An implementation of an HTTP 1.1 compliant web server, as defined in
Type definitions that are used more than once in this module:
A web server can be configured to start when starting the
File Properties
When the web server is started
at application start time, the properties are to be fetched from a
configuration file that can consist of a regular Erlang property
list, that is,
If this property is defined,
If this property is defined,
Example:
{server_root, "/urs/local/www"} -> ServerRoot /usr/local/www
A few exceptions are documented
for each property that behaves differently,
and the special cases
]]>
The properties
Mandatory Properties
The port that the HTTP server listen to.
If zero is specified as port, an arbitrary available port
is picked and function
The name of your server, normally a fully qualified domain name.
Defines the home directory of the server, where log files, and so on, can be stored. Relative paths specified in other properties refer to this directory.
Defines the top directory for the documents that are available on the HTTP server.
Communication Properties
Default is
Used together with
For
For
Default is
Default is
If given, sets a minimum of bytes per second value for connections.
If the value is unreached, the socket closes for that connection.
The option is good for reducing the risk of "slow DoS" attacks.
Erlang Web Server API Modules
Defines which modules the HTTP server uses when handling
requests. Default is
Limit properties
A callback module to customize the inets HTTP servers behaviour
see
Allows you to disable chunked
transfer-encoding when sending a response to an HTTP/1.1
client. Default is
Instructs the server whether to use persistent
connections when the client claims to be HTTP/1.1
compliant. Default is
The number of seconds the server waits for a
subsequent request from the client before closing the
connection. Default is
Limits the size of the message body of an HTTP request. Default is no limit.
Limits the number of simultaneous requests that can be
supported. Default is
Limits the size of the message header of an HTTP request.
Default is
Maximum content-length in an incoming request, in bytes. Requests
with content larger than this are answered with status 413.
Default is
Limits the size of the HTTP request URI. Default is no limit.
The number of requests that a client can do on one
connection. When the server has responded to the number of
requests defined by
Administrative Properties
# MIME type Extension text/html html htm text/plain asc txt
Default is [{"html","text/html"},{"htm","text/html"}].
When the server is asked to provide a document type that cannot be determined by the MIME Type Settings, the server uses this default type.
Defines the email-address of the server administrator to be included in any error messages returned by the server.
Defines the look of the value of the server header.
Example: Assuming the version of
"" % A Server: header will not be generated
"inets"
"inets/5"
"inets/5.8"
"inets/5.8.1"
"inets/5.8.1 (unix)"
"inets/5.8.1 (unix/linux) OTP/R15B"
"foo/bar"
By default, the value is as before, that is,
Defines if access logs are to be written according to the
Here:
The
In addition to the earlier:
This affects the access logs written by
Default is
io:format("[~s] ~s, reason: ~n ~p ~n~n", [Date, Msg, Reason]).
io:format("[~s] ~s, reason: ~w ~n", [Date, Msg, Reason]).
This affects the error logs written by
URL Aliasing Properties - Requires mod_alias
{alias, {"/image", "/ftp/pub/image"}}
Access to http://your.server.org/image/foo.gif would refer to the file /ftp/pub/image/foo.gif.
{re_write, {"^/[~]([^/]+)(.*)$", "/home/\\1/public\\2"}}
Access to http://your.server.org/~bob/foo.gif would refer to
the file /home/bob/public/foo.gif.
In an Apache-like configuration file,
ReWrite ^/[~]([^/]+)(.*)$ /home/\1/public\2
Beware of trailing space in
{directory_index, ["index.html", "welcome.html"]}
Access to http://your.server.org/docs/ would return http://your.server.org/docs/index.html or http://your.server.org/docs/welcome.html if index.html does not exist.
CGI Properties - Requires mod_cgi
{script_alias, {"/cgi-bin/", "/web/cgi-bin/"}}
Access to http://your.server.org/cgi-bin/foo would cause the server to run the script /web/cgi-bin/foo.
{script_re_write, {"^/cgi-bin/(\\d+)/", "/web/\\1/cgi-bin/"}}
Access to http://your.server.org/cgi-bin/17/foo would cause the server to run the script /web/17/cgi-bin/foo.
If
The time in seconds the web server waits between each
chunk of data from the script. If the CGI script does not deliver
any data before the timeout, the connection to the client is
closed. Default is
Example:
{action, {"text/plain", "/cgi-bin/log_and_deliver_text"}}
Example:
{script, {"PUT", "/cgi-bin/put"}}
ESI Properties - Requires mod_esi
{erl_script_alias, {"/cgi-bin/example", [httpd_example]}}
A request to http://your.server.org/cgi-bin/example/httpd_example:yahoo would refer to httpd_example:yahoo/3 or, if that does not exist, httpd_example:yahoo/2 and http://your.server.org/cgi-bin/example/other:yahoo would not be allowed to execute.
