Convert rewriteguide, perf-tuning and misc/index to xml.

Submitted by: Tim Gerundt <tim@gerundt.de>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96950 13f79535-47bb-0310-9956-ffa450edef68

8 files changed, 4950 insertions, 1969 deletions

diff --git a/docs/manual/misc/index.html b/docs/manual/misc/index.html
deleted file mode 100644
index eb40b5996f..0000000000
--- a/docs/manual/misc/index.html
+++ /dev/null
@@ -1,67 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Miscellaneous Documentation</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-    <!--#include virtual="header.html" -->
-
-    <h1 align="center">Apache Miscellaneous Documentation</h1>
-
-    <p>Below is a list of additional documentation pages that apply
-    to the Apache web server development project.</p>
-
-    <dl>
-      <dt><a href="custom_errordocs.html">How to use XSSI and
-      Negotiation for custom ErrorDocuments</a></dt>
-
-      <dd>Describes a solution which uses XSSI and negotiation to
-      custom-tailor the Apache ErrorDocuments to taste, adding the
-      advantage of returning internationalized versions of the
-      error messages depending on the client's language
-      preferences.</dd>
-
-      <dt><a href="descriptors.html">File Descriptor use in
-      Apache</a></dt>
-
-      <dd>Describes how Apache uses file descriptors and talks
-      about various limits imposed on the number of descriptors
-      available by various operating systems.</dd>
-
-      <dt><a
-      href="fin_wait_2.html"><samp>FIN_WAIT_2</samp></a></dt>
-
-      <dd>A description of the causes of Apache processes going
-      into the <samp>FIN_WAIT_2</samp> state, and what you can do
-      about it.</dd>
-
-      <dt><a href="known_client_problems.html">Known Client
-      Problems</a></dt>
-
-      <dd>A list of problems in HTTP clients which can be mitigated
-      by Apache.</dd>
-
-      <dt><a href="perf-tuning.html">Performance Notes -- Apache
-      Tuning</a></dt>
-
-      <dd>Notes about how to (run-time and compile-time) configure
-      Apache for highest performance. Notes explaining why Apache
-      does some things, and why it doesn't do other things (which
-      make it slower/faster).</dd>
-
-      <dt><a href="security_tips.html">Security Tips</a></dt>
-
-      <dd>Some "do"s - and "don't"s - for keeping your Apache web
-      site secure.</dd>
-    </dl>
-    <!--#include virtual="footer.html" -->
-  </body>
-</html>
-
diff --git a/docs/manual/misc/index.html.en b/docs/manual/misc/index.html.en
new file mode 100644
index 0000000000..89d335a178
--- /dev/null
+++ b/docs/manual/misc/index.html.en
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+              This file is generated from xml source: DO NOT EDIT
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+      --><title>Apache Miscellaneous Documentation - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body id="manual-page"><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a></div><div id="page-content"><div id="preamble"><h1>Apache Miscellaneous Documentation</h1>
+
+    <p>Below is a list of additional documentation pages that apply
+    to the Apache web server development project.</p>
+
+    <dl>
+      <dt><a href="custom_errordocs.html">How to use XSSI and
+      Negotiation for custom ErrorDocuments</a></dt>
+
+      <dd>
+        <p>Describes a solution which uses XSSI and negotiation to
+        custom-tailor the Apache ErrorDocuments to taste, adding the
+        advantage of returning internationalized versions of the
+        error messages depending on the client's language
+        preferences.</p>
+      </dd>
+
+      <dt><a href="descriptors.html">File Descriptor use in
+      Apache</a></dt>
+
+      <dd>
+        <p>Describes how Apache uses file descriptors and talks
+        about various limits imposed on the number of descriptors
+        available by various operating systems.</p>
+      </dd>
+
+      <dt><a href="fin_wait_2.html"><code>FIN_WAIT_2</code></a></dt>
+
+      <dd>
+        <p>A description of the causes of Apache processes going
+        into the <code>FIN_WAIT_2</code> state, and what you can do
+        about it.</p>
+      </dd>
+
+      <dt><a href="known_client_problems.html">Known Client
+      Problems</a></dt>
+
+      <dd>
+        <p>A list of problems in HTTP clients which can be mitigated
+        by Apache.</p>
+      </dd>
+
+      <dt><a href="perf-tuning.html">Performance Notes - Apache
+      Tuning</a></dt>
+
+      <dd>
+        <p>Notes about how to (run-time and compile-time) configure
+        Apache for highest performance. Notes explaining why Apache
+        does some things, and why it doesn't do other things (which
+        make it slower/faster).</p>
+
+        <div class="warning"><strong>Warning:</strong>
+        This document has not been fully updated
+        to take into account changes made in the 2.0 version of the
+        Apache HTTP Server. Some of the information may still be
+        relevant, but please use it with care.</div>
+
+      </dd>
+
+      <dt><a href="security_tips.html">Security Tips</a></dt>
+
+      <dd>
+        <p>Some "do"s - and "don't"s - for keeping your Apache web
+        site secure.</p>
+      </dd>
+    </dl>
+
+  </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
diff --git a/docs/manual/misc/index.xml b/docs/manual/misc/index.xml
new file mode 100644
index 0000000000..4b52d9aa31
--- /dev/null
+++ b/docs/manual/misc/index.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
+
+<manualpage>
+  <relativepath href=".." />
+
+  <title>Apache Miscellaneous Documentation</title>
+
+  <summary>
+
+    <p>Below is a list of additional documentation pages that apply
+    to the Apache web server development project.</p>
+
+    <dl>
+      <dt><a href="custom_errordocs.html">How to use XSSI and
+      Negotiation for custom ErrorDocuments</a></dt>
+
+      <dd>
+        <p>Describes a solution which uses XSSI and negotiation to
+        custom-tailor the Apache ErrorDocuments to taste, adding the
+        advantage of returning internationalized versions of the
+        error messages depending on the client's language
+        preferences.</p>
+      </dd>
+
+      <dt><a href="descriptors.html">File Descriptor use in
+      Apache</a></dt>
+
+      <dd>
+        <p>Describes how Apache uses file descriptors and talks
+        about various limits imposed on the number of descriptors
+        available by various operating systems.</p>
+      </dd>
+
+      <dt><a
+      href="fin_wait_2.html"><code>FIN_WAIT_2</code></a></dt>
+
+      <dd>
+        <p>A description of the causes of Apache processes going
+        into the <code>FIN_WAIT_2</code> state, and what you can do
+        about it.</p>
+      </dd>
+
+      <dt><a href="known_client_problems.html">Known Client
+      Problems</a></dt>
+
+      <dd>
+        <p>A list of problems in HTTP clients which can be mitigated
+        by Apache.</p>
+      </dd>
+
+      <dt><a href="perf-tuning.html">Performance Notes - Apache
+      Tuning</a></dt>
+
+      <dd>
+        <p>Notes about how to (run-time and compile-time) configure
+        Apache for highest performance. Notes explaining why Apache
+        does some things, and why it doesn't do other things (which
+        make it slower/faster).</p>
+
+        <note type="warning"><strong>Warning:</strong>
+        This document has not been fully updated
+        to take into account changes made in the 2.0 version of the
+        Apache HTTP Server. Some of the information may still be
+        relevant, but please use it with care.</note>
+
+      </dd>
+
+      <dt><a href="security_tips.html">Security Tips</a></dt>
+
+      <dd>
+        <p>Some "do"s - and "don't"s - for keeping your Apache web
+        site secure.</p>
+      </dd>
+    </dl>
+
+  </summary>
+
+</manualpage>
diff --git a/docs/manual/misc/perf-tuning.html b/docs/manual/misc/perf-tuning.html
deleted file mode 100644
index 586486e848..0000000000
--- a/docs/manual/misc/perf-tuning.html
+++ /dev/null
@@ -1,854 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache Performance Notes</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-    <!--#include virtual="header.html" -->
-
-    <blockquote>
-      <strong>Warning:</strong> This document has not been fully updated
-      to take into account changes made in the 2.0 version of the
-      Apache HTTP Server. Some of the information may still be
-      relevant, but please use it with care.
-    </blockquote>
-
-    <h1 align="center">Apache Performance Notes</h1>
-
-    <p>Author: Dean Gaudet</p>
-
-    <ul>
-      <li><a href="#introduction">Introduction</a></li>
-
-      <li><a href="#hardware">Hardware and Operating System
-      Issues</a></li>
-
-      <li><a href="#runtime">Run-Time Configuration Issues</a></li>
-
-      <li><a href="#compiletime">Compile-Time Configuration
-      Issues</a></li>
-
-      <li>
-        Appendixes 
-
-        <ul>
-          <li><a href="#trace">Detailed Analysis of a
-          Trace</a></li>
-        </ul>
-      </li>
-    </ul>
-    <hr />
-
-    <table border="1">
-      <tr>
-        <td valign="top"><strong>Related Modules</strong><br />
-         <br />
-         <a href="../mod/mod_dir.html">mod_dir</a><br />
-         <a href="../mod/mpm_common.html">Multi-Processing
-        module</a><br />
-         <a href="../mod/mod_status.html">mod_status</a><br />
-         </td>
-
-        <td valign="top"><strong>Related Directives</strong><br />
-         <br />
-         <a
-        href="../mod/core.html#allowoverride">AllowOverride</a><br />
-         <a
-        href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a><br />
-         <a
-        href="../mod/core.html#hostnamelookups">HostnameLookups</a><br />
-         <a
-        href="../mod/core.html#enablemmap">EnableMMAP</a><br />
-         <a
-        href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a><br />
-         <a
-        href="../mod/prefork.html#maxspareservers">MaxSpareServers</a><br />
-         <a
-        href="../mod/prefork.html#mixspareservers">MinSpareServers</a><br />
-         <a href="../mod/core.html#options">Options</a>
-        (FollowSymLinks and FollowIfOwnerMatch)<br />
-         <a
-        href="../mod/mpm_common.html#startservers">StartServers</a><br />
-         </td>
-      </tr>
-    </table>
-
-    <h3><a id="introduction"
-    name="introduction">Introduction</a></h3>
-
-    <p>Apache 2.0 is a general-purpose webserver, designed to
-    provide a balance of flexibility, portability, and performance.
-    Although it has not been designed specifically to set benchmark
-    records, Apache 2.0 is capable of high performance in many
-    real-world situations.</p>
-
-    <p>Compared to Apache 1.3, release 2.0 contains many additional
-    optimizations to increase throughput and scalability.  Most of
-    these improvements are enabled by default.  However, there are
-    compile-time and run-time configuration choices that can
-    significantly affect performance.  This document describes the
-    options that a server administrator can configure to tune the
-    performance of an Apache 2.0 installation.  Some of these
-    configuration options enable the httpd to better take advantage
-    of the capabilities of the hardware and OS, while others allow
-    the administrator to trade functionality for speed.</p>
-
-    <hr />
-
-    <h3><a id="hardware" name="hardware">Hardware and Operating
-    System Issues</a></h3>
-
-    <p>The single biggest hardware issue affecting webserver
-    performance is RAM. A webserver should never ever have to swap,
-    swapping increases the latency of each request beyond a point
-    that users consider "fast enough". This causes users to hit
-    stop and reload, further increasing the load. You can, and
-    should, control the <code>MaxClients</code> setting so that
-    your server does not spawn so many children it starts
-    swapping.</p>
-
-    <p>Beyond that the rest is mundane: get a fast enough CPU, a
-    fast enough network card, and fast enough disks, where "fast
-    enough" is something that needs to be determined by
-    experimentation.</p>
-
-    <p>Operating system choice is largely a matter of local
-    concerns. But some guidelines that have proven generally
-    useful are:</p>
-    <ul>
-      <li>Run the latest stable release and patchlevel of the
-      operating system that you choose.  Many OS suppliers have
-      introduced significant performance improvements to their
-      TCP stacks and thread libraries in recent years.</li>
-      <li>If your OS supports a sendfile(2) system call, make
-      sure you install the release and/or patches needed to
-      enable it.  (With Linux, for example, this means using
-      Linux 2.4 or later.  For early releases of Solaris 8,
-      you may need to apply a patch.)  On systems where it
-      is available, sendfile enables Apache 2 to deliver
-      static content faster and with lower CPU utilization.</li>
-    </ul>
-
-    <hr />
-
-    <h3><a id="runtime" name="runtime">Run-Time Configuration
-    Issues</a></h3>
-
-    <h4>HostnameLookups</h4>
-
-    <p>Prior to Apache 1.3, <code>HostnameLookups</code> defaulted
-    to On. This adds latency to every request because it requires a
-    DNS lookup to complete before the request is finished. In
-    Apache 1.3 this setting defaults to Off. However (1.3 or
-    later), if you use any <code>Allow from domain</code> or
-    <code>Deny from domain</code> directives then you will pay for
-    a double reverse DNS lookup (a reverse, followed by a forward
-    to make sure that the reverse is not being spoofed). So for the
-    highest performance avoid using these directives (it's fine to
-    use IP addresses rather than domain names).</p>
-
-    <p>Note that it's possible to scope the directives, such as
-    within a <code>&lt;Location /server-status&gt;</code> section.
-    In this case the DNS lookups are only performed on requests
-    matching the criteria. Here's an example which disables lookups
-    except for .html and .cgi files:</p>
-
-    <blockquote>
-<pre>
-HostnameLookups off
-&lt;Files ~ "\.(html|cgi)$"&gt;
-    HostnameLookups on
-&lt;/Files&gt;
-</pre>
-    </blockquote>
-    But even still, if you just need DNS names in some CGIs you
-    could consider doing the <code>gethostbyname</code> call in the
-    specific CGIs that need it. 
-
-    <p>Similarly, if you need to have hostname information in your
-    server logs in order to generate reports of this information,
-    you can postprocess your log file with <a
-    href="../programs/logresolve.html">logresolve</a>, so that
-    these lookups can be done without making the client wait. It is
-    recommended that you do this postprocessing, and any other
-    statistical analysis of the log file, somewhere other than your
-    production web server machine, in order that this activity does
-    not adversely affect server performance.</p>
-
-    <h4>FollowSymLinks and SymLinksIfOwnerMatch</h4>
-
-    <p>Wherever in your URL-space you do not have an <code>Options
-    FollowSymLinks</code>, or you do have an <code>Options
-    SymLinksIfOwnerMatch</code> Apache will have to issue extra
-    system calls to check up on symlinks. One extra call per
-    filename component. For example, if you had:</p>
-
-    <blockquote>
-<pre>
-DocumentRoot /www/htdocs
-&lt;Directory /&gt;
-    Options SymLinksIfOwnerMatch
-&lt;/Directory&gt;
-</pre>
-    </blockquote>
-    and a request is made for the URI <code>/index.html</code>.
-    Then Apache will perform <code>lstat(2)</code> on
-    <code>/www</code>, <code>/www/htdocs</code>, and
-    <code>/www/htdocs/index.html</code>. The results of these
-    <code>lstats</code> are never cached, so they will occur on
-    every single request. If you really desire the symlinks
-    security checking you can do something like this: 
-
-    <blockquote>
-<pre>
-DocumentRoot /www/htdocs
-&lt;Directory /&gt;
-    Options FollowSymLinks
-&lt;/Directory&gt;
-&lt;Directory /www/htdocs&gt;
-    Options -FollowSymLinks +SymLinksIfOwnerMatch
-&lt;/Directory&gt;
-</pre>
-    </blockquote>
-    This at least avoids the extra checks for the
-    <code>DocumentRoot</code> path. Note that you'll need to add
-    similar sections if you have any <code>Alias</code> or
-    <code>RewriteRule</code> paths outside of your document root.
