19: Now What's It Doing?
- •Status Mails
- •Forwarding Reports
- •Logging with Syslogd
- •Facilities
- •Levels
- •Syslog.conf
- •Wildcards
- •Rotating Logs with Newsyslog.conf
- •Reporting with SNMP
- •Basics of SNMP
- •MIBs
- •Snmpwalk
- •Specific Snmpwalk Queries
- •Translating Between Numbers and Names
- •Setting Up Snmpd
- •Index Numbers
- •Configuring MRTG
- •Sample mrtg.cfg Entry
- •Testing MRTG
- •Tracking Other System Values
- •Monitoring a Single MIB
- •Customizing MRTG
- •MRTG Index Page
- •Sample MRTG Configurations
- •Chapter 20: System Crashes and Panics
- •What Causes Panics?
- •What Does a Panic Look Like?
- •Responding to a Panic
- •Prerequisites
- •Crash Dump Process
- •The Debugging Kernel
- •kernel.debug
- •Dumpon
- •Savecore
- •Upon a Crash
- •Dumps and Bad Kernels
- •Using the Dump
- •Advanced Kernel Debugging
- •Examining Lines
- •Examining Variables
- •Apparent Gdb Weirdness
- •Results
- •Vmcore and Security
- •Symbols vs. No Symbols
- •Serial Consoles
- •Hardware Serial Console
- •Software Serial Console
- •Changing the Configuration
- •Using a Serial Console
- •Serial Login
- •Emergency Logon Setup
- •Disconnecting the Serial Console
- •Submitting a Problem Report
- •Problem Report System
- •What's in a PR?
- •Filling Out the Form
- •PR Results
- •Chapter 21: Desktop FreeBSD
- •Overview
- •Accessing File Shares
- •Prerequisites
- •Character Sets
- •Kernel Support for CIFS
- •SMB Tools
- •Configuring CIFS
- •Minimum Configuration: Name Resolution
- •Other smbutil Functions
- •Mounting a Share
- •Other mount_smbfs Options
- •Sample nsmb.conf Entries
- •CIFS File Ownership
- •Serving Windows File Shares
- •Accessing Print Servers
- •Running a Local Lpd
- •Printer Testing
- •Local Printers
- •X: A Graphic Interface
- •X Prerequisites
- •X Versions
- •Configuring X
- •Making X Look Decent
- •Desktop Applications
- •Web Browsers
- •Email Readers
- •Office Suites
- •Music
- •Graphics
- •Desk Utilities
- •Games
- •Afterword
- •Overview
- •The Community
- •What Can You Do?
- •Getting Things Done
- •Second Opinions
- •Appendix: Some Useful SYSCTL MIBs
- •List of Figures
- •Chapter 1: Installation
- •Chapter 5: Networking
- •Chapter 6: Upgrading FreeBSD
- •Chapter 19: Now What's It Doing?
- •List of Tables
- •Chapter 4: Kernel Games
- •Chapter 5: Networking
- •Chapter 8: Advanced Security Features
- •Chapter 9: Too Much Information About /etc
- •List of Sidebars
- •Chapter 15: Web and FTP Services
Note In most cases, a module requires its own configuration information. To simplify your life, you can put the configuration in a separate file and have httpd.conf pull it in with Include statements. This way, when you alter a module, you know where everything is.
Here are some of the popular Apache modules. Each is available on FreeBSD as a port of the same name, under /usr/ports/www. For example mod_gzip can be found in /usr/ports/www/mod/gzip.
mod_dav |
Provides DAV (Distributed Authoring and Versioning) services. |
mod_dtcl |
Integrates a Tcl (Tool Command Language) interpreter with Apache, allowing rapid |
|
processing of Tcl CGI scripts. |
mod_gzip |
Compresses data before it's sent, if the browser supports it. This is well worth |
|
installing. |
mod_mp3 |
Turns Apache into an MP3 streaming server. |
mod_perl |
Embeds Perl into your Apache server, allowing rapid handling of Perl CGI scripts. |
mod_php3 |
Provides support for the PHP scripting language, version 3. |
mod_php4 |
Provides support for the PHP scripting language, version 4. |
mod_python Embeds Python into your Apache server, for rapid handling of Python CGIs. |
|
mod_ruby |
Embeds Ruby into Apache, permitting rapid handling of Ruby CGIs. |
There are many other modules, but these are my favorites.
