Project

General

Profile

Actions
History

Docs »

Configuration File Options

Here you will find a list of all available configuration options in the lighttpd base distribution. They are grouped by module, and a link to each module configuration will provide with more detail information about each option, as well as examples, and other guidelines. While lighttpd has many options, a minimal lighttpd.conf can be as small as one line (server.document-root = "..."). For most options, it is recommended that lighttpd defaults be used unless you have a specific reason to change them.

Please begin with Configuration: Quick Start and Configuration: File Syntax before perusing below.

Modules must be listed in server.modules or else options from that module will not be recognized by lighttpd. e.g. server.modules += ("mod_example") (The only exceptions are the three core modules that lighttpd loads by default: mod_indexfile, mod_dirlisting, mod_staticfile)

Search: if you know the exact name of the module you need help with, use your browser's word-search in this page, e.g. for "mod_cgi", or use the wiki's search engine in titles-only mode, e.g. to search for mod_cgi).

Lighttpd Core

option description details
server.name name of the server/virtual server Details
server.document-root document-root of the webserver Details
server.error-handler uri to call if non-dynamic (not CGI or proxy) request results in http status >= 400 (overrides error-handler-404) (since 1.4.40) Details dbdab5db
server.error-handler-404 uri to call if non-dynamic (not CGI or proxy) request results in a 404 (in 404 or 403 before lighttpd 1.4.77) Details
server.errorfile-prefix path prefix for special status codes pages Details
server.error-intercept enable/disable intercepting HTTP error pages from dynamic handlers by server.error* (since 1.4.46)
server.bind IP address, hostname or absolute path to the unix-domain socket (default: "*") Details
server.port port to which to bind when IP address specified in server.bind (default: 80)
server.network-backend basic network interface for all platforms at the syscalls read() and write() Details
server.listen-backlog listen backlog queue size Details 71ed1912
server.bsd-accept-filter listen socket *BSD accept() filter ("httpready" or "dataready") Details 4eeeb8fc
server.defer-accept listen socket Linux TCP_DEFER_ACCEPT ("enable" or "disable")
server.ip-transparent listen socket Linux IP_TRANSPARENT ("enable" or "disable") (since 1.4.77)
server.use-ipv6 bind to the IPv6 socket Details
server.v4mapped bind to the IPv6 socket without IPV6_V6ONLY socket option (since 1.4.56) Details
server.socket-perms permissions to set on listening unix domain socket, e.g. "0770" (since 1.4.46) Details #656
server.systemd-socket-activation systemd socket activation ("enable" or "disable") (since 1.4.53)
server.modules modules to load Details
server.compat-module-load enable/disable load of default and compatibility modules (default: "enable")
server.errorlog pathname of the error-log Details
server.errorlog-use-syslog send errorlog to syslog Details
server.syslog-facility syslog facility (default: "daemon") (since 1.4.46)
server.breakagelog redirect stderr for lighttpd and all forked apps (e.g. CGI) Details
server.event-handler set the event handler Details
server.stat-cache-engine select stat() call caching Details
server.username username used to run the server Details
server.groupname groupname used to run the server Details
server.chroot root-directory of the server Details
server.core-files enable core files Details
server.pid-file set the name and location of the .pid-file Details
server.feature-flags server-wide feature control for selected features (since 1.4.56) Details
server.http-parseopts HTTP request parsing and normalization options (since 1.4.50) Details
server.http-parseopt-header-strict restrict chars permitted in HTTP headers Details b47494d4
server.http-parseopt-host-strict restrict chars permitted in HTTP Host header Details b47494d4
server.http-parseopt-host-normalize normalize HTTP Host header Details b47494d4
server.protocol-http11 defines if HTTP/1.1 is allowed or not Details
server.range-requests defines if range requests are allowed or not Details
server.reject-expect-100-with-417 setting to disable returning of a 417 if "Expect: 100-continue" header (no-op since 1.4.46)
server.tag set the string returned by the server Details
server.stream-request-body stream request body to backend Details
server.stream-response-body stream response body to client Details
server.chunkqueue-chunk-sz default chunk buffer size, rounded up to nearest power-of-2 (default 8k; minimum 1k)
connection.kbytes-per-second limit the throughput for each single connection to the given limit in kbyte/s Details
server.kbytes-per-second limit the throughput for all connections to the given limit in kbyte/s Details
server.max-connections maximum connections Details
server.max-fds maximum number of file descriptors Details
server.max-keep-alive-idle maximum number of seconds until a idling keep-alive connection is dropped Details
server.max-keep-alive-requests maximum number of request within a keep-alive session Details
server.max-read-idle maximum number of seconds until a waiting, non keep-alive read times out and closes the connection Details
server.max-request-size maximum size in kbytes of the request Details
server.max-request-field-size maximum size of the request header fields (in bytes) (<= 65535)
server.max-worker number of worker processes to spawn Details
server.max-write-idle maximum number of seconds until a waiting write call times out Details
server.follow-symlink allow to follow-symlinks Details
server.force-lowercase-filenames enable force all filenames to lowercase
server.upload-dirs path to upload directory Details
server.upload-temp-file-size max (fuzzy) size of each temporary file (default: 1 MB)
etag.use-inode Determines if inode-value is used in ETag generation Details
etag.use-mtime Determines if mtime-value is used in ETag generation Details
etag.use-size Determines if size-value is used in ETag generation Details
mimetype.assign list of known mimetype mappings Details
mimetype.use-xattr try to use XFS-style extended attribute interface for retreiving the Content-Type Details
mimetype.xattr-name name of XFS-style extended attribute to use for retreiving the Content-Type Details