-    For highest performance, and no symlink protection, set
-    <code>FollowSymLinks</code> everywhere, and never set
-    <code>SymLinksIfOwnerMatch</code>. 
-
-    <h4>AllowOverride</h4>
-
-    <p>Wherever in your URL-space you allow overrides (typically
-    <code>.htaccess</code> files) Apache will attempt to open
-    <code>.htaccess</code> for each filename component. For
-    example,</p>
-
-    <blockquote>
-<pre>
-DocumentRoot /www/htdocs
-&lt;Directory /&gt;
-    AllowOverride all
-&lt;/Directory&gt;
-</pre>
-    </blockquote>
-    and a request is made for the URI <code>/index.html</code>.
-    Then Apache will attempt to open <code>/.htaccess</code>,
-    <code>/www/.htaccess</code>, and
-    <code>/www/htdocs/.htaccess</code>. The solutions are similar
-    to the previous case of <code>Options FollowSymLinks</code>.
-    For highest performance use <code>AllowOverride None</code>
-    everywhere in your filesystem. 
-
-    <h4>Negotiation</h4>
-
-    <p>If at all possible, avoid content-negotiation if you're
-    really interested in every last ounce of performance. In
-    practice the benefits of negotiation outweigh the performance
-    penalties. There's one case where you can speed up the server.
-    Instead of using a wildcard such as:</p>
-
-    <blockquote>
-<pre>
-DirectoryIndex index
-</pre>
-    </blockquote>
-    Use a complete list of options: 
-
-    <blockquote>
-<pre>
-DirectoryIndex index.cgi index.pl index.shtml index.html
-</pre>
-    </blockquote>
-    where you list the most common choice first. 
-
-    <p>Also note that explicitly creating a <code>type-map</code>
-    file provides better performance than using
-    <code>MultiViews</code>, as the necessary information can be
-    determined by reading this single file, rather than having to
-    scan the directory for files.</p>
-
-    <h4>Memory-mapping</h4>
-
-    <p>In situations where Apache 2.0 needs to look at the contents
-    of a file being delivered--for example, when doing server-side-include
-    processing--it normally memory-maps the file if the OS supports
-    some form of mmap(2).
-    </p>
-
-    <p>On some platforms, this memory-mapping improves performance.
-    However, there are cases where memory-mapping can hurt the performance
-    or even the stability of the httpd:</p>
-
-    <ul>
-      <li>On some operating systems, mmap does not scale as well as
-      read(2) when the number of CPUs increases.  On multiprocessor
-      Solaris servers, for example, Apache 2.0 sometimes delivers
-      server-parsed files faster when mmap is disabled.</li>
-
-      <li>If you memory-map a file located on an NFS-mounted filesystem
-      and a process on another NFS client machine deletes or truncates
-      the file, your process may get a bus error the next time it tries
-      to access the mapped file content.</li>
-    </ul>
-
-    <p>For installations where either of these factors applies, you
-    should use <code>EnableMMAP off</code> to disable the memory-mapping
-    of delivered files.  (Note: This directive can be overridden on
-    a per-directory basis.)</p>
-
-    <h4>Process Creation</h4>
-
-    <p>Prior to Apache 1.3 the <code>MinSpareServers</code>,
-    <code>MaxSpareServers</code>, and <code>StartServers</code>
-    settings all had drastic effects on benchmark results. In
-    particular, Apache required a "ramp-up" period in order to
-    reach a number of children sufficient to serve the load being
-    applied. After the initial spawning of
-    <code>StartServers</code> children, only one child per second
-    would be created to satisfy the <code>MinSpareServers</code>
-    setting. So a server being accessed by 100 simultaneous
-    clients, using the default <code>StartServers</code> of 5 would
-    take on the order 95 seconds to spawn enough children to handle
-    the load. This works fine in practice on real-life servers,
-    because they aren't restarted frequently. But does really
-    poorly on benchmarks which might only run for ten minutes.</p>
-
-    <p>The one-per-second rule was implemented in an effort to
-    avoid swamping the machine with the startup of new children. If
-    the machine is busy spawning children it can't service
-    requests. But it has such a drastic effect on the perceived
-    performance of Apache that it had to be replaced. As of Apache
-    1.3, the code will relax the one-per-second rule. It will spawn
-    one, wait a second, then spawn two, wait a second, then spawn
-    four, and it will continue exponentially until it is spawning
-    32 children per second. It will stop whenever it satisfies the
-    <code>MinSpareServers</code> setting.</p>
-
-    <p>This appears to be responsive enough that it's almost
-    unnecessary to twiddle the <code>MinSpareServers</code>,
-    <code>MaxSpareServers</code> and <code>StartServers</code>
-    knobs. When more than 4 children are spawned per second, a
-    message will be emitted to the <code>ErrorLog</code>. If you
-    see a lot of these errors then consider tuning these settings.
-    Use the <code>mod_status</code> output as a guide.</p>
-
-    <p>Related to process creation is process death induced by the
-    <code>MaxRequestsPerChild</code> setting. By default this is 0,
-    which means that there is no limit to the number of requests
-    handled per child. If your configuration currently has this set
-    to some very low number, such as 30, you may want to bump this
-    up significantly. If you are running SunOS or an old version of
-    Solaris, limit this to 10000 or so because of memory leaks.</p>
-
-    <p>When keep-alives are in use, children will be kept busy
-    doing nothing waiting for more requests on the already open
-    connection. The default <code>KeepAliveTimeout</code> of 15
-    seconds attempts to minimize this effect. The tradeoff here is
-    between network bandwidth and server resources. In no event
-    should you raise this above about 60 seconds, as <a
-    href="http://www.research.digital.com/wrl/techreports/abstracts/95.4.html">
-    most of the benefits are lost</a>.</p>
-    <hr />
-
-    <h3><a id="compiletime" name="compiletime">Compile-Time
-    Configuration Issues</a></h3>
-
-    <h4>mod_status and ExtendedStatus On</h4>
-
-    <p>If you include <code>mod_status</code> and you also set
-    <code>ExtendedStatus On</code> when building and running
-    Apache, then on every request Apache will perform two calls to
-    <code>gettimeofday(2)</code> (or <code>times(2)</code>
-    depending on your operating system), and (pre-1.3) several
-    extra calls to <code>time(2)</code>. This is all done so that
-    the status report contains timing indications. For highest
-    performance, set <code>ExtendedStatus off</code> (which is the
-    default).</p>
-
-    <h4>accept Serialization - multiple sockets</h4>
-
-    <p>This discusses a shortcoming in the Unix socket API. Suppose
-    your web server uses multiple <code>Listen</code> statements to
-    listen on either multiple ports or multiple addresses. In order
-    to test each socket to see if a connection is ready Apache uses
-    <code>select(2)</code>. <code>select(2)</code> indicates that a
-    socket has <em>zero</em> or <em>at least one</em> connection
-    waiting on it. Apache's model includes multiple children, and
-    all the idle ones test for new connections at the same time. A
-    naive implementation looks something like this (these examples
-    do not match the code, they're contrived for pedagogical
-    purposes):</p>
-
-    <blockquote>
-<pre>
-    for (;;) {
-    for (;;) {
-        fd_set accept_fds;
-
-        FD_ZERO (&amp;accept_fds);
-        for (i = first_socket; i &lt;= last_socket; ++i) {
-        FD_SET (i, &amp;accept_fds);
-        }
-        rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
-        if (rc &lt; 1) continue;
-        new_connection = -1;
-        for (i = first_socket; i &lt;= last_socket; ++i) {
-        if (FD_ISSET (i, &amp;accept_fds)) {
-            new_connection = accept (i, NULL, NULL);
-            if (new_connection != -1) break;
-        }
-        }
-        if (new_connection != -1) break;
-    }
-    process the new_connection;
-    }
-</pre>
-    </blockquote>
-    But this naive implementation has a serious starvation problem.
-    Recall that multiple children execute this loop at the same
-    time, and so multiple children will block at
-    <code>select</code> when they are in between requests. All
-    those blocked children will awaken and return from
-    <code>select</code> when a single request appears on any socket
-    (the number of children which awaken varies depending on the
-    operating system and timing issues). They will all then fall
-    down into the loop and try to <code>accept</code> the
-    connection. But only one will succeed (assuming there's still
-    only one connection ready), the rest will be <em>blocked</em>
-    in <code>accept</code>. This effectively locks those children
-    into serving requests from that one socket and no other
-    sockets, and they'll be stuck there until enough new requests
-    appear on that socket to wake them all up. This starvation
-    problem was first documented in <a
-    href="http://bugs.apache.org/index/full/467">PR#467</a>. There
-    are at least two solutions. 
-
-    <p>One solution is to make the sockets non-blocking. In this
-    case the <code>accept</code> won't block the children, and they
-    will be allowed to continue immediately. But this wastes CPU
-    time. Suppose you have ten idle children in
-    <code>select</code>, and one connection arrives. Then nine of
-    those children will wake up, try to <code>accept</code> the
-    connection, fail, and loop back into <code>select</code>,
-    accomplishing nothing. Meanwhile none of those children are
-    servicing requests that occurred on other sockets until they
-    get back up to the <code>select</code> again. Overall this
-    solution does not seem very fruitful unless you have as many
-    idle CPUs (in a multiprocessor box) as you have idle children,
-    not a very likely situation.</p>
-
-    <p>Another solution, the one used by Apache, is to serialize
-    entry into the inner loop. The loop looks like this
-    (differences highlighted):</p>
-
-    <blockquote>
-<pre>
-    for (;;) {
-    <strong>accept_mutex_on ();</strong>
-    for (;;) {
-        fd_set accept_fds;
-
-        FD_ZERO (&amp;accept_fds);
-        for (i = first_socket; i &lt;= last_socket; ++i) {
-        FD_SET (i, &amp;accept_fds);
-        }
-        rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
-        if (rc &lt; 1) continue;
-        new_connection = -1;
-        for (i = first_socket; i &lt;= last_socket; ++i) {
-        if (FD_ISSET (i, &amp;accept_fds)) {
-            new_connection = accept (i, NULL, NULL);
-            if (new_connection != -1) break;
-        }
-        }
-        if (new_connection != -1) break;
-    }
-    <strong>accept_mutex_off ();</strong>
-    process the new_connection;
-    }
-</pre>
-    </blockquote>
-    <a id="serialize" name="serialize">The functions</a>
-    <code>accept_mutex_on</code> and <code>accept_mutex_off</code>
-    implement a mutual exclusion semaphore. Only one child can have
-    the mutex at any time. There are several choices for
-    implementing these mutexes. The choice is defined in
-    <code>src/conf.h</code> (pre-1.3) or
-    <code>src/include/ap_config.h</code> (1.3 or later). Some
-    architectures do not have any locking choice made, on these
-    architectures it is unsafe to use multiple <code>Listen</code>
-    directives. 
-
-    <dl>
-      <dt><code>USE_FLOCK_SERIALIZED_ACCEPT</code></dt>
-
-      <dd>This method uses the <code>flock(2)</code> system call to
-      lock a lock file (located by the <code>LockFile</code>
-      directive).</dd>
-
-      <dt><code>USE_FCNTL_SERIALIZED_ACCEPT</code></dt>
-
-      <dd>This method uses the <code>fcntl(2)</code> system call to
-      lock a lock file (located by the <code>LockFile</code>
-      directive).</dd>
-
-      <dt><code>USE_SYSVSEM_SERIALIZED_ACCEPT</code></dt>
-
-      <dd>(1.3 or later) This method uses SysV-style semaphores to
-      implement the mutex. Unfortunately SysV-style semaphores have
-      some bad side-effects. One is that it's possible Apache will
-      die without cleaning up the semaphore (see the
-      <code>ipcs(8)</code> man page). The other is that the
-      semaphore API allows for a denial of service attack by any
-      CGIs running under the same uid as the webserver
-      (<em>i.e.</em>, all CGIs, unless you use something like
-      suexec or cgiwrapper). For these reasons this method is not
-      used on any architecture except IRIX (where the previous two
-      are prohibitively expensive on most IRIX boxes).</dd>
-
-      <dt><code>USE_USLOCK_SERIALIZED_ACCEPT</code></dt>
-
-      <dd>(1.3 or later) This method is only available on IRIX, and
-      uses <code>usconfig(2)</code> to create a mutex. While this
-      method avoids the hassles of SysV-style semaphores, it is not
-      the default for IRIX. This is because on single processor
-      IRIX boxes (5.3 or 6.2) the uslock code is two orders of
-      magnitude slower than the SysV-semaphore code. On
-      multi-processor IRIX boxes the uslock code is an order of
-      magnitude faster than the SysV-semaphore code. Kind of a
-      messed up situation. So if you're using a multiprocessor IRIX
-      box then you should rebuild your webserver with
-      <code>-DUSE_USLOCK_SERIALIZED_ACCEPT</code> on the
-      <code>EXTRA_CFLAGS</code>.</dd>
-
-      <dt><code>USE_PTHREAD_SERIALIZED_ACCEPT</code></dt>
-
-      <dd>(1.3 or later) This method uses POSIX mutexes and should
-      work on any architecture implementing the full POSIX threads
-      specification, however appears to only work on Solaris (2.5
-      or later), and even then only in certain configurations. If
-      you experiment with this you should watch out for your server
-      hanging and not responding. Static content only servers may
-      work just fine.</dd>
-    </dl>
-
-    <p>If your system has another method of serialization which
-    isn't in the above list then it may be worthwhile adding code
-    for it (and submitting a patch back to Apache).</p>
-
-    <p>Another solution that has been considered but never
-    implemented is to partially serialize the loop -- that is, let
-    in a certain number of processes. This would only be of
-    interest on multiprocessor boxes where it's possible multiple
-    children could run simultaneously, and the serialization
-    actually doesn't take advantage of the full bandwidth. This is
-    a possible area of future investigation, but priority remains
-    low because highly parallel web servers are not the norm.</p>
-
-    <p>Ideally you should run servers without multiple
-    <code>Listen</code> statements if you want the highest
-    performance. But read on.</p>
-
-    <h4>accept Serialization - single socket</h4>
-
-    <p>The above is fine and dandy for multiple socket servers, but
-    what about single socket servers? In theory they shouldn't
-    experience any of these same problems because all children can
-    just block in <code>accept(2)</code> until a connection
-    arrives, and no starvation results. In practice this hides
-    almost the same "spinning" behaviour discussed above in the
-    non-blocking solution. The way that most TCP stacks are
-    implemented, the kernel actually wakes up all processes blocked
-    in <code>accept</code> when a single connection arrives. One of
-    those processes gets the connection and returns to user-space,
-    the rest spin in the kernel and go back to sleep when they
-    discover there's no connection for them. This spinning is
-    hidden from the user-land code, but it's there nonetheless.
-    This can result in the same load-spiking wasteful behaviour
-    that a non-blocking solution to the multiple sockets case
-    can.</p>
-
-    <p>For this reason we have found that many architectures behave
-    more "nicely" if we serialize even the single socket case. So
-    this is actually the default in almost all cases. Crude
-    experiments under Linux (2.0.30 on a dual Pentium pro 166
-    w/128Mb RAM) have shown that the serialization of the single
-    socket case causes less than a 3% decrease in requests per
-    second over unserialized single-socket. But unserialized
-    single-socket showed an extra 100ms latency on each request.