FrontPage and SSL
Microsoft's FrontPage poses a particular problem because, unfortunately, Microsoft's support for FrontPage Extensions on platforms other than its own is spotty at best. If you're interested in supporting FrontPage, install Microsoft's FrontPage Extensions module, apache13−fp port. It's very difficult to add this module later. Similarly, the Secure Sockets Layer (or SSL) module has a large footprint in Apache. (Not nearly as bad as FrontPage, mind you!) If you want SSL, aka https or secure Web pages), install the apache13−modssl port.
You might note that this leaves out the possibility of combining SSL and FrontPage, and you'd be right. Combining these at once is not for the faint of heart or for the inexperienced. Don't combine them until you're comfortable with both systems separately.
When the time comes for you to combine FrontPage with SSL, grab the latest version of the FrontPage Extensions from http://ftp://ftp.microsoft.com/products/frontpage. Extract the tarball and follow the instructions. If you run into problems, check the FreeBSD−isp mailing list archives. They're the people who are most likely to have experience with the latest versions.
[1]Every time I've implemented the quick−and−dirty method, I've had to go back months or years later and convert it to the more correct method. Start off right; you won't regret it.
[2]They won't tell you how to do it, either; they'll just berate you for considering it.
Virtual Hosting
Virtual hosting is having one server handle multiple Web sites. The server is configured to handle Web requests for each of these domains, and it returns the appropriate page for the domain. Many companies need a very small Web site, containing just a few pages of information and perhaps a CGI script or two to process requests for information. This is an excellent application for virtual hosts. I've had FreeBSD boxes handle thousands of these small domains without breaking a sweat
355
or putting the system load up over 0.2. When each of those sites pays $9.95 a month to handle a couple dozen hits a day, you're quickly looking at real money on inexpensive hardware.
One common stumbling block to understanding virtual hosts is the belief that the "www" in a URL is some sort of magic incantation that points to a Web site. This is a common, but incorrect, idea. When you type a URL, such as http://www.absolutebsd.com/, you're telling your Web browser to go look for a machine named http://www.absolutebsd.com/, connect to port 80, and see what it has to offer. You could type in http://mail.absolutebsd.com/, and the client would look for a machine with that name.
The trick underlying a virtual host is very simple: Many hostnames point to one machine. The problem on the server side is to differentiate between the requests for multiple domains, and then to serve up the appropriate pages. This leads to two different styles of virtual hosts: name−based and IP−based.
Name−Based Virtual Hosts
Modern Web browsers, such as Netscape 3 and Internet Explorer 4 and later, include the name of the Web site that they're trying to reach when they request a Web page from a server. This makes it possible for the server to differentiate between requests for the various Web sites it serves. If you are fairly sure that your clients are not using Netscape 2 or Internet Explorer 3, you can tell your server to use these names to identify virtual hosts. Name−based virtual hosts are the standard almost everywhere, and should be your standard unless you have a good reason otherwise.
Place your virtual host configuration at the end of the httpd.conf file, or even in a separate file (using the httpd.conf keyword Include to pull that file in). Do not mix your virtual host configurations with your main server configuration, or you will get quite confused when you have to sort it out.
To configure name−based virtual hosts, first tell Apache which IP address to use for them with the NameVirtualHost httpd.conf directive. While multiple name−based virtual hosts can live on one IP address, Apache must know which IP address to bind these to:
...............................................................................................
NameVirtualHost 192.168.33.254
...............................................................................................
Once this is set, any requests that come in to that IP address will be treated as a named virtual−host request. Now you have to tell Apache where to get information on each virtual host. At the very least, each virtual host needs the name of the Web site and the directory where the HTML documents for that Web site can be found. Here's an example of a basic virtual host that only needs these two items:
...............................................................................................
<VirtualHost 192.168.33.254> ServerName www.AbsoluteBSD.com DocumentRoot /home/mwlucas/www
</VirtualHost>
...............................................................................................
The <VirtualHost> and </VirtualHost> labels tell Apache that the information between them is for a single virtual host, and they include the IP address of the virtual host.