Core Debug Info

option description
debug.log-request-header log all request headers
debug.log-file-not-found log if a file was not found
debug.log-condition-handling log conditionals handling for debugging
debug.log-request-header-on-error log request header and additional error trace, but only when there is an error
debug.log-request-handling log request handling inside lighttpd
debug.log-state-handling log state handling inside lighttpd
debug.log-response-header log the header we send out to the client
debug.log-ssl-noise log some ssl warnings we hide by default (ssl handshake, unknown/bad certificate)

mod_access - access restrictions

option description
url.access-allow Allows access only to files with any of given trailing path names (since 1.4.40)
url.access-deny Denies access to all files with any of given trailing path names

mod_accesslog - access log files

option description
accesslog.format the format of the logfile
accesslog.escaping choose escaping convention for CTL chars and chars with high-bit set (since 1.4.65)
accesslog.filename name of the file where the accesslog should be written to if syslog is not used
accesslog.use-syslog send the accesslog to syslog
accesslog.syslog-level numerical value used as syslog log level

mod_alias - directory aliases

option description
alias.url rewrites the document-root for a URL-subset

mod_auth - authentication

option description
auth.backend type of authentication backend
auth.require set restriction method
auth.extern-authn check REMOTE_USER (if set) against require rules prior to applying auth.backend (since 1.4.46)
auth.backend.plain.userfile path to plain userfile
auth.backend.plain.groupfile path to plain groupfile
auth.backend.htdigest.userfile path to htdigest userfile
auth.backend.htpasswd.userfile path to htpassword userfile
auth.backend.* (see mod_auth documentation for gssapi, ldap, pam, sasl, ...)
auth.require option description
method type of authentication ("digest" or "basic")
realm authentication realm
require "valid-user" to allow any valid user, or a list of user=username separated by pipe symbols

mod_deflate - dynamic compression

option description
deflate.mimetypes mimetype listing to be compressed, matched to prefix of Content-Type
deflate.allowed-encodings encodings enabled ("gzip", "bzip2", "deflate")
deflate.max-compress-size maximum size document to compress
deflate.min-compress-size minimum size document before compressing
deflate.compression-level level of compression
deflate.output-buffer-size size of buffer for compression
deflate.work-block-size minimum block size for compression
deflate.max-loadavg max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43)

mod_dirlisting - directory listing

option description
dir-listing.activate enables virtual directory listings if a directory is requested no index-file was found
dir-listing.cache directory listing caching parameters (lighttpd 1.4.60)
dir-listing.external-css URL path to an external css stylesheet for the directory listing
dir-listing.external-js URL path to an external js script, e.g. for client side directory list sorting (lighttpd 1.4.42)
dir-listing.encoding set a encoding for the generated directory listing
dir-listing.hide-dotfiles if enabled, does not list hidden files in directory listings generated by the dir-listing option
dir-listing.show-header include HEADER.txt files above the directory listing (since 1.4.43: user-specified file name)
dir-listing.hide-header-file enables hide header file from directory listing
dir-listing.show-readme include README.txt files below the directory listing (since 1.4.43: user-specified file name)
dir-listing.hide-readme-file enables displaying readme file in directory listing
dir-listing.exclude files that match any of the specified regular expressions will be excluded from listings
dir-listing.set-footer displays a string in the footer of a listing page
server.dir-listing enable/disable directory listing (deprecated; see dir-listing.activate)