-    This latency is probably a wash on long haul lines, and only an
-    issue on LANs. If you want to override the single socket
-    serialization you can define
-    <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code> and then
-    single-socket servers will not serialize at all.</p>
-
-    <h4>Lingering Close</h4>
-
-    <p>As discussed in <a
-    href="http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt">
-    draft-ietf-http-connection-00.txt</a> section 8, in order for
-    an HTTP server to <strong>reliably</strong> implement the
-    protocol it needs to shutdown each direction of the
-    communication independently (recall that a TCP connection is
-    bi-directional, each half is independent of the other). This
-    fact is often overlooked by other servers, but is correctly
-    implemented in Apache as of 1.2.</p>
-
-    <p>When this feature was added to Apache it caused a flurry of
-    problems on various versions of Unix because of a
-    shortsightedness. The TCP specification does not state that the
-    FIN_WAIT_2 state has a timeout, but it doesn't prohibit it. On
-    systems without the timeout, Apache 1.2 induces many sockets
-    stuck forever in the FIN_WAIT_2 state. In many cases this can
-    be avoided by simply upgrading to the latest TCP/IP patches
-    supplied by the vendor. In cases where the vendor has never
-    released patches (<em>i.e.</em>, SunOS4 -- although folks with
-    a source license can patch it themselves) we have decided to
-    disable this feature.</p>
-
-    <p>There are two ways of accomplishing this. One is the socket
-    option <code>SO_LINGER</code>. But as fate would have it, this
-    has never been implemented properly in most TCP/IP stacks. Even
-    on those stacks with a proper implementation (<em>i.e.</em>,
-    Linux 2.0.31) this method proves to be more expensive (cputime)
-    than the next solution.</p>
-
-    <p>For the most part, Apache implements this in a function
-    called <code>lingering_close</code> (in
-    <code>http_main.c</code>). The function looks roughly like
-    this:</p>
-
-    <blockquote>
-<pre>
-    void lingering_close (int s)
-    {
-    char junk_buffer[2048];
-
-    /* shutdown the sending side */
-    shutdown (s, 1);
-
-    signal (SIGALRM, lingering_death);
-    alarm (30);
-
-    for (;;) {
-        select (s for reading, 2 second timeout);
-        if (error) break;
-        if (s is ready for reading) {
-        if (read (s, junk_buffer, sizeof (junk_buffer)) &lt;= 0) {
-            break;
-        }
-        /* just toss away whatever is here */
-        }
-    }
-
-    close (s);
-    }
-</pre>
-    </blockquote>
-    This naturally adds some expense at the end of a connection,
-    but it is required for a reliable implementation. As HTTP/1.1
-    becomes more prevalent, and all connections are persistent,
-    this expense will be amortized over more requests. If you want
-    to play with fire and disable this feature you can define
-    <code>NO_LINGCLOSE</code>, but this is not recommended at all.
-    In particular, as HTTP/1.1 pipelined persistent connections
-    come into use <code>lingering_close</code> is an absolute
-    necessity (and <a
-    href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html">
-    pipelined connections are faster</a>, so you want to support
-    them). 
-
-    <h4>Scoreboard File</h4>
-
-    <p>Apache's parent and children communicate with each other
-    through something called the scoreboard. Ideally this should be
-    implemented in shared memory. For those operating systems that
-    we either have access to, or have been given detailed ports
-    for, it typically is implemented using shared memory. The rest
-    default to using an on-disk file. The on-disk file is not only
-    slow, but it is unreliable (and less featured). Peruse the
-    <code>src/main/conf.h</code> file for your architecture and
-    look for either <code>USE_MMAP_SCOREBOARD</code> or
-    <code>USE_SHMGET_SCOREBOARD</code>. Defining one of those two
-    (as well as their companions <code>HAVE_MMAP</code> and
-    <code>HAVE_SHMGET</code> respectively) enables the supplied
-    shared memory code. If your system has another type of shared
-    memory, edit the file <code>src/main/http_main.c</code> and add
-    the hooks necessary to use it in Apache. (Send us back a patch
-    too please.)</p>
-
-    <p>Historical note: The Linux port of Apache didn't start to
-    use shared memory until version 1.2 of Apache. This oversight
-    resulted in really poor and unreliable behaviour of earlier
-    versions of Apache on Linux.</p>
-
-    <h4><code>DYNAMIC_MODULE_LIMIT</code></h4>
-
-    <p>If you have no intention of using dynamically loaded modules
-    (you probably don't if you're reading this and tuning your
-    server for every last ounce of performance) then you should add
-    <code>-DDYNAMIC_MODULE_LIMIT=0</code> when building your
-    server. This will save RAM that's allocated only for supporting
-    dynamically loaded modules.</p>
-    <hr />
-
-    <h3><a id="trace" name="trace">Appendix: Detailed Analysis of a
-    Trace</a></h3>
-    <p>Here is a system call trace of Apache 2.0.38 with the worker MPM
-    on Solaris 8.  This trace was collected using:</p>
-<blockquote>
-<code>truss -l -p <i>httpd_child_pid</i></code>.
-</blockquote>
-    <p>The <code>-l</code> option tells truss to log the ID of the
-    LWP (lightweight process--Solaris's form of kernel-level thread)
-    that invokes each system call.</p>
-
-    <p>Other systems may have different system call tracing utilities
-    such as <code>strace</code>, <code>ktrace</code>, or <code>par</code>.
-    They all produce similar output.</p>
-
-    <p>In this trace, a client has requested a 10KB static file
-    from the httpd.  Traces of non-static requests or requests
-    with content negotiation look wildly different (and quite ugly
-    in some cases).</p>
-
-<blockquote>
-<pre>
-/67:    accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...)
-/67:    accept(3, 0x00200BEC, 0x00200C0C, 1)            = 9
-</pre>
-</blockquote>
-<blockquote>
-<p>In this trace, the listener thread is running within LWP #67.</p>
-<p>Note the lack of accept(2) serialization.  On this particular
-platform, the worker MPM uses an unserialized accept by default
-unless it is listening on multiple ports.</p>
-</blockquote>
-<pre>
-/65:    lwp_park(0x00000000, 0)                         = 0
-/67:    lwp_unpark(65, 1)                               = 0
-</pre>
-<blockquote>
-<p>Upon accepting the connection, the listener thread wakes up
-a worker thread to do the request processing.  In this trace,
-the worker thread that handles the request is mapped to LWP #65.</p>
-</blockquote>
-<pre>
-/65:    getsockname(9, 0x00200BA4, 0x00200BC4, 1)       = 0
-</pre>
-<blockquote>
-<p>In order to implement virtual hosts, Apache needs to know
-the local socket address used to accept the connection.  It
-is possible to eliminate this call in many situations (such
-as when there are no virtual hosts, or when <code>Listen</code>
-directives are used which do not have wildcard addresses). But
-no effort has yet been made to do these optimizations. </p>
-</blockquote>
-<pre>
-/65:    brk(0x002170E8)                                 = 0
-/65:    brk(0x002190E8)                                 = 0
-</pre>
-<blockquote>
-<p>The brk(2) calls allocate memory from the heap.  It is rare
-to see these in a system call trace, because the httpd uses
-custom memory allocators (<code>apr_pool</code> and
-<code>apr_bucket_alloc</code>) for most request processing.
-In this trace, the httpd has just been started, so it must
-call malloc(3) to get the blocks of raw memory with which
-to create the custom memory allocators.</p>
-</blockquote>
-<pre>
-/65:    fcntl(9, F_GETFL, 0x00000000)                   = 2
-/65:    fstat64(9, 0xFAF7B818)                          = 0
-/65:    getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0
-/65:    fstat64(9, 0xFAF7B818)                          = 0
-/65:    getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0
-/65:    setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0
-/65:    fcntl(9, F_SETFL, 0x00000082)                   = 0
-</pre>
-<blockquote>
-<p>Next, the worker thread puts the connection to the client (file
-descriptor 9) in non-blocking mode.  The setsockopt(2) and getsockopt(2)
-calls are a side-effect of how Solaris's libc handles fcntl(2) on sockets.</p>
-</blockquote>
-<pre>
-/65:    read(9, " G E T   / 1 0 k . h t m".., 8000)     = 97
-</pre>
-<blockquote>
-<p>The worker thread reads the request from the client.</p>
-</blockquote>
-<pre>
-/65:    stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0
-/65:    open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10
-</pre>
-<blockquote>
-<p>This httpd has been configured with <code>Options FollowSymLinks</code>
-and <code>AllowOverride None</code>.  Thus it doesn't need to lstat(2)
-each directory in the path leading up to the requested file, nor
-check for <code>.htaccess</code> files.  It simply calls stat(2) to
-verify that the file: 1) exists, and 2) is a regular file, not a
-directory.</p>
-</blockquote>
-<pre>
-/65:    sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C)      = 10269
-</pre>
-<blockquote>
-<p>In this example, the httpd is able to send the HTTP response
-header and the requested file with a single sendfilev(2) system call.
-Sendfile semantics vary among operating systems.  On some other
-systems, it is necessary to do a write(2) or writev(2) call to
-send the headers before calling sendfile(2).</p>
-</blockquote>
-<pre>
-/65:    write(4, " 1 2 7 . 0 . 0 . 1   -  ".., 78)      = 78
-</pre>
-<blockquote>
-<p>This write(2) call records the request in the access log.
-Note that one thing missing from this trace is a time(2) call.
-Unlike Apache 1.3, Apache 2.0 uses gettimeofday(3) to look up
-the time.  On some operating systems, like Linux or Solaris,
-gettimeofday has an optimized implementation that doesn't require
-as much overhead as a typical system call.</p>
-</blockquote>
-<pre>
-/65:    shutdown(9, 1, 1)                               = 0
-/65:    poll(0xFAF7B980, 1, 2000)                       = 1
-/65:    read(9, 0xFAF7BC20, 512)                        = 0
-/65:    close(9)                                        = 0
-</pre>
-<blockquote>
-<p>The worker thread does a lingering close of the connection.</p>
-</blockquote>
-<pre>
-/65:    close(10)                                       = 0
-/65:    lwp_park(0x00000000, 0)         (sleeping...)
-</pre>
-<blockquote>
-<p>Finally the worker thread closes the file that it has just delivered
-and blocks until the listener assigns it another connection.</p>
-</blockquote>
-<pre>
-/67:    accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)
-</pre>
-<blockquote>
-<p>Meanwhile, the listener thread is able to accept another connection
-as soon as it has dispatched this connection to a worker thread (subject
-to some flow-control logic in the worker MPM that throttles the listener
-if all the available workers are busy).  Though it isn't apparent from
-this trace, the next accept(2) can (and usually does, under high load
-conditions) occur in parallel with the worker thread's handling of the
-just-accepted connection.</p>
-</blockquote>
-    <!--#include virtual="footer.html" -->
-  </body>
-</html>
-
diff --git a/docs/manual/misc/perf-tuning.html.en b/docs/manual/misc/perf-tuning.html.en
new file mode 100644
index 0000000000..08acc9f40a
--- /dev/null
+++ b/docs/manual/misc/perf-tuning.html.en
@@ -0,0 +1,842 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+              This file is generated from xml source: DO NOT EDIT
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+      --><title>Apache Performance Notes - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body id="manual-page"><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a></div><div id="page-content"><div id="preamble"><h1>Apache Performance Notes</h1>
+
+    <div class="warning"><strong>Warning:</strong>
+    This document has not been fully updated
+    to take into account changes made in the 2.0 version of the
+    Apache HTTP Server. Some of the information may still be
+    relevant, but please use it with care.</div>
+
+    <p>Orignally written by Dean Gaudet.</p>
+
+    <p>Apache 2.0 is a general-purpose webserver, designed to
+    provide a balance of flexibility, portability, and performance.
+    Although it has not been designed specifically to set benchmark
+    records, Apache 2.0 is capable of high performance in many
+    real-world situations.</p>
+
+    <p>Compared to Apache 1.3, release 2.0 contains many additional
+    optimizations to increase throughput and scalability. Most of
+    these improvements are enabled by default. However, there are
+    compile-time and run-time configuration choices that can
+    significantly affect performance. This document describes the
+    options that a server administrator can configure to tune the
+    performance of an Apache 2.0 installation. Some of these
+    configuration options enable the httpd to better take advantage
+    of the capabilities of the hardware and OS, while others allow
+    the administrator to trade functionality for speed.</p>
+
+  </div><div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#hardware">Hardware and Operating System Issues</a></li><li><img alt="" src="../images/down.gif" /> <a href="#runtime">Run-Time Configuration Issues</a></li><li><img alt="" src="../images/down.gif" /> <a href="#compiletime">Compile-Time Configuration Issues</a></li><li><img alt="" src="../images/down.gif" /> <a href="#trace">Appendix: Detailed Analysis of a Trace</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="hardware" id="hardware">Hardware and Operating System Issues</a></h2>
+
+    
+
+    <p>The single biggest hardware issue affecting webserver
+    performance is RAM. A webserver should never ever have to swap,
+    swapping increases the latency of each request beyond a point
+    that users consider "fast enough". This causes users to hit
+    stop and reload, further increasing the load. You can, and
+    should, control the <code class="directive"><a href="../mod/mpm_common.html#maxclients">MaxClients</a></code> setting so that your server
+    does not spawn so many children it starts swapping.</p>
+
+    <p>Beyond that the rest is mundane: get a fast enough CPU, a
+    fast enough network card, and fast enough disks, where "fast
+    enough" is something that needs to be determined by
+    experimentation.</p>
+
+    <p>Operating system choice is largely a matter of local
+    concerns. But some guidelines that have proven generally
+    useful are:</p>
+
+    <ul>
+      <li>
+        <p>Run the latest stable release and patchlevel of the
+        operating system that you choose. Many OS suppliers have
+        introduced significant performance improvements to their
+        TCP stacks and thread libraries in recent years.</p>
+      </li>
+
+      <li>
+        <p>If your OS supports a <code>sendfile(2)</code> system
+        call, make sure you install the release and/or patches
+        needed to enable it. (With Linux, for example, this means
+        using Linux 2.4 or later. For early releases of Solaris 8,
+        you may need to apply a patch.) On systems where it is
+        available, <code>sendfile</code> enables Apache 2 to deliver
+        static content faster and with lower CPU utilization.</p>
+      </li>
+    </ul>
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="runtime" id="runtime">Run-Time Configuration Issues</a></h2>
+
+    
+
+    <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code></li><li><code class="module"><a href="../mod/mpm_common.html">mpm_common</a></code></li><li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a></code></li><li><code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code></li><li><code class="directive"><a href="../mod/core.html#enablemmap">EnableMMAP</a></code></li><li><code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code></li><li><code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code></li><li><code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code></li></ul></td></tr></table>
+
+    <h3><code>HostnameLookups</code></h3>
+
+      
+
+      <p>Prior to Apache 1.3, <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> defaulted to <code>On</code>.
+      This adds latency to every request because it requires a
+      DNS lookup to complete before the request is finished. In
+      Apache 1.3 this setting defaults to <code>Off</code>.
+      However (1.3 or later), if you use any <code>Allow from domain</code>
+      or <code>Deny from domain</code> directives then you will pay for
+      a double reverse DNS lookup (a reverse, followed by a forward
+      to make sure that the reverse is not being spoofed). So for the
+      highest performance avoid using these directives (it's fine to
+      use IP addresses rather than domain names).</p>
+
+      <p>Note that it's possible to scope the directives, such as
+      within a <code>&lt;Location /server-status&gt;</code> section.
+      In this case the DNS lookups are only performed on requests
+      matching the criteria. Here's an example which disables lookups
+      except for <code>.html</code> and <code>.cgi</code> files:</p>
+
+<div class="example"><pre>
+HostnameLookups off
+&lt;Files ~ "\.(html|cgi)$"&gt;
+    HostnameLookups on
+&lt;/Files&gt;
+</pre></div>
+
+      <p>But even still, if you just need DNS names in some CGIs you
+      could consider doing the <code>gethostbyname</code> call in the
+      specific CGIs that need it.</p>
+
+      <p>Similarly, if you need to have hostname information in your
+      server logs in order to generate reports of this information,
+      you can postprocess your log file with <a href="../programs/logresolve.html"><code>logresolve</code></a>,
+      so that these lookups can be done without making the client wait.