356
The ServerName directive tells Apache the name of this virtual host. The server uses this entry to handle requests for http://www.absolutebsd.com/.
Finally, the DocumentRoot entry tells Apache where to find the HTML documents that make up this site.
It works this way: When a browser sends a Web request to the virtual host IP address of 192.168.33.254 and asks for http://www.absolutebsd.com/, Apache pulls the documents out of the directory /home/mwlucas/www and returns them to the client.
IP−Based Virtual Hosts
Not all browsers send the site name along with the Web request. In fact, this was the standard in the earlier days of the Internet (Netscape 2 and Internet Explorer 3), when IP addresses were so plentiful it seemed they could never run out. Browser clients assumed that they could just make a connection to the Web server on port 80, and the only thing that would be on that port was that particular site.
You might think that that time vanished with the Apple II and Betamax, but no. In 2001 I came across a corporate network that had 12,000 desktops running a Mosaic−based Web browser on Windows for Workgroups. This browser is so old that it expected every Web site to have a unique IP address and did not transmit the site name with the Web request. And the company's intranet Web server had to support these clients. While You'll probably never have to worry about these sorts of clients on the public Internet, you should still know how to configure them in case you encounter this sort of situation.
Additionally, sites that use SSL expect to have a single hostname for a single IP. To combine SSL with virtual hosts, you must use IP−based virtual hosts.
To use IP−based virtual hosts, specify the IP address in the VirtualHost space, much like you do for name−based virtual hosts. This looks exactly like the VirtualHost setup used by name−based virtual hosts, except that the IP address in the VirtualHost space is unique. The only difference between setting up an IP−based virtual host and a name−based virtual host is that IP−based virtual hosts don't need the NameVirtualHost directive.
Here's a minimal setup of an IP−based virtual host:
...............................................................................................
<VirtualHost 209.69.178.18> ServerName www.blackhelicopters.org DocumentRoot /home/mwlucas/www2 </VirtualHost>
...............................................................................................
Any request that arrives at port 80 on the IP address 209.69.178.18 will receive the HTML in /home/mwlucas/www2.
Tweaking Virtual Hosts
Once you have the minimal virtual hosts (described in the previous sections) working, you can add additional touches to them. Here we'll discuss various virtual−host options that will work with both
357
IP−based and name−based virtual hosts, and how they can be used.
Port Numbers
Different documents can be served on different ports. (you've probably seen this before, when a hostname in a URL has a colon followed by a number.) If Apache is listening on ports 80 and 81, for example, you could have a different virtual host on each port, as long as you add the port number after the IP address in the VirtualHost directive.
For example, here's a configuration that creates two different sites (http://www.absolutebsd.com/ and http://data.absolutebsd.com:8080/) using two similar virtual hosts on different ports. Both sites are on the same IP address, but on different ports.
...............................................................................................
<VirtualHost 209.69.178.18:80> ServerName www.AbsoluteBSD.com DocumentRoot /home/mwlucas/www </VirtualHost>
<VirtualHost 209.69.178.18:8080> ServerName data.AbsoluteBSD.com DocumentRoot /home/mwlucas/data </VirtualHost>
...............................................................................................
Virtual Host Logs
By default, virtual hosts write their logs to the default Apache log, but you might want to split the logs out by virtual host. (This is common when you're running a commercial Web server and want each customer to get their own logs.) Do so with the ErrorLog and TransferLog directives, both of which take the name of the log file as an argument:
...............................................................................................
<VirtualHost 209.69.178.18:80> ServerName www.AbsoluteBSD.com DocumentRoot /home/mwlucas/www
ErrorLog /home/mwlucas/absolutebsd.com−error−log TransferLog /home/mwlucas/absolutebsd.com−access−log </VirtualHost>
...............................................................................................
The TransferLog directive can also take the type of information to be logged as a second argument. We saw the standard log styles in the discussion of the LogFormat directive (in the "Log Format" section) earlier in this chapter.
Options and AllowOverride
By default, virtual hosts inherit the Options and AllowOverride settings of the root directory. As a reminder, here's a sample configuration for the root directory:
...............................................................................................
<Directory />
Options AuthConfig Limit
358