mod_evhost - enhanced virtual host

option description
evhost.path-pattern pattern with wildcards to be replace to build a documentroot

mod_expire - cached expiration

option description
expire.url assignes an expiration to all files below the specified path
expire.mimetypes assignes an expiration to all responses with Content-Type prefix matching the listed mimetypes (since 1.4.43)

mod_extforward - use X-Forwarded-For (or Forwarded)

extract the client's "real" IP from X-Forwarded-For (or Forwarded) header

option description
extforward.forwarder set trust level of proxy ip's
extforward.hap-PROXY enable HAProxy PROXY protocol (since 1.4.46)
extforward.hap-PROXY-ssl-client-verify enable setting SSL_CLIENT_VERIFY from HAProxy PROXY protocol (since 1.4.46)
extforward.headers set of request headers to search, e.g. "Forwarded" or "X-Forwarded-For"
extforward.params configure additional values to take from "Forwarded" header (since 1.4.46)

mod_indexfile - directory index file

option description
index-file.names list of files to search for if a directory is requested

mod_magnet - request manipulation using Lua

option description
magnet.attract-raw-url-to attract request before lighttpd tries to find a physical file (but after rewrite)
magnet.attract-physical-path-to attract request after doc-root is known and the physical-path is already setup
magnet.attract-response-start-to attract request right before response headers are sent (since 1.4.56)

mod_redirect - redirect

option description note
url.redirect redirects a set of URLs externally
url.redirect-code defines the http code that is sent with the redirect URL Added in 1.4.31

mod_rewrite - rewriting

option description
url.rewrite-once rewrites a set of URLs internally and skip the rest
url.rewrite-repeat rewrites a set of URLs internally in the webserver, continue applying rewrite rules
url.rewrite same as url.rewrite-once
url.rewrite-final same as url.rewrite-once
url.rewrite-[repeat-]if-not-file rewrites a set of urls internally and checks if files do not exist

mod_rrdtool - rrdtool

option description
rrdtool.db-name filename of the rrd-database
rrdtool.binary path to the rrdtool binary

mod_setenv - set HTTP Environment

option description
setenv.add-request-header adds a value to the HTTP request received from the client
setenv.set-request-header sets a value to the HTTP request received from the client (since 1.4.46)
setenv.add-environment adds a value to the process environment passed to external (backend) applications
setenv.set-environment sets a value to the process environment passed to external (backend) applications (since 1.4.46)
setenv.add-response-header adds a header to the HTTP response sent to the client
setenv.set-response-header sets a header to the HTTP response sent to the client (since 1.4.46)

mod_simple_vhost - simple virtual host

option description
simple-vhost.document-root path below the vhost directory
simple-vhost.server-root root of the virtual host
simple-vhost.default-host use this hostname if the requested hostname does not have its own directory
simple-vhost.debug debug simple vhosts module

mod_ssi - server side includes

option description
ssi.extension extension of files processed by mod_ssi
ssi.content-type specify Content-Type response header for SSI pages
ssi.conditional-requests enable/disable conditional request caching including generating ETag and Last-Modified response headers
ssi.exec enable/disable #exec cmd="..."
ssi.recursion-max max recursion depth for #include virtual="..." SSI processing (0 is disabled (default)) (since 1.4.44)

mod_staticfile - serve static files

option description
static-file.disable-pathinfo do not handle as static file if path-info is present after file name
static-file.etags Determines if ETags are generated or not
static-file.exclude-extensions forbid access to the source of some types of files by extension

mod_status - server status

option description
status.config-url relative URL for the config page which displays the loaded modules
status.statistics-url relative URL for a plain-text page containing the internal statistics
status.enable-sort add JavaScript which allows client-side sorting for the connection overview
status.status-url relative URL which is used to retrieve the status-page

mod_userdir - user directories

option description
userdir.basepath if set, don't check /etc/passwd for homedir
userdir.exclude-user list of usernames which may not use this feature
userdir.path usually it should be set to "public_html" to take ~/public_html/ as the document root
userdir.include-user if set, only users from this list may use the feature

mod_vhostdb - virtual host database

option description
vhostdb.backend "dbi", "ldap", "mysql", or "pgsql"
vhostdb.dbi
vhostdb.ldap
vhostdb.mysql
vhostdb.pgsql

mod_webdav - WebDAV

option description
webdav.activate enable/disable WebDAV
webdav.is-readonly enable/disable read only
webdav.sqlite-db-name pathname to SQLite database
webdav.log-xml Log the XML Request bodies for debugging
webdav.opts additional configuration options (since 1.4.65)

.