+      It is recommended that you do this postprocessing, and any other
+      statistical analysis of the log file, somewhere other than your
+      production web server machine, in order that this activity does
+      not adversely affect server performance.</p>
+
+    
+
+    <h3><code>FollowSymLinks</code> and <code>SymLinksIfOwnerMatch</code></h3>
+
+      
+
+      <p>Wherever in your URL-space you do not have an <code>Options
+      FollowSymLinks</code>, or you do have an <code>Options
+      SymLinksIfOwnerMatch</code> Apache will have to issue extra
+      system calls to check up on symlinks. One extra call per
+      filename component. For example, if you had:</p>
+
+<div class="example"><pre>
+DocumentRoot /www/htdocs
+&lt;Directory /&gt;
+    Options SymLinksIfOwnerMatch
+&lt;/Directory&gt;
+</pre></div>
+
+      <p>and a request is made for the URI <code>/index.html</code>.
+      Then Apache will perform <code>lstat(2)</code> on
+      <code>/www</code>, <code>/www/htdocs</code>, and
+      <code>/www/htdocs/index.html</code>. The results of these
+      <code>lstats</code> are never cached, so they will occur on
+      every single request. If you really desire the symlinks
+      security checking you can do something like this:</p>
+
+<div class="example"><pre>
+DocumentRoot /www/htdocs
+&lt;Directory /&gt;
+    Options FollowSymLinks
+&lt;/Directory&gt;
+&lt;Directory /www/htdocs&gt;
+    Options -FollowSymLinks +SymLinksIfOwnerMatch
+&lt;/Directory&gt;
+</pre></div>
+
+      <p>This at least avoids the extra checks for the
+      <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> path.
+      Note that you'll need to add similar sections if you
+      have any <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code> or
+      <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> paths
+      outside of your document root. For highest performance,
+      and no symlink protection, set <code>FollowSymLinks</code>
+      everywhere, and never set <code>SymLinksIfOwnerMatch</code>.</p>
+
+    
+
+    <h3><code>AllowOverride</code></h3>
+
+      
+
+      <p>Wherever in your URL-space you allow overrides (typically
+      <code>.htaccess</code> files) Apache will attempt to open
+      <code>.htaccess</code> for each filename component. For
+      example,</p>
+
+<div class="example"><pre>
+DocumentRoot /www/htdocs
+&lt;Directory /&gt;
+    AllowOverride all
+&lt;/Directory&gt;
+</pre></div>
+
+      <p>and a request is made for the URI <code>/index.html</code>.
+      Then Apache will attempt to open <code>/.htaccess</code>,
+      <code>/www/.htaccess</code>, and
+      <code>/www/htdocs/.htaccess</code>. The solutions are similar
+      to the previous case of <code>Options FollowSymLinks</code>.
+      For highest performance use <code>AllowOverride None</code>
+      everywhere in your filesystem.</p>
+
+    
+
+    <h3>Negotiation</h3>
+
+      
+
+      <p>If at all possible, avoid content-negotiation if you're
+      really interested in every last ounce of performance. In
+      practice the benefits of negotiation outweigh the performance
+      penalties. There's one case where you can speed up the server.
+      Instead of using a wildcard such as:</p>
+
+<div class="example"><pre>
+DirectoryIndex index
+</pre></div>
+
+    <p>Use a complete list of options:</p>
+
+<div class="example"><pre>
+DirectoryIndex index.cgi index.pl index.shtml index.html
+</pre></div>
+
+      <p>where you list the most common choice first.</p>
+
+      <p>Also note that explicitly creating a <code>type-map</code>
+      file provides better performance than using
+      <code>MultiViews</code>, as the necessary information can be
+      determined by reading this single file, rather than having to
+      scan the directory for files.</p>
+
+    
+
+    <h3>Memory-mapping</h3>
+
+      
+
+      <p>In situations where Apache 2.0 needs to look at the contents
+      of a file being delivered--for example, when doing server-side-include
+      processing--it normally memory-maps the file if the OS supports
+      some form of <code>mmap(2)</code>.</p>
+
+      <p>On some platforms, this memory-mapping improves performance.
+      However, there are cases where memory-mapping can hurt the performance
+      or even the stability of the httpd:</p>
+
+      <ul>
+        <li>
+          <p>On some operating systems, <code>mmap</code> does not scale
+          as well as <code>read(2)</code> when the number of CPUs increases.
+          On multiprocessor Solaris servers, for example, Apache 2.0 sometimes
+          delivers server-parsed files faster when <code>mmap</code> is disabled.</p>
+        </li>
+
+        <li>
+          <p>If you memory-map a file located on an NFS-mounted filesystem
+          and a process on another NFS client machine deletes or truncates
+          the file, your process may get a bus error the next time it tries
+          to access the mapped file content.</p>
+        </li>
+      </ul>
+
+      <p>For installations where either of these factors applies, you
+      should use <code>EnableMMAP off</code> to disable the memory-mapping
+      of delivered files. (Note: This directive can be overridden on
+      a per-directory basis.)</p>
+
+    
+
+    <h3>Process Creation</h3>
+
+      
+
+      <p>Prior to Apache 1.3 the <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code>, and <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> settings all had drastic effects on
+      benchmark results. In particular, Apache required a "ramp-up"
+      period in order to reach a number of children sufficient to serve
+      the load being applied. After the initial spawning of
+      <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> children,
+      only one child per second would be created to satisfy the
+      <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>
+      setting. So a server being accessed by 100 simultaneous
+      clients, using the default <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> of <code>5</code> would take on
+      the order 95 seconds to spawn enough children to handle
+      the load. This works fine in practice on real-life servers,
+      because they aren't restarted frequently. But does really
+      poorly on benchmarks which might only run for ten minutes.</p>
+
+      <p>The one-per-second rule was implemented in an effort to
+      avoid swamping the machine with the startup of new children. If
+      the machine is busy spawning children it can't service
+      requests. But it has such a drastic effect on the perceived
+      performance of Apache that it had to be replaced. As of Apache
+      1.3, the code will relax the one-per-second rule. It will spawn
+      one, wait a second, then spawn two, wait a second, then spawn
+      four, and it will continue exponentially until it is spawning
+      32 children per second. It will stop whenever it satisfies the
+      <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>
+      setting.</p>
+
+      <p>This appears to be responsive enough that it's almost
+      unnecessary to twiddle the <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code> and <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> knobs. When more than 4 children are
+      spawned per second, a message will be emitted to the
+      <code class="directive"><a href="../mod/core.html#errorlog">ErrorLog</a></code>. If you
+      see a lot of these errors then consider tuning these settings.
+      Use the <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> output as a guide.</p>
+
+    <p>Related to process creation is process death induced by the
+    <code class="directive"><a href="../mod/mpm_common.html#maxrequestsperchild">MaxRequestsPerChild</a></code>
+    setting. By default this is <code>0</code>,
+    which means that there is no limit to the number of requests
+    handled per child. If your configuration currently has this set
+    to some very low number, such as <code>30</code>, you may want to bump this
+    up significantly. If you are running SunOS or an old version of
+    Solaris, limit this to <code>10000</code> or so because of memory leaks.</p>
+
+    <p>When keep-alives are in use, children will be kept busy
+    doing nothing waiting for more requests on the already open
+    connection. The default <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> of <code>15</code>
+    seconds attempts to minimize this effect. The tradeoff here is
+    between network bandwidth and server resources. In no event
+    should you raise this above about <code>60</code> seconds, as <a href="http://www.research.digital.com/wrl/techreports/abstracts/95.4.html">
+    most of the benefits are lost</a>.</p>
+
+    
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="compiletime" id="compiletime">Compile-Time Configuration Issues</a></h2>
+
+    
+
+    <h3>mod_status and ExtendedStatus On</h3>
+
+      
+
+      <p>If you include <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> and you also set
+      <code>ExtendedStatus On</code> when building and running
+      Apache, then on every request Apache will perform two calls to
+      <code>gettimeofday(2)</code> (or <code>times(2)</code>
+      depending on your operating system), and (pre-1.3) several
+      extra calls to <code>time(2)</code>. This is all done so that
+      the status report contains timing indications. For highest
+      performance, set <code>ExtendedStatus off</code> (which is the
+      default).</p>
+
+    
+
+    <h3>accept Serialization - multiple sockets</h3>
+
+      
+
+      <p>This discusses a shortcoming in the Unix socket API. Suppose
+      your web server uses multiple <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> statements to listen on either multiple
+      ports or multiple addresses. In order to test each socket
+      to see if a connection is ready Apache uses
+      <code>select(2)</code>. <code>select(2)</code> indicates that a
+      socket has <em>zero</em> or <em>at least one</em> connection
+      waiting on it. Apache's model includes multiple children, and
+      all the idle ones test for new connections at the same time. A
+      naive implementation looks something like this (these examples
+      do not match the code, they're contrived for pedagogical
+      purposes):</p>
+
+<div class="example"><pre>
+    for (;;) {
+    for (;;) {
+        fd_set accept_fds;
+
+        FD_ZERO (&amp;accept_fds);
+        for (i = first_socket; i &lt;= last_socket; ++i) {
+        FD_SET (i, &amp;accept_fds);
+        }
+        rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
+        if (rc &lt; 1) continue;
+        new_connection = -1;
+        for (i = first_socket; i &lt;= last_socket; ++i) {
+        if (FD_ISSET (i, &amp;accept_fds)) {
+            new_connection = accept (i, NULL, NULL);
+            if (new_connection != -1) break;
+        }
+        }
+        if (new_connection != -1) break;
+    }
+    process the new_connection;
+    }
+</pre></div>
+
+      <p>But this naive implementation has a serious starvation problem.
+      Recall that multiple children execute this loop at the same
+      time, and so multiple children will block at
+      <code>select</code> when they are in between requests. All
+      those blocked children will awaken and return from
+      <code>select</code> when a single request appears on any socket
+      (the number of children which awaken varies depending on the
+      operating system and timing issues). They will all then fall
+      down into the loop and try to <code>accept</code> the
+      connection. But only one will succeed (assuming there's still
+      only one connection ready), the rest will be <em>blocked</em>
+      in <code>accept</code>. This effectively locks those children
+      into serving requests from that one socket and no other
+      sockets, and they'll be stuck there until enough new requests
+      appear on that socket to wake them all up. This starvation
+      problem was first documented in <a href="http://bugs.apache.org/index/full/467">PR#467</a>. There
+      are at least two solutions.</p>
+
+      <p>One solution is to make the sockets non-blocking. In this
+      case the <code>accept</code> won't block the children, and they
+      will be allowed to continue immediately. But this wastes CPU
+      time. Suppose you have ten idle children in
+      <code>select</code>, and one connection arrives. Then nine of
+      those children will wake up, try to <code>accept</code> the
+      connection, fail, and loop back into <code>select</code>,
+      accomplishing nothing. Meanwhile none of those children are
+      servicing requests that occurred on other sockets until they
+      get back up to the <code>select</code> again. Overall this
+      solution does not seem very fruitful unless you have as many
+      idle CPUs (in a multiprocessor box) as you have idle children,
+      not a very likely situation.</p>
+
+      <p>Another solution, the one used by Apache, is to serialize
+      entry into the inner loop. The loop looks like this
+      (differences highlighted):</p>
+
+<div class="example"><pre>
+    for (;;) {
+    <strong>accept_mutex_on ();</strong>
+    for (;;) {
+        fd_set accept_fds;
+
+        FD_ZERO (&amp;accept_fds);
+        for (i = first_socket; i &lt;= last_socket; ++i) {
+        FD_SET (i, &amp;accept_fds);
+        }
+        rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
+        if (rc &lt; 1) continue;
+        new_connection = -1;
+        for (i = first_socket; i &lt;= last_socket; ++i) {
+        if (FD_ISSET (i, &amp;accept_fds)) {
+            new_connection = accept (i, NULL, NULL);
+            if (new_connection != -1) break;
+        }
+        }
+        if (new_connection != -1) break;
+    }
+    <strong>accept_mutex_off ();</strong>
+    process the new_connection;
+    }
+</pre></div>
+
+      <p><a id="serialize" name="serialize">The functions</a>
+      <code>accept_mutex_on</code> and <code>accept_mutex_off</code>
+      implement a mutual exclusion semaphore. Only one child can have
+      the mutex at any time. There are several choices for
+      implementing these mutexes. The choice is defined in
+      <code>src/conf.h</code> (pre-1.3) or
+      <code>src/include/ap_config.h</code> (1.3 or later). Some
+      architectures do not have any locking choice made, on these
+      architectures it is unsafe to use multiple
+      <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code>
+      directives.</p>
+
+      <dl>
+        <dt><code>USE_FLOCK_SERIALIZED_ACCEPT</code></dt>
+
+        <dd>
+          <p>This method uses the <code>flock(2)</code> system call to
+          lock a lock file (located by the <code class="directive"><a href="../mod/mpm_common.html#lockfile">LockFile</a></code> directive).</p>
+        </dd>
+
+        <dt><code>USE_FCNTL_SERIALIZED_ACCEPT</code></dt>
+
+        <dd>
+          <p>This method uses the <code>fcntl(2)</code> system call to
+          lock a lock file (located by the <code class="directive"><a href="../mod/mpm_common.html#lockfile">LockFile</a></code> directive).</p>
+        </dd>
+
+        <dt><code>USE_SYSVSEM_SERIALIZED_ACCEPT</code></dt>
+
+        <dd>
+          <p>(1.3 or later) This method uses SysV-style semaphores to
+          implement the mutex. Unfortunately SysV-style semaphores have
+          some bad side-effects. One is that it's possible Apache will
+          die without cleaning up the semaphore (see the
+          <code>ipcs(8)</code> man page). The other is that the
+          semaphore API allows for a denial of service attack by any
+          CGIs running under the same uid as the webserver
+          (<em>i.e.</em>, all CGIs, unless you use something like
+          <code>suexec</code> or <code>cgiwrapper</code>). For these
+          reasons this method is not used on any architecture except
+          IRIX (where the previous two are prohibitively expensive
+          on most IRIX boxes).</p>
+        </dd>
+
+        <dt><code>USE_USLOCK_SERIALIZED_ACCEPT</code></dt>
+
+        <dd>
+          <p>(1.3 or later) This method is only available on IRIX, and
+          uses <code>usconfig(2)</code> to create a mutex. While this
+          method avoids the hassles of SysV-style semaphores, it is not
+          the default for IRIX. This is because on single processor
+          IRIX boxes (5.3 or 6.2) the uslock code is two orders of
+          magnitude slower than the SysV-semaphore code. On
+          multi-processor IRIX boxes the uslock code is an order of
+          magnitude faster than the SysV-semaphore code. Kind of a
+          messed up situation. So if you're using a multiprocessor IRIX
+          box then you should rebuild your webserver with
+          <code>-DUSE_USLOCK_SERIALIZED_ACCEPT</code> on the
+          <code>EXTRA_CFLAGS</code>.</p>
+        </dd>
+
+        <dt><code>USE_PTHREAD_SERIALIZED_ACCEPT</code></dt>
+
+        <dd>
+          <p>(1.3 or later) This method uses POSIX mutexes and should
+          work on any architecture implementing the full POSIX threads
+          specification, however appears to only work on Solaris (2.5
+          or later), and even then only in certain configurations. If
+          you experiment with this you should watch out for your server
+          hanging and not responding. Static content only servers may
+          work just fine.</p>
+        </dd>
+      </dl>
+
+      <p>If your system has another method of serialization which
+      isn't in the above list then it may be worthwhile adding code
+      for it (and submitting a patch back to Apache).</p>
+
+      <p>Another solution that has been considered but never
+      implemented is to partially serialize the loop -- that is, let
+      in a certain number of processes. This would only be of
+      interest on multiprocessor boxes where it's possible multiple
+      children could run simultaneously, and the serialization
+      actually doesn't take advantage of the full bandwidth. This is
+      a possible area of future investigation, but priority remains
+      low because highly parallel web servers are not the norm.</p>
+
+      <p>Ideally you should run servers without multiple
+      <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code>
+      statements if you want the highest performance.
