Description - Adjusts the verbosity of the messages recorded in the
error logs. When a particular level is specified, messages from all other
levels of higher significance are reported as well. For example, when LogLevel
info is specified, messages with log levels of notice and warn
are also reported. We recommend specifying level crit, at least.
Scope - server config, virtual host
Values - The following levels are available, in order of decreasing
significance:
Level
Description
Example
emerg
Emergencies - system is unusable.
"Child cannot open lock file. Exiting"
alert
Action must be taken immediately.
"getpwuid: couldn't determine user name from uid"
crit
Critical Conditions.
"socket: Failed to get a socket, exiting child"
error
Error conditions.
"Premature end of script headers"
warn
Warning conditions.
"child process 1234 did not exit, sending another SIGHUP"
notice
Normal but significant condition.
"httpd: caught SIGBUS, attempting to dump core in ..."
info
Informational.
"Server seems busy, (you may need to increase StartServers,
or Min/MaxSpareServers)..."
debug
Debug-level messages
"Opening config file ..."
Usage - LogLevel level
Notes - If nothing is specified, LogLevel error is the default.
Multiple instances in the config file - Allowed. Order of preference
is top to bottom, first to last. If the cipher specs are not supported by
the client, the connection closes.
Usage - SSLCipherSpec shortname or
SSLCipherSpec longname
Notes - If nothing is specified, the server uses all cipher specs available from the installed GSK library
Multiple instances in the config file - Allowed. Order of preference is top to bottom, first to last. If the cipher specs are not supported by the client, the connection closes.
SSLClientAuthRequire (CommonName = "Fred Smith" OR CommonName = "John Deere") AND Org = IBM
means that the object will not be served unless the client certificate contains a common name of either Fred
Smith or John Deere and the organization is IBM.
For the attribute checks, the only valid comparisons are equal and not equal (= and !=). Each attribute check
can be linked with AND, OR, or NOT (also &&, ||, and !). Parentheses can be used to group comparisons.
If the value of the attribute contains a non-alphanumeric character, the value must be delimited with quotes.
Valid attributes are as follows:
IssuerStateOrProvince
IssuerCommonName
IssuerOrgUnit
IssuerCountry
IssuerLocality
IssuerOrg
IssuerEmail
StateOrProvince
CommonName
OrgUnit
Country
Locality
Org
Email
Also valid are the short names:
IST, ICN, IOU, IC, IL, IO, IE, ST, CN, OU, C, L, O, E
Note that multiple SSLClientAuthRequire directives are allowed per object, the net effect is that they are
AND'd together.
Description - Enables the fake basic authentication support. This allows the client certificate distinguished name to become the user portion of the user/password basic authentication pair. The password is "password."
Scope - Within a directory stanza, used along with AuthName, AuthType, and require directives.