Gateways

.

mod_ajp13 - Apache JServ Protocol version 1.3 (AJP13)

option description
ajp13.server backend server definition(s) for hosts to which to send requests; options for each backend host
ajp13.balance select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky)
ajp13.debug debug level (value between 0 and 65535)

mod_cgi - cgi

option description
cgi.assign assign cgi handler to an extension
cgi.execute-x-only requires +x for cgi scripts
cgi.local-redir local-redir optimization (since 1.4.46)
cgi.upgrade support for Upgrade: websocket (since 1.4.46)
cgi.x-sendfile controls if X-Sendfile header is allowed
cgi.x-sendfile-docroot limits the directory trees permitted for use with X-Sendfile response header
cgi.limits list of limits to apply to CGI (mod_cgi options) (since 1.4.60)

mod_fastcgi - fastcgi

option description
fastcgi.server backend server definition(s) for hosts to which to send requests; options for each backend host
fastcgi.balance select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46))
fastcgi.debug debug level (value between 0 and 65535)
fastcgi.map-extensions map multiple extensions to the same backend

mod_proxy - proxy

option description
proxy.server backend server definition(s) for hosts to which to send requests; options for each backend host
proxy.balance select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44))
proxy.debug debug level (value between 0 and 65535)
proxy.map-extensions map multiple extensions to the same backend (since 1.4.46)
proxy.forwarded append "Forwarded" header (RFC7239) to proxied requests (since 1.4.46)
proxy.replace-http-host enable/disable replacing Host header in request to backend with proxy.server label (since 1.4.44)
proxy.header options to perform simple remapping of host and URL paths in proxied HTTP headers (since 1.4.46)

mod_scgi - SCGI

option description
scgi.server backend server definition(s) for hosts to which to send requests; options for each backend host
scgi.balance select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.46))
scgi.debug debug level (value between 0 and 65535)
scgi.map-extensions map multiple extensions to the same backend (since 1.4.46)
scgi.protocol protocol between lighttpd and backend server ("scgi" (default) or "uwsgi") (since 1.4.42)

mod_sockproxy - transparent socket proxy

option description
sockproxy.server backend server definition(s) for hosts to which to send requests; options for each backend host
sockproxy.balance select type of balancing algorithm (fair, least-connection, round-robin, hash, sticky (since 1.4.44))
sockproxy.debug debug level (value between 0 and 65535)

mod_wstunnel - WebSocket tunnel

option description
wstunnel.server backend server definition(s) for hosts to which to send requests; options for each backend host
wstunnel.balance load-balancing algorithm for backends ("fair", "least-connection", "round-robin", "hash", or "sticky")
wstunnel.debug debug level (value between 0 and 65535)
wstunnel.frame-type websocket frame type: "text" or "binary"
wstunnel.map-extensions map multiple extensions to the same backend
wstunnel.origins list of permitted origins in Origin request header (optional)
wstunnel.ping-interval send websocket PING frame at given interval in sec (default 0; none sent)

gw_backend - gateway *.server host options

  • (e.g. dynamic backends fastcgi.server, scgi.server, proxy.server, wstunnel.server, ajp13.server)
    (Additional explanation of options can be found in the related mod_fastcgi options)
*.server option description
host ip of the backend process (DNS name is resolved to first IP at lighttpd startup (since 1.4.46))
port tcp-port on the "host" used by the backend process (starting port number; incremented for each "max-procs" > 1 when "bin-path" is set)
socket path to the unix-domain socket
bin-path path to the local backend binary which should be started if no local backend is running
bin-environment set environment of backend binary
bin-copy-environment copy environment from server for backend binary
disable-time time to wait before a disabled backend is checked again
idle-timeout number of seconds before a unused process gets terminated
kill-signal signal to send backend on server shutdown (for backend daemons started by lighttpd) (since 1.4.46; since 1.4.14 for mod_fastcgi)
listen-backlog listen backlog queue size (for backend daemons started by lighttpd) (since 1.4.40)
max-load-per-proc maximum number of waiting processes on average per process before a new process is spawned (since 1.4.46)
max-procs upper limit of processes to start (default: 4)
min-procs sets the minimum processes to start (default: same as max-procs) (since 1.4.46)
connect-timeout number of seconds before aborting connect() to backend (default: 8) (since 1.4.60)
write-timeout number of seconds before aborting when trying to write to backend (default: 0; no timeout) (since 1.4.60)
read-timeout number of seconds before aborting when trying to read from backend (default: 0; no timeout) (since 1.4.60)
upgrade allow HTTP/1.1 "Upgrade: websocket" or HTTP/2 extended CONNECT with :protocol: websocket (default: 0; disabled) (since 1.4.74)
  • (e.g. dynamic backends (HTTP-like) fastcgi.server, scgi.server, proxy.server, ajp13.server)
*.server option description
x-sendfile controls if X-Sendfile header is allowed (since 1.4.40)
x-sendfile-docroot limits the directory trees permitted for use with X-Sendfile response header (since 1.4.40)
  • (e.g. dynamic backends (CGI-like) fastcgi.server, scgi.server)
*.server option description
check-local enable/disable check for requested file in document root (default: enabled)
docroot docroot on the remote host
broken-scriptfilename breaks SCRIPT_FILENAME in a way that PHP can extract PATH_INFO from it
fix-root-scriptname use this for backends with extension "/" (and check-local is disabled) (since 1.4.23)
strip-request-uri strip part of request-uri
mode FastCGI protocol mode. Default is "responder", also "authorizer" mode is implemented (since 1.4.46; available only in mod_fastcgi in earlier versions)