+      But read on.</p>
+
+    
+
+    <h3>accept Serialization - single socket</h3>
+
+      
+
+      <p>The above is fine and dandy for multiple socket servers, but
+      what about single socket servers? In theory they shouldn't
+      experience any of these same problems because all children can
+      just block in <code>accept(2)</code> until a connection
+      arrives, and no starvation results. In practice this hides
+      almost the same "spinning" behaviour discussed above in the
+      non-blocking solution. The way that most TCP stacks are
+      implemented, the kernel actually wakes up all processes blocked
+      in <code>accept</code> when a single connection arrives. One of
+      those processes gets the connection and returns to user-space,
+      the rest spin in the kernel and go back to sleep when they
+      discover there's no connection for them. This spinning is
+      hidden from the user-land code, but it's there nonetheless.
+      This can result in the same load-spiking wasteful behaviour
+      that a non-blocking solution to the multiple sockets case
+      can.</p>
+
+      <p>For this reason we have found that many architectures behave
+      more "nicely" if we serialize even the single socket case. So
+      this is actually the default in almost all cases. Crude
+      experiments under Linux (2.0.30 on a dual Pentium pro 166
+      w/128Mb RAM) have shown that the serialization of the single
+      socket case causes less than a 3% decrease in requests per
+      second over unserialized single-socket. But unserialized
+      single-socket showed an extra 100ms latency on each request.
+      This latency is probably a wash on long haul lines, and only an
+      issue on LANs. If you want to override the single socket
+      serialization you can define
+      <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code> and then
+      single-socket servers will not serialize at all.</p>
+
+    
+
+    <h3>Lingering Close</h3>
+
+      
+
+      <p>As discussed in <a href="http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt">
+      draft-ietf-http-connection-00.txt</a> section 8, in order for
+      an HTTP server to <strong>reliably</strong> implement the
+      protocol it needs to shutdown each direction of the
+      communication independently (recall that a TCP connection is
+      bi-directional, each half is independent of the other). This
+      fact is often overlooked by other servers, but is correctly
+      implemented in Apache as of 1.2.</p>
+
+      <p>When this feature was added to Apache it caused a flurry of
+      problems on various versions of Unix because of a
+      shortsightedness. The TCP specification does not state that the
+      <code>FIN_WAIT_2</code> state has a timeout, but it doesn't prohibit it.
+      On systems without the timeout, Apache 1.2 induces many sockets
+      stuck forever in the <code>FIN_WAIT_2</code> state. In many cases this
+      can be avoided by simply upgrading to the latest TCP/IP patches
+      supplied by the vendor. In cases where the vendor has never
+      released patches (<em>i.e.</em>, SunOS4 -- although folks with
+      a source license can patch it themselves) we have decided to
+      disable this feature.</p>
+
+      <p>There are two ways of accomplishing this. One is the socket
+      option <code>SO_LINGER</code>. But as fate would have it, this
+      has never been implemented properly in most TCP/IP stacks. Even
+      on those stacks with a proper implementation (<em>i.e.</em>,
+      Linux 2.0.31) this method proves to be more expensive (cputime)
+      than the next solution.</p>
+
+      <p>For the most part, Apache implements this in a function
+      called <code>lingering_close</code> (in
+      <code>http_main.c</code>). The function looks roughly like
+      this:</p>
+
+<div class="example"><pre>
+    void lingering_close (int s)
+    {
+    char junk_buffer[2048];
+
+    /* shutdown the sending side */
+    shutdown (s, 1);
+
+    signal (SIGALRM, lingering_death);
+    alarm (30);
+
+    for (;;) {
+        select (s for reading, 2 second timeout);
+        if (error) break;
+        if (s is ready for reading) {
+        if (read (s, junk_buffer, sizeof (junk_buffer)) &lt;= 0) {
+            break;
+        }
+        /* just toss away whatever is here */
+        }
+    }
+
+    close (s);
+    }
+</pre></div>
+
+      <p>This naturally adds some expense at the end of a connection,
+      but it is required for a reliable implementation. As HTTP/1.1
+      becomes more prevalent, and all connections are persistent,
+      this expense will be amortized over more requests. If you want
+      to play with fire and disable this feature you can define
+      <code>NO_LINGCLOSE</code>, but this is not recommended at all.
+      In particular, as HTTP/1.1 pipelined persistent connections
+      come into use <code>lingering_close</code> is an absolute
+      necessity (and <a href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html">
+      pipelined connections are faster</a>, so you want to support
+      them).</p>
+
+    
+
+    <h3>Scoreboard File</h3>
+
+      
+
+      <p>Apache's parent and children communicate with each other
+      through something called the scoreboard. Ideally this should be
+      implemented in shared memory. For those operating systems that
+      we either have access to, or have been given detailed ports
+      for, it typically is implemented using shared memory. The rest
+      default to using an on-disk file. The on-disk file is not only
+      slow, but it is unreliable (and less featured). Peruse the
+      <code>src/main/conf.h</code> file for your architecture and
+      look for either <code>USE_MMAP_SCOREBOARD</code> or
+      <code>USE_SHMGET_SCOREBOARD</code>. Defining one of those two
+      (as well as their companions <code>HAVE_MMAP</code> and
+      <code>HAVE_SHMGET</code> respectively) enables the supplied
+      shared memory code. If your system has another type of shared
+      memory, edit the file <code>src/main/http_main.c</code> and add
+      the hooks necessary to use it in Apache. (Send us back a patch
+      too please.)</p>
+
+      <div class="note">Historical note: The Linux port of Apache didn't start to
+      use shared memory until version 1.2 of Apache. This oversight
+      resulted in really poor and unreliable behaviour of earlier
+      versions of Apache on Linux.</div>
+
+    
+
+    <h3><code>DYNAMIC_MODULE_LIMIT</code></h3>
+
+      
+
+      <p>If you have no intention of using dynamically loaded modules
+      (you probably don't if you're reading this and tuning your
+      server for every last ounce of performance) then you should add
+      <code>-DDYNAMIC_MODULE_LIMIT=0</code> when building your
+      server. This will save RAM that's allocated only for supporting
+      dynamically loaded modules.</p>
+
+    
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="trace" id="trace">Appendix: Detailed Analysis of a Trace</a></h2>
+
+    
+
+    <p>Here is a system call trace of Apache 2.0.38 with the worker MPM
+    on Solaris 8. This trace was collected using:</p>
+
+    <div class="example"><p><code>
+      truss -l -p <em>httpd_child_pid</em>.
+    </code></p></div>
+
+    <p>The <code>-l</code> option tells truss to log the ID of the
+    LWP (lightweight process--Solaris's form of kernel-level thread)
+    that invokes each system call.</p>
+
+    <p>Other systems may have different system call tracing utilities
+    such as <code>strace</code>, <code>ktrace</code>, or <code>par</code>.
+    They all produce similar output.</p>
+
+    <p>In this trace, a client has requested a 10KB static file
+    from the httpd. Traces of non-static requests or requests
+    with content negotiation look wildly different (and quite ugly
+    in some cases).</p>
+
+<div class="example"><pre>
+/67:    accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...)
+/67:    accept(3, 0x00200BEC, 0x00200C0C, 1)            = 9
+</pre></div>
+
+    <p>In this trace, the listener thread is running within LWP #67.</p>
+
+    <div class="note">Note the lack of <code>accept(2)</code> serialization. On this
+    particular platform, the worker MPM uses an unserialized accept by
+    default unless it is listening on multiple ports.</div>
+
+<div class="example"><pre>
+/65:    lwp_park(0x00000000, 0)                         = 0
+/67:    lwp_unpark(65, 1)                               = 0
+</pre></div>
+
+    <p>Upon accepting the connection, the listener thread wakes up
+    a worker thread to do the request processing. In this trace,
+    the worker thread that handles the request is mapped to LWP #65.</p>
+
+<div class="example"><pre>
+/65:    getsockname(9, 0x00200BA4, 0x00200BC4, 1)       = 0
+</pre></div>
+
+    <p>In order to implement virtual hosts, Apache needs to know
+    the local socket address used to accept the connection. It
+    is possible to eliminate this call in many situations (such
+    as when there are no virtual hosts, or when
+    <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> directives
+    are used which do not have wildcard addresses). But
+    no effort has yet been made to do these optimizations. </p>
+
+<div class="example"><pre>
+/65:    brk(0x002170E8)                                 = 0
+/65:    brk(0x002190E8)                                 = 0
+</pre></div>
+
+    <p>The <code>brk(2)</code> calls allocate memory from the heap.
+    It is rare to see these in a system call trace, because the httpd
+    uses custom memory allocators (<code>apr_pool</code> and
+    <code>apr_bucket_alloc</code>) for most request processing.
+    In this trace, the httpd has just been started, so it must
+    call <code>malloc(3)</code> to get the blocks of raw memory
+    with which to create the custom memory allocators.</p>
+
+<div class="example"><pre>
+/65:    fcntl(9, F_GETFL, 0x00000000)                   = 2
+/65:    fstat64(9, 0xFAF7B818)                          = 0
+/65:    getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0
+/65:    fstat64(9, 0xFAF7B818)                          = 0
+/65:    getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0
+/65:    setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0
+/65:    fcntl(9, F_SETFL, 0x00000082)                   = 0
+</pre></div>
+
+    <p>Next, the worker thread puts the connection to the client (file
+    descriptor 9) in non-blocking mode. The <code>setsockopt(2)</code>
+    and <code>getsockopt(2)</code> calls are a side-effect of how
+    Solaris's libc handles <code>fcntl(2)</code> on sockets.</p>
+
+<div class="example"><pre>
+/65:    read(9, " G E T   / 1 0 k . h t m".., 8000)     = 97
+</pre></div>
+
+    <p>The worker thread reads the request from the client.</p>
+
+<div class="example"><pre>
+/65:    stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0
+/65:    open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10
+</pre></div>
+
+    <p>This httpd has been configured with <code>Options FollowSymLinks</code>
+    and <code>AllowOverride None</code>.  Thus it doesn't need to
+    <code>lstat(2)</code> each directory in the path leading up to the
+    requested file, nor check for <code>.htaccess</code> files.
+    It simply calls <code>stat(2)</code> to verify that the file:
+    1) exists, and 2) is a regular file, not a directory.</p>
+
+<div class="example"><pre>
+/65:    sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C)      = 10269
+</pre></div>
+
+    <p>In this example, the httpd is able to send the HTTP response
+    header and the requested file with a single <code>sendfilev(2)</code>
+    system call. Sendfile semantics vary among operating systems. On some other
+    systems, it is necessary to do a <code>write(2)</code> or
+    <code>writev(2)</code> call to send the headers before calling
+    <code>sendfile(2)</code>.</p>
+
+<div class="example"><pre>
+/65:    write(4, " 1 2 7 . 0 . 0 . 1   -  ".., 78)      = 78
+</pre></div>
+
+    <p>This <code>write(2)</code> call records the request in the
+    access log. Note that one thing missing from this trace is a
+    <code>time(2)</code> call. Unlike Apache 1.3, Apache 2.0 uses
+    <code>gettimeofday(3)</code> to look up the time. On some operating
+    systems, like Linux or Solaris, <code>gettimeofday</code> has an
+    optimized implementation that doesn't require as much overhead
+    as a typical system call.</p>
+
+<div class="example"><pre>
+/65:    shutdown(9, 1, 1)                               = 0
+/65:    poll(0xFAF7B980, 1, 2000)                       = 1
+/65:    read(9, 0xFAF7BC20, 512)                        = 0
+/65:    close(9)                                        = 0
+</pre></div>
+
+    <p>The worker thread does a lingering close of the connection.</p>
+
+<div class="example"><pre>
+/65:    close(10)                                       = 0
+/65:    lwp_park(0x00000000, 0)         (sleeping...)
+</pre></div>
+
+    <p>Finally the worker thread closes the file that it has just delivered
+    and blocks until the listener assigns it another connection.</p>
+
+<div class="example"><pre>
+/67:    accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)
+</pre></div>
+
+    <p>Meanwhile, the listener thread is able to accept another connection
+    as soon as it has dispatched this connection to a worker thread (subject
+    to some flow-control logic in the worker MPM that throttles the listener
+    if all the available workers are busy).  Though it isn't apparent from
+    this trace, the next <code>accept(2)</code> can (and usually does, under
+    high load conditions) occur in parallel with the worker thread's handling
+    of the just-accepted connection.</p>
+
+  </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
diff --git a/docs/manual/misc/perf-tuning.xml b/docs/manual/misc/perf-tuning.xml
new file mode 100644
index 0000000000..ddb3420d21
--- /dev/null
+++ b/docs/manual/misc/perf-tuning.xml
@@ -0,0 +1,891 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
+
+<manualpage>
+  <relativepath href=".." />
+
+  <title>Apache Performance Notes</title>
+
+  <summary>
+
+    <note type="warning"><strong>Warning:</strong>
+    This document has not been fully updated
+    to take into account changes made in the 2.0 version of the
+    Apache HTTP Server. Some of the information may still be
+    relevant, but please use it with care.</note>
+
+    <p>Orignally written by Dean Gaudet.</p>
+
+    <p>Apache 2.0 is a general-purpose webserver, designed to
+    provide a balance of flexibility, portability, and performance.
+    Although it has not been designed specifically to set benchmark
+    records, Apache 2.0 is capable of high performance in many
+    real-world situations.</p>
+
+    <p>Compared to Apache 1.3, release 2.0 contains many additional
+    optimizations to increase throughput and scalability. Most of
+    these improvements are enabled by default. However, there are
+    compile-time and run-time configuration choices that can
+    significantly affect performance. This document describes the
+    options that a server administrator can configure to tune the
+    performance of an Apache 2.0 installation. Some of these
+    configuration options enable the httpd to better take advantage
+    of the capabilities of the hardware and OS, while others allow
+    the administrator to trade functionality for speed.</p>
+
+  </summary>
+
+  <section id="hardware">
+
+    <title>Hardware and Operating System Issues</title>
+
+    <p>The single biggest hardware issue affecting webserver
+    performance is RAM. A webserver should never ever have to swap,
+    swapping increases the latency of each request beyond a point
+    that users consider "fast enough". This causes users to hit
+    stop and reload, further increasing the load. You can, and
+    should, control the <directive module="mpm_common"
+    >MaxClients</directive> setting so that your server
+    does not spawn so many children it starts swapping.</p>
+
+    <p>Beyond that the rest is mundane: get a fast enough CPU, a
+    fast enough network card, and fast enough disks, where "fast
+    enough" is something that needs to be determined by
+    experimentation.</p>
+
+    <p>Operating system choice is largely a matter of local
+    concerns. But some guidelines that have proven generally
+    useful are:</p>
+
+    <ul>
+      <li>
+        <p>Run the latest stable release and patchlevel of the
+        operating system that you choose. Many OS suppliers have
+        introduced significant performance improvements to their
+        TCP stacks and thread libraries in recent years.</p>
+      </li>
+
+      <li>
+        <p>If your OS supports a <code>sendfile(2)</code> system
+        call, make sure you install the release and/or patches
+        needed to enable it. (With Linux, for example, this means
+        using Linux 2.4 or later. For early releases of Solaris 8,
+        you may need to apply a patch.) On systems where it is
+        available, <code>sendfile</code> enables Apache 2 to deliver
+        static content faster and with lower CPU utilization.</p>
+      </li>
+    </ul>
+
+  </section>
+
+  <section id="runtime">
+
+    <title>Run-Time Configuration Issues</title>
+
+    <related>
+      <modulelist>
+        <module>mod_dir</module>
+        <module>mpm_common</module>
+        <module>mod_status</module>
+      </modulelist>
+      <directivelist>
+        <directive module="core">AllowOverride</directive>
+        <directive module="mod_dir">DirectoryIndex</directive>
+        <directive module="core">HostnameLookups</directive>
+        <directive module="core">EnableMMAP</directive>
+        <directive module="core">KeepAliveTimeout</directive>
+        <directive module="prefork">MaxSpareServers</directive>
+        <directive module="prefork">MinSpareServers</directive>
+        <directive module="core">Options</directive>
+        <directive module="mpm_common">StartServers</directive>
+      </directivelist>
+    </related>
+
+    <section>
+
+      <title><code>HostnameLookups</code></title>
+
+      <p>Prior to Apache 1.3, <directive module="core"
+      >HostnameLookups</directive> defaulted to <code>On</code>.