If
If
Log Properties - Requires mod_log
Defines the filename of the error log file to be used to log
server errors. If the filename does not begin with a slash (/),
it is assumed to be relative to the
Defines the filename of the access log file to be used to
log security events. If the filename does not begin with a slash
(/), it is assumed to be relative to the
Defines the filename of the access log file to be used to
log incoming requests. If the filename does not begin with a
slash (/), it is assumed to be relative to the
Disk Log Properties - Requires mod_disk_log
Defines the file format of the log files. See
Defines the filename of the (
Defines the filename of the (
Defines the filename of the (
Authentication Properties - Requires mod_auth
{directory, {path(), [{property(), term()}]}}
The properties for directories are as follows:
Defines a set of hosts to be granted access to a given directory, for example:
{allow_from, ["123.34.56.11", "150.100.23"]}
The host
Defines a set of hosts to be denied access to a given directory, for example:
{deny_from, ["123.34.56.11", "150.100.23"]}
The host
Sets the type of authentication database that is used for the
directory. The key difference between the different methods is
that dynamic data can be saved when Mnesia and Dets
are used.
This property is called
Sets the name of a file containing the list of users and
passwords for user authentication. The filename can be either
absolute or relative to the
Example:
ragnar:s7Xxv7
edward:wwjau8
If the Dets storage method is used, the user database is
maintained by Dets and must not be edited by hand. Use the
API functions in module
Sets the name of a file containing the list of user
groups for user authentication. The filename can be either
absolute or relative to the
Example:
group1: bob joe ante
If the Dets storage method is used, the group database is
maintained by Dets and must not be edited by hand. Use the
API for module
Sets the name of the authorization realm (auth-domain) for a directory. This string informs the client about which username and password to use.
If set to other than "NoPassword", the password is required for all API calls. If the password is set to "DummyPassword", the password must be changed before any other API calls. To secure the authenticating data, the password must be changed after the web server is started. Otherwise it is written in clear text in the configuration file.
Defines users to grant access to a given directory using a secret password.
Defines users to grant access to a given directory using a secret password.
Htaccess Authentication Properties - Requires mod_htaccess
Specifies the filenames that are used for access files. When a request comes, every directory in the path to the requested asset are searched after files with the names specified by this parameter. If such a file is found, the file is parsed and the restrictions specified in it are applied to the request.
Security Properties - Requires mod_security
{security_directory, {path(), [{property(), term()}]}}
The properties for the security directories are as follows:
Name of the security data file. The filename can either be
absolute or relative to the
Specifies the maximum number of attempts to authenticate a
user before the user is blocked out. If a user
successfully authenticates while blocked, the
user receives a 403 (Forbidden) response from the
server. If the user makes a failed attempt while blocked, the
server returns 401 (Unauthorized), for security
reasons.
Default is
Specifies the number of minutes a user is blocked. After
this timehas passed, the user automatically regains access.
Default is
Specifies the number of minutes a failed user authentication
is remembered. If a user authenticates after this
time has passed, the previous failed authentications are
forgotten.
Default is
Fetches information about the HTTP server. When called with only the pid, all properties are fetched. When called with a list of specific properties, they are fetched. The available properties are the same as the start options of the server.
Pid is the pid returned from
Fetches information about the HTTP server. When called with
only
The address must be the IP address and cannot be the hostname.
Reloads the HTTP server configuration without restarting the server. Incoming requests are answered with a temporary down message during the reload time.
Available properties are the same as the
start options of the server, but the properties
If mode is disturbing, the server is blocked forcefully, all ongoing requests terminates, and the reload starts immediately. If mode is non-disturbing, no new connections are accepted, but ongoing requests are allowed to complete before the reload is done.
The Erlang web server API data types are as follows:
ModData = #mod{}
-record(mod, {
data = [],
socket_type = ip_comm,
socket,
config_db,
method,
absolute_uri,
request_uri,
http_version,
request_line,
parsed_header = [],
entity_body,
connection
}).
To acess the record in your callback-module use:
-include_lib("inets/include/httpd.hrl").
The fields of record
Type
The socket, in format
The config file directives stored as key-value tuples in
an ETS table. Depicted
Type
If the request is an HTTP/1.1
request, the URI can be in the absolute URI format. In that
case,
The
The
The
The
When a valid request reaches
The field
If
Converts a line in an Apache-like
configuration file to an
When
Checks the validity of the configuration options before saving them in the internal database. This function can also have a side effect, that is, setup of necessary extra resources implied by the configuration option. It can also resolve possible dependencies among configuration options by changing the value of the option. This function only needs clauses for the options implemented by this particular callback module.