.

TLS / SSL

.

mod_openssl - TLS/SSL using OpenSSL

part of mod_openssl (since 1.4.46), though ssl.* directives are available in earlier versions, built-in to the lighttpd core

option description details
ssl.engine enable/disable ssl engine Details
ssl.pemfile path to the PEM file for SSL support Details
ssl.privkey path to the PEM file private key (since 1.4.53) Details
ssl.openssl.ssl-conf-cmd specify openssl config commands (e.g. ("Protocol" => "-ALL, TLSv1.2") restricts protocol to only TLS 1.2) (since 1.4.48) Details
ssl.stek-file path to file containing binary session ticket encryption key (STEK) (global setting) (since 1.4.56) Session Tickets
ssl.acme-tls-1 path to directory containing TLS-ALPN-01 ("acme-tls/1") challenges (Let's Encrypt option) (since 1.4.53) Details
ssl.read-ahead enable/disable use of SSL read ahead (lighttpd 1.4.45+) (if disable, must be in global scope in lighttpd 1.4.45) Details
ssl.verifyclient.activate enable/disable client verification Details
ssl.verifyclient.ca-file path to file for certificate authorities (CA) used for client certificate verification (since 1.4.60) (ssl.ca-file before 1.4.60) Details
ssl.verifyclient.ca-dn-file path to file for certificate authorities (CA) from which client should select client certs (if needed) (since 1.4.60) (ssl.ca-dn-file since 1.4.46 and before 1.4.60) Details
ssl.verifyclient.ca-crl-file path to file for certificate revocation list (CRL) for client certificate (since 1.4.60) (ssl.ca-crl-file since 1.4.46 and before 1.4.60) Details
ssl.verifyclient.enforce enable/disable enforcing client verification Details
ssl.verifyclient.depth certificate depth for client verification Details
ssl.verifyclient.exportcert enable/disable client certificate export to env:SSL_CLIENT_CERT Details
ssl.verifyclient.username client certificate entity to export as env:REMOTE_USER (eg. SSL_CLIENT_S_DN_emailAddress, SSL_CLIENT_S_DN_UID, etc.) Details
ssl.cipher-list Configure the allowed SSL ciphers Details
ssl.honor-cipher-order enable/disable honoring the order of ciphers set in ssl.cipher-list (set by default when ssl.cipher-list is set) Details
ssl.disable-client-renegotiation enable/disable mitigation of client triggered re-negotiation (see CVE-2009-3555) Details

mod_gnutls - TLS/SSL using GnuTLS

(available since lighttpd 1.4.56)
same directives as mod_openssl

mod_mbedtls - TLS/SSL using mbedTLS

(available since lighttpd 1.4.56)
same directives as mod_openssl

mod_nss - TLS/SSL using NSS

(available since lighttpd 1.4.56)
same directives as mod_openssl

mod_wolfssl - TLS/SSL using wolfSSL

(available since lighttpd 1.4.56)
same directives as mod_openssl

.