+      This adds latency to every request because it requires a
+      DNS lookup to complete before the request is finished. In
+      Apache 1.3 this setting defaults to <code>Off</code>.
+      However (1.3 or later), if you use any <code>Allow from domain</code>
+      or <code>Deny from domain</code> directives then you will pay for
+      a double reverse DNS lookup (a reverse, followed by a forward
+      to make sure that the reverse is not being spoofed). So for the
+      highest performance avoid using these directives (it's fine to
+      use IP addresses rather than domain names).</p>
+
+      <p>Note that it's possible to scope the directives, such as
+      within a <code>&lt;Location /server-status&gt;</code> section.
+      In this case the DNS lookups are only performed on requests
+      matching the criteria. Here's an example which disables lookups
+      except for <code>.html</code> and <code>.cgi</code> files:</p>
+
+<example><pre>
+HostnameLookups off
+&lt;Files ~ "\.(html|cgi)$"&gt;
+    HostnameLookups on
+&lt;/Files&gt;
+</pre></example>
+
+      <p>But even still, if you just need DNS names in some CGIs you
+      could consider doing the <code>gethostbyname</code> call in the
+      specific CGIs that need it.</p>
+
+      <p>Similarly, if you need to have hostname information in your
+      server logs in order to generate reports of this information,
+      you can postprocess your log file with <a
+      href="../programs/logresolve.html"><code>logresolve</code></a>,
+      so that these lookups can be done without making the client wait.
+      It is recommended that you do this postprocessing, and any other
+      statistical analysis of the log file, somewhere other than your
+      production web server machine, in order that this activity does
+      not adversely affect server performance.</p>
+
+    </section>
+
+    <section>
+
+      <title><code>FollowSymLinks</code> and <code>SymLinksIfOwnerMatch</code></title>
+
+      <p>Wherever in your URL-space you do not have an <code>Options
+      FollowSymLinks</code>, or you do have an <code>Options
+      SymLinksIfOwnerMatch</code> Apache will have to issue extra
+      system calls to check up on symlinks. One extra call per
+      filename component. For example, if you had:</p>
+
+<example><pre>
+DocumentRoot /www/htdocs
+&lt;Directory /&gt;
+    Options SymLinksIfOwnerMatch
+&lt;/Directory&gt;
+</pre></example>
+
+      <p>and a request is made for the URI <code>/index.html</code>.
+      Then Apache will perform <code>lstat(2)</code> on
+      <code>/www</code>, <code>/www/htdocs</code>, and
+      <code>/www/htdocs/index.html</code>. The results of these
+      <code>lstats</code> are never cached, so they will occur on
+      every single request. If you really desire the symlinks
+      security checking you can do something like this:</p>
+
+<example><pre>
+DocumentRoot /www/htdocs
+&lt;Directory /&gt;
+    Options FollowSymLinks
+&lt;/Directory&gt;
+&lt;Directory /www/htdocs&gt;
+    Options -FollowSymLinks +SymLinksIfOwnerMatch
+&lt;/Directory&gt;
+</pre></example>
+
+      <p>This at least avoids the extra checks for the
+      <directive module="core">DocumentRoot</directive> path.
+      Note that you'll need to add similar sections if you
+      have any <directive module="mod_alias">Alias</directive> or
+      <directive module="mod_rewrite">RewriteRule</directive> paths
+      outside of your document root. For highest performance,
+      and no symlink protection, set <code>FollowSymLinks</code>
+      everywhere, and never set <code>SymLinksIfOwnerMatch</code>.</p>
+
+    </section>
+
+    <section>
+
+      <title><code>AllowOverride</code></title>
+
+      <p>Wherever in your URL-space you allow overrides (typically
+      <code>.htaccess</code> files) Apache will attempt to open
+      <code>.htaccess</code> for each filename component. For
+      example,</p>
+
+<example><pre>
+DocumentRoot /www/htdocs
+&lt;Directory /&gt;
+    AllowOverride all
+&lt;/Directory&gt;
+</pre></example>
+
+      <p>and a request is made for the URI <code>/index.html</code>.
+      Then Apache will attempt to open <code>/.htaccess</code>,
+      <code>/www/.htaccess</code>, and
+      <code>/www/htdocs/.htaccess</code>. The solutions are similar
+      to the previous case of <code>Options FollowSymLinks</code>.
+      For highest performance use <code>AllowOverride None</code>
+      everywhere in your filesystem.</p>
+
+    </section>
+
+    <section>
+
+      <title>Negotiation</title>
+
+      <p>If at all possible, avoid content-negotiation if you're
+      really interested in every last ounce of performance. In
+      practice the benefits of negotiation outweigh the performance
+      penalties. There's one case where you can speed up the server.
+      Instead of using a wildcard such as:</p>
+
+<example><pre>
+DirectoryIndex index
+</pre></example>
+
+    <p>Use a complete list of options:</p>
+
+<example><pre>
+DirectoryIndex index.cgi index.pl index.shtml index.html
+</pre></example>
+
+      <p>where you list the most common choice first.</p>
+
+      <p>Also note that explicitly creating a <code>type-map</code>
+      file provides better performance than using
+      <code>MultiViews</code>, as the necessary information can be
+      determined by reading this single file, rather than having to
+      scan the directory for files.</p>
+
+    </section>
+
+    <section>
+
+      <title>Memory-mapping</title>
+
+      <p>In situations where Apache 2.0 needs to look at the contents
+      of a file being delivered--for example, when doing server-side-include
+      processing--it normally memory-maps the file if the OS supports
+      some form of <code>mmap(2)</code>.</p>
+
+      <p>On some platforms, this memory-mapping improves performance.
+      However, there are cases where memory-mapping can hurt the performance
+      or even the stability of the httpd:</p>
+
+      <ul>
+        <li>
+          <p>On some operating systems, <code>mmap</code> does not scale
+          as well as <code>read(2)</code> when the number of CPUs increases.
+          On multiprocessor Solaris servers, for example, Apache 2.0 sometimes
+          delivers server-parsed files faster when <code>mmap</code> is disabled.</p>
+        </li>
+
+        <li>
+          <p>If you memory-map a file located on an NFS-mounted filesystem
+          and a process on another NFS client machine deletes or truncates
+          the file, your process may get a bus error the next time it tries
+          to access the mapped file content.</p>
+        </li>
+      </ul>
+
+      <p>For installations where either of these factors applies, you
+      should use <code>EnableMMAP off</code> to disable the memory-mapping
+      of delivered files. (Note: This directive can be overridden on
+      a per-directory basis.)</p>
+
+    </section>
+
+    <section>
+
+      <title>Process Creation</title>
+
+      <p>Prior to Apache 1.3 the <directive module="prefork"
+      >MinSpareServers</directive>, <directive module="prefork"
+      >MaxSpareServers</directive>, and <directive module="mpm_common"
+      >StartServers</directive> settings all had drastic effects on
+      benchmark results. In particular, Apache required a "ramp-up"
+      period in order to reach a number of children sufficient to serve
+      the load being applied. After the initial spawning of
+      <directive module="mpm_common">StartServers</directive> children,
+      only one child per second would be created to satisfy the
+      <directive module="prefork">MinSpareServers</directive>
+      setting. So a server being accessed by 100 simultaneous
+      clients, using the default <directive module="mpm_common"
+      >StartServers</directive> of <code>5</code> would take on
+      the order 95 seconds to spawn enough children to handle
+      the load. This works fine in practice on real-life servers,
+      because they aren't restarted frequently. But does really
+      poorly on benchmarks which might only run for ten minutes.</p>
+
+      <p>The one-per-second rule was implemented in an effort to
+      avoid swamping the machine with the startup of new children. If
+      the machine is busy spawning children it can't service
+      requests. But it has such a drastic effect on the perceived
+      performance of Apache that it had to be replaced. As of Apache
+      1.3, the code will relax the one-per-second rule. It will spawn
+      one, wait a second, then spawn two, wait a second, then spawn
+      four, and it will continue exponentially until it is spawning
+      32 children per second. It will stop whenever it satisfies the
+      <directive module="prefork">MinSpareServers</directive>
+      setting.</p>
+
+      <p>This appears to be responsive enough that it's almost
+      unnecessary to twiddle the <directive module="prefork"
+      >MinSpareServers</directive>, <directive module="prefork"
+      >MaxSpareServers</directive> and <directive module="mpm_common"
+      >StartServers</directive> knobs. When more than 4 children are
+      spawned per second, a message will be emitted to the
+      <directive module="core">ErrorLog</directive>. If you
+      see a lot of these errors then consider tuning these settings.
+      Use the <module>mod_status</module> output as a guide.</p>
+
+    <p>Related to process creation is process death induced by the
+    <directive module="mpm_common">MaxRequestsPerChild</directive>
+    setting. By default this is <code>0</code>,
+    which means that there is no limit to the number of requests
+    handled per child. If your configuration currently has this set
+    to some very low number, such as <code>30</code>, you may want to bump this
+    up significantly. If you are running SunOS or an old version of
+    Solaris, limit this to <code>10000</code> or so because of memory leaks.</p>
+
+    <p>When keep-alives are in use, children will be kept busy
+    doing nothing waiting for more requests on the already open
+    connection. The default <directive module="core"
+    >KeepAliveTimeout</directive> of <code>15</code>
+    seconds attempts to minimize this effect. The tradeoff here is
+    between network bandwidth and server resources. In no event
+    should you raise this above about <code>60</code> seconds, as <a
+    href="http://www.research.digital.com/wrl/techreports/abstracts/95.4.html">
+    most of the benefits are lost</a>.</p>
+
+    </section>
+
+  </section>
+
+  <section id="compiletime">
+
+    <title>Compile-Time Configuration Issues</title>
+
+    <section>
+
+      <title>mod_status and ExtendedStatus On</title>
+
+      <p>If you include <module>mod_status</module> and you also set
+      <code>ExtendedStatus On</code> when building and running
+      Apache, then on every request Apache will perform two calls to
+      <code>gettimeofday(2)</code> (or <code>times(2)</code>
+      depending on your operating system), and (pre-1.3) several
+      extra calls to <code>time(2)</code>. This is all done so that
+      the status report contains timing indications. For highest
+      performance, set <code>ExtendedStatus off</code> (which is the
+      default).</p>
+
+    </section>
+
+    <section>
+
+      <title>accept Serialization - multiple sockets</title>
+
+      <p>This discusses a shortcoming in the Unix socket API. Suppose
+      your web server uses multiple <directive module="mpm_common"
+      >Listen</directive> statements to listen on either multiple
+      ports or multiple addresses. In order to test each socket
+      to see if a connection is ready Apache uses
+      <code>select(2)</code>. <code>select(2)</code> indicates that a
+      socket has <em>zero</em> or <em>at least one</em> connection
+      waiting on it. Apache's model includes multiple children, and
+      all the idle ones test for new connections at the same time. A
+      naive implementation looks something like this (these examples
+      do not match the code, they're contrived for pedagogical
+      purposes):</p>
+
+<example><pre>
+    for (;;) {
+    for (;;) {
+        fd_set accept_fds;
+
+        FD_ZERO (&amp;accept_fds);
+        for (i = first_socket; i &lt;= last_socket; ++i) {
+        FD_SET (i, &amp;accept_fds);
+        }
+        rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
+        if (rc &lt; 1) continue;
+        new_connection = -1;
+        for (i = first_socket; i &lt;= last_socket; ++i) {
+        if (FD_ISSET (i, &amp;accept_fds)) {
+            new_connection = accept (i, NULL, NULL);
+            if (new_connection != -1) break;
+        }
+        }
+        if (new_connection != -1) break;
+    }
+    process the new_connection;
+    }
+</pre></example>
+
+      <p>But this naive implementation has a serious starvation problem.
+      Recall that multiple children execute this loop at the same
+      time, and so multiple children will block at
+      <code>select</code> when they are in between requests. All
+      those blocked children will awaken and return from
+      <code>select</code> when a single request appears on any socket
+      (the number of children which awaken varies depending on the
+      operating system and timing issues). They will all then fall
+      down into the loop and try to <code>accept</code> the
+      connection. But only one will succeed (assuming there's still
+      only one connection ready), the rest will be <em>blocked</em>
+      in <code>accept</code>. This effectively locks those children
+      into serving requests from that one socket and no other
+      sockets, and they'll be stuck there until enough new requests
+      appear on that socket to wake them all up. This starvation
+      problem was first documented in <a
+      href="http://bugs.apache.org/index/full/467">PR#467</a>. There
+      are at least two solutions.</p>
+
+      <p>One solution is to make the sockets non-blocking. In this
+      case the <code>accept</code> won't block the children, and they
+      will be allowed to continue immediately. But this wastes CPU
+      time. Suppose you have ten idle children in
+      <code>select</code>, and one connection arrives. Then nine of
+      those children will wake up, try to <code>accept</code> the
+      connection, fail, and loop back into <code>select</code>,
+      accomplishing nothing. Meanwhile none of those children are
+      servicing requests that occurred on other sockets until they
+      get back up to the <code>select</code> again. Overall this
+      solution does not seem very fruitful unless you have as many
+      idle CPUs (in a multiprocessor box) as you have idle children,
+      not a very likely situation.</p>
+
+      <p>Another solution, the one used by Apache, is to serialize
+      entry into the inner loop. The loop looks like this
+      (differences highlighted):</p>
+
+<example><pre>
+    for (;;) {
+    <strong>accept_mutex_on ();</strong>
+    for (;;) {
+        fd_set accept_fds;
+
+        FD_ZERO (&amp;accept_fds);
+        for (i = first_socket; i &lt;= last_socket; ++i) {
+        FD_SET (i, &amp;accept_fds);
+        }
+        rc = select (last_socket+1, &amp;accept_fds, NULL, NULL, NULL);
+        if (rc &lt; 1) continue;
+        new_connection = -1;
+        for (i = first_socket; i &lt;= last_socket; ++i) {
+        if (FD_ISSET (i, &amp;accept_fds)) {
+            new_connection = accept (i, NULL, NULL);
+            if (new_connection != -1) break;
+        }
+        }
+        if (new_connection != -1) break;
+    }
+    <strong>accept_mutex_off ();</strong>
+    process the new_connection;
+    }
+</pre></example>
+
+      <p><a id="serialize" name="serialize">The functions</a>
+      <code>accept_mutex_on</code> and <code>accept_mutex_off</code>
+      implement a mutual exclusion semaphore. Only one child can have
+      the mutex at any time. There are several choices for
+      implementing these mutexes. The choice is defined in
+      <code>src/conf.h</code> (pre-1.3) or
+      <code>src/include/ap_config.h</code> (1.3 or later). Some
+      architectures do not have any locking choice made, on these
+      architectures it is unsafe to use multiple
+      <directive module="mpm_common">Listen</directive>
+      directives.</p>
+
+      <dl>
+        <dt><code>USE_FLOCK_SERIALIZED_ACCEPT</code></dt>
+
+        <dd>
+          <p>This method uses the <code>flock(2)</code> system call to
+          lock a lock file (located by the <directive module="mpm_common"
+          >LockFile</directive> directive).</p>
+        </dd>
+
+        <dt><code>USE_FCNTL_SERIALIZED_ACCEPT</code></dt>
+
+        <dd>
+          <p>This method uses the <code>fcntl(2)</code> system call to
+          lock a lock file (located by the <directive module="mpm_common"
+          >LockFile</directive> directive).</p>
+        </dd>
+
+        <dt><code>USE_SYSVSEM_SERIALIZED_ACCEPT</code></dt>
+
+        <dd>
+          <p>(1.3 or later) This method uses SysV-style semaphores to
+          implement the mutex. Unfortunately SysV-style semaphores have
+          some bad side-effects. One is that it's possible Apache will
+          die without cleaning up the semaphore (see the
+          <code>ipcs(8)</code> man page). The other is that the
+          semaphore API allows for a denial of service attack by any
+          CGIs running under the same uid as the webserver
+          (<em>i.e.</em>, all CGIs, unless you use something like
+          <code>suexec</code> or <code>cgiwrapper</code>). For these
+          reasons this method is not used on any architecture except
+          IRIX (where the previous two are prohibitively expensive
+          on most IRIX boxes).</p>
+        </dd>
+
+        <dt><code>USE_USLOCK_SERIALIZED_ACCEPT</code></dt>
+
+        <dd>
+          <p>(1.3 or later) This method is only available on IRIX, and
+          uses <code>usconfig(2)</code> to create a mutex. While this
+          method avoids the hassles of SysV-style semaphores, it is not
+          the default for IRIX. This is because on single processor
+          IRIX boxes (5.3 or 6.2) the uslock code is two orders of
+          magnitude slower than the SysV-semaphore code. On
+          multi-processor IRIX boxes the uslock code is an order of
+          magnitude faster than the SysV-semaphore code. Kind of a
+          messed up situation. So if you're using a multiprocessor IRIX
+          box then you should rebuild your webserver with
+          <code>-DUSE_USLOCK_SERIALIZED_ACCEPT</code> on the
+          <code>EXTRA_CFLAGS</code>.</p>
+        </dd>
+
+        <dt><code>USE_PTHREAD_SERIALIZED_ACCEPT</code></dt>
+
+        <dd>
+          <p>(1.3 or later) This method uses POSIX mutexes and should
+          work on any architecture implementing the full POSIX threads
+          specification, however appears to only work on Solaris (2.5
+          or later), and even then only in certain configurations. If
+          you experiment with this you should watch out for your server
+          hanging and not responding. Static content only servers may
+          work just fine.</p>
+        </dd>
+      </dl>
+
+      <p>If your system has another method of serialization which
+      isn't in the above list then it may be worthwhile adding code
+      for it (and submitting a patch back to Apache).</p>
+
+      <p>Another solution that has been considered but never
+      implemented is to partially serialize the loop -- that is, let
+      in a certain number of processes. This would only be of
+      interest on multiprocessor boxes where it's possible multiple
+      children could run simultaneously, and the serialization
+      actually doesn't take advantage of the full bandwidth. This is
+      a possible area of future investigation, but priority remains
+      low because highly parallel web servers are not the norm.</p>
+
+      <p>Ideally you should run servers without multiple
+      <directive module="mpm_common">Listen</directive>
+      statements if you want the highest performance.
+      But read on.</p>
+
+    </section>
+
+    <section>
+
+      <title>accept Serialization - single socket</title>
+
+      <p>The above is fine and dandy for multiple socket servers, but
+      what about single socket servers? In theory they shouldn't
+      experience any of these same problems because all children can
+      just block in <code>accept(2)</code> until a connection
+      arrives, and no starvation results. In practice this hides
+      almost the same "spinning" behaviour discussed above in the
+      non-blocking solution. The way that most TCP stacks are
+      implemented, the kernel actually wakes up all processes blocked
+      in <code>accept</code> when a single connection arrives. One of
+      those processes gets the connection and returns to user-space,
+      the rest spin in the kernel and go back to sleep when they
+      discover there's no connection for them. This spinning is
+      hidden from the user-land code, but it's there nonetheless.
+      This can result in the same load-spiking wasteful behaviour
+      that a non-blocking solution to the multiple sockets case
+      can.</p>
+
+      <p>For this reason we have found that many architectures behave
+      more "nicely" if we serialize even the single socket case. So
+      this is actually the default in almost all cases. Crude
+      experiments under Linux (2.0.30 on a dual Pentium pro 166
+      w/128Mb RAM) have shown that the serialization of the single
+      socket case causes less than a 3% decrease in requests per
+      second over unserialized single-socket. But unserialized
+      single-socket showed an extra 100ms latency on each request.
+      This latency is probably a wash on long haul lines, and only an
+      issue on LANs. If you want to override the single socket
+      serialization you can define
+      <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code> and then
+      single-socket servers will not serialize at all.</p>
+
+    </section>
+
+    <section>
+
+      <title>Lingering Close</title>
+
+      <p>As discussed in <a
+      href="http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt">
+      draft-ietf-http-connection-00.txt</a> section 8, in order for
+      an HTTP server to <strong>reliably</strong> implement the
+      protocol it needs to shutdown each direction of the
+      communication independently (recall that a TCP connection is
+      bi-directional, each half is independent of the other). This
+      fact is often overlooked by other servers, but is correctly
+      implemented in Apache as of 1.2.</p>
+
+      <p>When this feature was added to Apache it caused a flurry of
+      problems on various versions of Unix because of a
+      shortsightedness. The TCP specification does not state that the
+      <code>FIN_WAIT_2</code> state has a timeout, but it doesn't prohibit it.
+      On systems without the timeout, Apache 1.2 induces many sockets
+      stuck forever in the <code>FIN_WAIT_2</code> state. In many cases this
+      can be avoided by simply upgrading to the latest TCP/IP patches
+      supplied by the vendor. In cases where the vendor has never
+      released patches (<em>i.e.</em>, SunOS4 -- although folks with
+      a source license can patch it themselves) we have decided to
+      disable this feature.</p>
+
+      <p>There are two ways of accomplishing this. One is the socket
+      option <code>SO_LINGER</code>. But as fate would have it, this
+      has never been implemented properly in most TCP/IP stacks. Even
+      on those stacks with a proper implementation (<em>i.e.</em>,
+      Linux 2.0.31) this method proves to be more expensive (cputime)
+      than the next solution.</p>
+
+      <p>For the most part, Apache implements this in a function
+      called <code>lingering_close</code> (in
+      <code>http_main.c</code>). The function looks roughly like
+      this:</p>
+
+<example><pre>
+    void lingering_close (int s)
+    {
+    char junk_buffer[2048];
+
+    /* shutdown the sending side */
+    shutdown (s, 1);
+
+    signal (SIGALRM, lingering_death);
+    alarm (30);
+
+    for (;;) {
+        select (s for reading, 2 second timeout);
+        if (error) break;
+        if (s is ready for reading) {
+        if (read (s, junk_buffer, sizeof (junk_buffer)) &lt;= 0) {
+            break;
+        }
+        /* just toss away whatever is here */
+        }
+    }
+
+    close (s);
+    }
+</pre></example>
+
+      <p>This naturally adds some expense at the end of a connection,
+      but it is required for a reliable implementation. As HTTP/1.1
+      becomes more prevalent, and all connections are persistent,
+      this expense will be amortized over more requests. If you want
+      to play with fire and disable this feature you can define
+      <code>NO_LINGCLOSE</code>, but this is not recommended at all.
+      In particular, as HTTP/1.1 pipelined persistent connections
+      come into use <code>lingering_close</code> is an absolute
+      necessity (and <a
+      href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html">
+      pipelined connections are faster</a>, so you want to support
+      them).</p>
+
+    </section>
+
+    <section>
+
+      <title>Scoreboard File</title>
+
+      <p>Apache's parent and children communicate with each other
+      through something called the scoreboard. Ideally this should be
+      implemented in shared memory. For those operating systems that
+      we either have access to, or have been given detailed ports
+      for, it typically is implemented using shared memory. The rest
+      default to using an on-disk file. The on-disk file is not only
+      slow, but it is unreliable (and less featured). Peruse the
+      <code>src/main/conf.h</code> file for your architecture and
+      look for either <code>USE_MMAP_SCOREBOARD</code> or
+      <code>USE_SHMGET_SCOREBOARD</code>. Defining one of those two
+      (as well as their companions <code>HAVE_MMAP</code> and
+      <code>HAVE_SHMGET</code> respectively) enables the supplied
+      shared memory code. If your system has another type of shared
+      memory, edit the file <code>src/main/http_main.c</code> and add
+      the hooks necessary to use it in Apache. (Send us back a patch
+      too please.)</p>
+
+      <note>Historical note: The Linux port of Apache didn't start to
+      use shared memory until version 1.2 of Apache. This oversight
+      resulted in really poor and unreliable behaviour of earlier
+      versions of Apache on Linux.</note>
+
+    </section>
+
+    <section>
+
+      <title><code>DYNAMIC_MODULE_LIMIT</code></title>
+
+      <p>If you have no intention of using dynamically loaded modules
+      (you probably don't if you're reading this and tuning your
+      server for every last ounce of performance) then you should add
+      <code>-DDYNAMIC_MODULE_LIMIT=0</code> when building your
+      server. This will save RAM that's allocated only for supporting
+      dynamically loaded modules.</p>
+
+    </section>
+
+  </section>
+
+  <section id="trace">
+
+    <title>Appendix: Detailed Analysis of a Trace</title>
+
+    <p>Here is a system call trace of Apache 2.0.38 with the worker MPM
+    on Solaris 8. This trace was collected using:</p>
+
+    <example>
+      truss -l -p <em>httpd_child_pid</em>.
+    </example>
+
+    <p>The <code>-l</code> option tells truss to log the ID of the
+    LWP (lightweight process--Solaris's form of kernel-level thread)
+    that invokes each system call.</p>
+
+    <p>Other systems may have different system call tracing utilities
+    such as <code>strace</code>, <code>ktrace</code>, or <code>par</code>.
+    They all produce similar output.</p>
+
+    <p>In this trace, a client has requested a 10KB static file
+    from the httpd. Traces of non-static requests or requests
+    with content negotiation look wildly different (and quite ugly
+    in some cases).</p>
+
+<example><pre>
+/67:    accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...)
+/67:    accept(3, 0x00200BEC, 0x00200C0C, 1)            = 9
+</pre></example>
+
+    <p>In this trace, the listener thread is running within LWP #67.</p>
+
+    <note>Note the lack of <code>accept(2)</code> serialization. On this
+    particular platform, the worker MPM uses an unserialized accept by
+    default unless it is listening on multiple ports.</note>
+
+<example><pre>
+/65:    lwp_park(0x00000000, 0)                         = 0
+/67:    lwp_unpark(65, 1)                               = 0
+</pre></example>
+
+    <p>Upon accepting the connection, the listener thread wakes up
+    a worker thread to do the request processing. In this trace,
+    the worker thread that handles the request is mapped to LWP #65.</p>
+
+<example><pre>
+/65:    getsockname(9, 0x00200BA4, 0x00200BC4, 1)       = 0
+</pre></example>
+
+    <p>In order to implement virtual hosts, Apache needs to know
+    the local socket address used to accept the connection. It
+    is possible to eliminate this call in many situations (such
+    as when there are no virtual hosts, or when
+    <directive module="mpm_common">Listen</directive> directives
+    are used which do not have wildcard addresses). But
+    no effort has yet been made to do these optimizations. </p>
+
+<example><pre>
+/65:    brk(0x002170E8)                                 = 0
+/65:    brk(0x002190E8)                                 = 0
+</pre></example>
+
+    <p>The <code>brk(2)</code> calls allocate memory from the heap.
+    It is rare to see these in a system call trace, because the httpd
+    uses custom memory allocators (<code>apr_pool</code> and
+    <code>apr_bucket_alloc</code>) for most request processing.
+    In this trace, the httpd has just been started, so it must
+    call <code>malloc(3)</code> to get the blocks of raw memory
+    with which to create the custom memory allocators.</p>
+
+<example><pre>
+/65:    fcntl(9, F_GETFL, 0x00000000)                   = 2
+/65:    fstat64(9, 0xFAF7B818)                          = 0
+/65:    getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0
+/65:    fstat64(9, 0xFAF7B818)                          = 0
+/65:    getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0
+/65:    setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0
+/65:    fcntl(9, F_SETFL, 0x00000082)                   = 0
+</pre></example>
+
+    <p>Next, the worker thread puts the connection to the client (file
+    descriptor 9) in non-blocking mode. The <code>setsockopt(2)</code>
+    and <code>getsockopt(2)</code> calls are a side-effect of how
+    Solaris's libc handles <code>fcntl(2)</code> on sockets.</p>
+
+<example><pre>
+/65:    read(9, " G E T   / 1 0 k . h t m".., 8000)     = 97
+</pre></example>
+
+    <p>The worker thread reads the request from the client.</p>
+
+<example><pre>
+/65:    stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0
+/65:    open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10
+</pre></example>
+
+    <p>This httpd has been configured with <code>Options FollowSymLinks</code>
+    and <code>AllowOverride None</code>.  Thus it doesn't need to
+    <code>lstat(2)</code> each directory in the path leading up to the
+    requested file, nor check for <code>.htaccess</code> files.
+    It simply calls <code>stat(2)</code> to verify that the file:
+    1) exists, and 2) is a regular file, not a directory.</p>
+
+<example><pre>
+/65:    sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C)      = 10269
+</pre></example>
+
+    <p>In this example, the httpd is able to send the HTTP response
+    header and the requested file with a single <code>sendfilev(2)</code>
+    system call. Sendfile semantics vary among operating systems. On some other
+    systems, it is necessary to do a <code>write(2)</code> or
+    <code>writev(2)</code> call to send the headers before calling
+    <code>sendfile(2)</code>.</p>
+
+<example><pre>
+/65:    write(4, " 1 2 7 . 0 . 0 . 1   -  ".., 78)      = 78
+</pre></example>
+
+    <p>This <code>write(2)</code> call records the request in the
+    access log. Note that one thing missing from this trace is a
+    <code>time(2)</code> call. Unlike Apache 1.3, Apache 2.0 uses
+    <code>gettimeofday(3)</code> to look up the time. On some operating
+    systems, like Linux or Solaris, <code>gettimeofday</code> has an
+    optimized implementation that doesn't require as much overhead
+    as a typical system call.</p>
+
+<example><pre>
+/65:    shutdown(9, 1, 1)                               = 0
+/65:    poll(0xFAF7B980, 1, 2000)                       = 1
+/65:    read(9, 0xFAF7BC20, 512)                        = 0
+/65:    close(9)                                        = 0
+</pre></example>
+
+    <p>The worker thread does a lingering close of the connection.</p>
+
+<example><pre>
+/65:    close(10)                                       = 0
+/65:    lwp_park(0x00000000, 0)         (sleeping...)