Deprecated

.

mod_cml - Cache Meta Language

DEPRECATED
porting mod_cml scripts to mod_magnet
option description
cml.memcache-namespace (not used yet)
cml.power-magnet a cml file that is executed for each request
cml.memcache-hosts hosts for the memcache.* functions
cml.extension the file extension that is bound to the cml-module

mod_compress - compress output

DEPRECATED
mod_compress migration path: replace with mod_deflate
rename compress.* options to similar deflate.* options

mod_compress option mod_deflate option
compress.filetype -> deflate.mimetypes
compress.allowed-encodings -> deflate.allowed-encodings
compress.max-filesize -> deflate.max-compress-size
compress.max-loadavg -> deflate.max-loadavg
compress.cache-dir -> deflate.cache-dir
option description
compress.max-filesize maximum size of the original file to be compressed kBytes
compress.cache-dir name of the directory where compressed content will be cached
compress.filetype mimetypes which might get compressed
compress.allowed-encodings encodings enabled ("gzip", "bzip2", "deflate")
compress.max-loadavg max system loadavg before bypassing compression, e.g. "3.50" (since 1.4.43)

mod_evasive - evasive

DEPRECATED
mod_evasive migration path: replace with lua mod_evasive
option description
evasive.max-conns-per-ip upper limit of number of connections per ip allowed
evasive.location send 302 redirect with configured URI (instead of 403 Forbidden)
evasive.silent no logging

mod_flv_streaming - flv streaming

DEPRECATED
mod_flv_streaming migration path: replace with mod_magnet and flv-streaming.lua (lua code snippets section "mod_flv_streaming")
Note: Adobe Flash Video (.flv) is deprecated and support has been removed from modern clients
option description
flv-streaming.extensions extensions of flv files (e.g. ".flv")

Blog Entry
Flash Video Player 3.5

mod_geoip - IP location lookup

DEPRECATED
mod_geoip migration path: replace with mod_maxminddb
geoip.db-filename path to GeoIP Legacy database must be replaced with mod_maxminddb maxminddb.db, maxminddb.env, maxminddb.activate
geoip.memory-cache is obsolete
option description
geoip.db-filename path to the geoip or geocity database
geoip.memory-cache enable or disable GeoIP memory cache (default disabled)

mod_mysql_vhost - Mysql virtual hosting

DEPRECATED
mod_mysql_vhost migration path: replace with mod_vhostdb_mysql
mysql-vhost.* options translate to vhostdb.mysql = ( ... ) options
option description
mysql-vhost.hostname hostname of mysql server
mysql-vhost.db database name
mysql-vhost.user username to access database
mysql-vhost.pass password to access database
mysql-vhost.sql SQL statement to execute to obtain docroot
mysql-vhost.port port where to connect to database
mysql-vhost.sock socket where to connect to database

mod_secdownload - secure and fast download

DEPRECATED
mod_secdownload migration path: replace with lua mod_secdownload
mod_secdownload documentation

option description
secdownload.document-root path to the download area
secdownload.timeout how long in seconds is the secret valid
secdownload.uri-prefix prefix to url for download
secdownload.secret Secret string that will be used for the checksum calculation
secdownload.algorithm hash algorithm: "md5", "hmac-sha1", or "hmac-sha256"
secdownload.path-segments include only given number of path segments in hash digest calculation (since 1.4.46)
secdownload.hash-querystr include the query string in the hash digest calculation ("enable" or "disable") (since 1.4.46)

mod_trigger_b4_dl - trigger before download

DEPRECATED
mod_trigger_b4_dl migration path: replace with lua mod_trigger_b4_dl
option description
trigger-before-download.trigger-url url for trigger pages
trigger-before-download.trigger-timeout time for download link to live
trigger-before-download.download-url url for downloads
trigger-before-download.deny-url url to show when visitor denied a download
trigger-before-download.gdbm-filename path to gdm file
trigger-before-download.memcache-hosts hosts for the memcache.* functions
trigger-before-download.memcache-namespace (not used yet)
trigger-before-download.debug

mod_uploadprogress - upload progress

DEPRECATED
mod_uploadprogress migration path: replace with lua mod_uploadprogress
option description
upload-progress.progress-url

mod_usertrack - user track (cookies)

DEPRECATED
mod_usertrack migration path: replace with lua mod_usertrack
option description
usertrack.cookie-name default "TRACKID"
usertrack.cookie-attrs cookie attributes (path, domain, max-age, secure, HttpOnly, etc) (since 1.4.46)
~'_usertrack.cookiename_'~ (deprecated)
usertrack.cookie-domain (deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46)
usertrack.cookie-max-age (deprecated; subsumed by usertrack.cookie-attrs since lighttpd 1.4.46)

Updated by gstrauss 7 months ago · 176 revisions