+</pre></example>
+
+    <p>Finally the worker thread closes the file that it has just delivered
+    and blocks until the listener assigns it another connection.</p>
+
+<example><pre>
+/67:    accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)
+</pre></example>
+
+    <p>Meanwhile, the listener thread is able to accept another connection
+    as soon as it has dispatched this connection to a worker thread (subject
+    to some flow-control logic in the worker MPM that throttles the listener
+    if all the available workers are busy).  Though it isn't apparent from
+    this trace, the next <code>accept(2)</code> can (and usually does, under
+    high load conditions) occur in parallel with the worker thread's handling
+    of the just-accepted connection.</p>
+
+  </section>
+
+</manualpage>
+
diff --git a/docs/manual/misc/rewriteguide.html.en b/docs/manual/misc/rewriteguide.html.en
new file mode 100644
index 0000000000..19294a62cb
--- /dev/null
+++ b/docs/manual/misc/rewriteguide.html.en
@@ -0,0 +1,2174 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+              This file is generated from xml source: DO NOT EDIT
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+      --><title>URL Rewriting Guide - Apache HTTP Server</title><link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /><link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /><link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link href="../images/favicon.ico" rel="shortcut icon" /></head><body id="manual-page"><div id="page-header"><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p><p class="apache">Apache HTTP Server Version 2.0</p><img alt="" src="../images/feather.gif" /></div><div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif" /></a></div><div id="path"><a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs-project/">Documentation</a> &gt; <a href="../">Version 2.0</a></div><div id="page-content"><div id="preamble"><h1>URL Rewriting Guide</h1>
+    <div class="note">
+      <address>Originally written by<br />
+      Ralf S. Engelschall &lt;rse@apache.org&gt;<br />
+      December 1997</address>
+    </div>
+
+    <p>This document supplements the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+    <a href="../mod/mod_rewrite.html">reference documentation</a>.
+    It describes how one can use Apache's <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+    to solve typical URL-based problems webmasters are usually confronted
+    with in practice. I give detailed descriptions on how to
+    solve each problem by configuring URL rewriting rulesets.</p>
+
+  </div><div id="quickview"><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#ToC1">Introduction to <code>mod_rewrite</code></a></li><li><img alt="" src="../images/down.gif" /> <a href="#ToC2">Practical Solutions</a></li><li><img alt="" src="../images/down.gif" /> <a href="#url">URL Layout</a></li><li><img alt="" src="../images/down.gif" /> <a href="#content">Content Handling</a></li><li><img alt="" src="../images/down.gif" /> <a href="#access">Access Restriction</a></li><li><img alt="" src="../images/down.gif" /> <a href="#other">Other</a></li></ul></div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="ToC1" id="ToC1">Introduction to <code>mod_rewrite</code></a></h2>
+
+    
+
+    <p>The Apache module <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> is a killer
+    one, i.e. it is a really sophisticated module which provides
+    a powerful way to do URL manipulations. With it you can nearly
+    do all types of URL manipulations you ever dreamed about.
+    The price you have to pay is to accept complexity, because
+    <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>'s major drawback is that it is
+    not easy to understand and use for the beginner. And even
+    Apache experts sometimes discover new aspects where
+    <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> can help.</p>
+
+    <p>In other words: With <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> you either
+    shoot yourself in the foot the first time and never use it again
+    or love it for the rest of your life because of its power.
+    This paper tries to give you a few initial success events to
+    avoid the first case by presenting already invented solutions
+    to you.</p>
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="ToC2" id="ToC2">Practical Solutions</a></h2>
+
+    
+
+    <p>Here come a lot of practical solutions I've either invented
+    myself or collected from other peoples solutions in the past.
+    Feel free to learn the black magic of URL rewriting from
+    these examples.</p>
+
+    <div class="warning">ATTENTION: Depending on your server-configuration
+    it can be necessary to slightly change the examples for your
+    situation, e.g. adding the <code>[PT]</code> flag when
+    additionally using <code class="module"><a href="../mod/mod_alias.html">mod_alias</a></code> and
+    <code class="module"><a href="../mod/mod_userdir.html">mod_userdir</a></code>, etc. Or rewriting a ruleset
+    to fit in <code>.htaccess</code> context instead
+    of per-server context. Always try to understand what a
+    particular ruleset really does before you use it. It
+    avoid problems.</div>
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="url" id="url">URL Layout</a></h2>
+
+    
+
+    <h3>Canonical URLs</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>On some webservers there are more than one URL for a
+          resource. Usually there are canonical URLs (which should be
+          actually used and distributed) and those which are just
+          shortcuts, internal ones, etc. Independent of which URL the
+          user supplied with the request he should finally see the
+          canonical one only.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We do an external HTTP redirect for all non-canonical
+          URLs to fix them in the location view of the Browser and
+          for all subsequent requests. In the example ruleset below
+          we replace <code>/~user</code> by the canonical
+          <code>/u/user</code> and fix a missing trailing slash for
+          <code>/u/user</code>.</p>
+
+<div class="example"><pre>
+RewriteRule   ^/<strong>~</strong>([^/]+)/?(.*)    /<strong>u</strong>/$1/$2  [<strong>R</strong>]
+RewriteRule   ^/([uge])/(<strong>[^/]+</strong>)$  /$1/$2<strong>/</strong>   [<strong>R</strong>]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Canonical Hostnames</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>...</dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+<div class="example"><pre>
+RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
+RewriteCond %{HTTP_HOST}   !^$
+RewriteCond %{SERVER_PORT} !^80$
+RewriteRule ^/(.*)         http://fully.qualified.domain.name:%{SERVER_PORT}/$1 [L,R]
+RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
+RewriteCond %{HTTP_HOST}   !^$
+RewriteRule ^/(.*)         http://fully.qualified.domain.name/$1 [L,R]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Moved <code>DocumentRoot</code></h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Usually the <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code>
+          of the webserver directly relates to the URL "<code>/</code>".
+          But often this data is not really of top-level priority, it is
+          perhaps just one entity of a lot of data pools. For instance at
+          our Intranet sites there are <code>/e/www/</code>
+          (the homepage for WWW), <code>/e/sww/</code> (the homepage for
+          the Intranet) etc. Now because the data of the <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> stays at <code>/e/www/</code> we had
+          to make sure that all inlined images and other stuff inside this
+          data pool work for subsequent requests.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We just redirect the URL <code>/</code> to
+          <code>/e/www/</code>. While is seems trivial it is
+          actually trivial with <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>, only.
+          Because the typical old mechanisms of URL <em>Aliases</em>
+          (as provides by <code class="module"><a href="../mod/mod_alias.html">mod_alias</a></code> and friends)
+          only used <em>prefix</em> matching. With this you cannot
+          do such a redirection because the <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> is a prefix of all URLs. With
+          <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> it is really trivial:</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteRule   <strong>^/$</strong>  /e/www/  [<strong>R</strong>]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Trailing Slash Problem</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Every webmaster can sing a song about the problem of
+          the trailing slash on URLs referencing directories. If they
+          are missing, the server dumps an error, because if you say
+          <code>/~quux/foo</code> instead of <code>/~quux/foo/</code>
+          then the server searches for a <em>file</em> named
+          <code>foo</code>. And because this file is a directory it
+          complains. Actually it tries to fix it itself in most of
+          the cases, but sometimes this mechanism need to be emulated
+          by you. For instance after you have done a lot of
+          complicated URL rewritings to CGI scripts etc.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>The solution to this subtle problem is to let the server
+          add the trailing slash automatically. To do this
+          correctly we have to use an external redirect, so the
+          browser correctly requests subsequent images etc. If we
+          only did a internal rewrite, this would only work for the
+          directory page, but would go wrong when any images are
+          included into this page with relative URLs, because the
+          browser would request an in-lined object. For instance, a
+          request for <code>image.gif</code> in
+          <code>/~quux/foo/index.html</code> would become
+          <code>/~quux/image.gif</code> without the external
+          redirect!</p>
+
+          <p>So, to do this trick we write:</p>
+
+<div class="example"><pre>
+RewriteEngine  on
+RewriteBase    /~quux/
+RewriteRule    ^foo<strong>$</strong>  foo<strong>/</strong>  [<strong>R</strong>]
+</pre></div>
+
+          <p>The crazy and lazy can even do the following in the
+          top-level <code>.htaccess</code> file of their homedir.
+          But notice that this creates some processing
+          overhead.</p>
+
+<div class="example"><pre>
+RewriteEngine  on
+RewriteBase    /~quux/
+RewriteCond    %{REQUEST_FILENAME}  <strong>-d</strong>
+RewriteRule    ^(.+<strong>[^/]</strong>)$           $1<strong>/</strong>  [R]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Webcluster through Homogeneous URL Layout</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>We want to create a homogeneous and consistent URL
+          layout over all WWW servers on a Intranet webcluster, i.e.
+          all URLs (per definition server local and thus server
+          dependent!) become actually server <em>independent</em>!
+          What we want is to give the WWW namespace a consistent
+          server-independent layout: no URL should have to include
+          any physically correct target server. The cluster itself
+          should drive us automatically to the physical target
+          host.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>First, the knowledge of the target servers come from
+          (distributed) external maps which contain information
+          where our users, groups and entities stay. The have the
+          form</p>
+
+<div class="example"><pre>
+user1  server_of_user1
+user2  server_of_user2
+:      :
+</pre></div>
+
+          <p>We put them into files <code>map.xxx-to-host</code>.
+          Second we need to instruct all servers to redirect URLs
+          of the forms</p>
+
+<div class="example"><pre>
+/u/user/anypath
+/g/group/anypath
+/e/entity/anypath
+</pre></div>
+
+          <p>to</p>
+
+<div class="example"><pre>
+http://physical-host/u/user/anypath
+http://physical-host/g/group/anypath
+http://physical-host/e/entity/anypath
+</pre></div>
+
+          <p>when the URL is not locally valid to a server. The
+          following ruleset does this for us by the help of the map
+          files (assuming that server0 is a default server which
+          will be used if a user has no entry in the map):</p>
+
+<div class="example"><pre>
+RewriteEngine on
+
+RewriteMap      user-to-host   txt:/path/to/map.user-to-host
+RewriteMap     group-to-host   txt:/path/to/map.group-to-host
+RewriteMap    entity-to-host   txt:/path/to/map.entity-to-host
+
+RewriteRule   ^/u/<strong>([^/]+)</strong>/?(.*)   http://<strong>${user-to-host:$1|server0}</strong>/u/$1/$2
+RewriteRule   ^/g/<strong>([^/]+)</strong>/?(.*)  http://<strong>${group-to-host:$1|server0}</strong>/g/$1/$2
+RewriteRule   ^/e/<strong>([^/]+)</strong>/?(.*) http://<strong>${entity-to-host:$1|server0}</strong>/e/$1/$2
+
+RewriteRule   ^/([uge])/([^/]+)/?$          /$1/$2/.www/
+RewriteRule   ^/([uge])/([^/]+)/([^.]+.+)   /$1/$2/.www/$3\
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Move Homedirs to Different Webserver</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Many webmasters have asked for a solution to the
+          following situation: They wanted to redirect just all
+          homedirs on a webserver to another webserver. They usually
+          need such things when establishing a newer webserver which
+          will replace the old one over time.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>The solution is trivial with <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.
+          On the old webserver we just redirect all
+          <code>/~user/anypath</code> URLs to
+          <code>http://newserver/~user/anypath</code>.</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteRule   ^/~(.+)  http://<strong>newserver</strong>/~$1  [R,L]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Structured Homedirs</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Some sites with thousands of users usually use a
+          structured homedir layout, i.e. each homedir is in a
+          subdirectory which begins for instance with the first
+          character of the username. So, <code>/~foo/anypath</code>
+          is <code>/home/<strong>f</strong>/foo/.www/anypath</code>
+          while <code>/~bar/anypath</code> is
+          <code>/home/<strong>b</strong>/bar/.www/anypath</code>.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We use the following ruleset to expand the tilde URLs
+          into exactly the above layout.</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteRule   ^/~(<strong>([a-z])</strong>[a-z0-9]+)(.*)  /home/<strong>$2</strong>/$1/.www$3
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Filesystem Reorganization</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>This really is a hardcore example: a killer application
+          which heavily uses per-directory
+          <code>RewriteRules</code> to get a smooth look and feel
+          on the Web while its data structure is never touched or
+          adjusted. Background: <strong><em>net.sw</em></strong> is
+          my archive of freely available Unix software packages,
+          which I started to collect in 1992. It is both my hobby
+          and job to to this, because while I'm studying computer
+          science I have also worked for many years as a system and
+          network administrator in my spare time. Every week I need
+          some sort of software so I created a deep hierarchy of
+          directories where I stored the packages:</p>
+
+<div class="example"><pre>
+drwxrwxr-x   2 netsw  users    512 Aug  3 18:39 Audio/
+drwxrwxr-x   2 netsw  users    512 Jul  9 14:37 Benchmark/
+drwxrwxr-x  12 netsw  users    512 Jul  9 00:34 Crypto/
+drwxrwxr-x   5 netsw  users    512 Jul  9 00:41 Database/
+drwxrwxr-x   4 netsw  users    512 Jul 30 19:25 Dicts/
+drwxrwxr-x  10 netsw  users    512 Jul  9 01:54 Graphic/
+drwxrwxr-x   5 netsw  users    512 Jul  9 01:58 Hackers/
+drwxrwxr-x   8 netsw  users    512 Jul  9 03:19 InfoSys/
+drwxrwxr-x   3 netsw  users    512 Jul  9 03:21 Math/
+drwxrwxr-x   3 netsw  users    512 Jul  9 03:24 Misc/
+drwxrwxr-x   9 netsw  users    512 Aug  1 16:33 Network/
+drwxrwxr-x   2 netsw  users    512 Jul  9 05:53 Office/
+drwxrwxr-x   7 netsw  users    512 Jul  9 09:24 SoftEng/
+drwxrwxr-x   7 netsw  users    512 Jul  9 12:17 System/
+drwxrwxr-x  12 netsw  users    512 Aug  3 20:15 Typesetting/
+drwxrwxr-x  10 netsw  users    512 Jul  9 14:08 X11/
+</pre></div>
+
+          <p>In July 1996 I decided to make this archive public to
+          the world via a nice Web interface. "Nice" means that I
+          wanted to offer an interface where you can browse
+          directly through the archive hierarchy. And "nice" means
+          that I didn't wanted to change anything inside this
+          hierarchy - not even by putting some CGI scripts at the
+          top of it. Why? Because the above structure should be
+          later accessible via FTP as well, and I didn't want any
+          Web or CGI stuff to be there.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>The solution has two parts: The first is a set of CGI
+          scripts which create all the pages at all directory
+          levels on-the-fly. I put them under
+          <code>/e/netsw/.www/</code> as follows:</p>
+
+<div class="example"><pre>
+-rw-r--r--   1 netsw  users    1318 Aug  1 18:10 .wwwacl
+drwxr-xr-x  18 netsw  users     512 Aug  5 15:51 DATA/
+-rw-rw-rw-   1 netsw  users  372982 Aug  5 16:35 LOGFILE
+-rw-r--r--   1 netsw  users     659 Aug  4 09:27 TODO
+-rw-r--r--   1 netsw  users    5697 Aug  1 18:01 netsw-about.html
+-rwxr-xr-x   1 netsw  users     579 Aug  2 10:33 netsw-access.pl
+-rwxr-xr-x   1 netsw  users    1532 Aug  1 17:35 netsw-changes.cgi
+-rwxr-xr-x   1 netsw  users    2866 Aug  5 14:49 netsw-home.cgi
+drwxr-xr-x   2 netsw  users     512 Jul  8 23:47 netsw-img/
+-rwxr-xr-x   1 netsw  users   24050 Aug  5 15:49 netsw-lsdir.cgi
+-rwxr-xr-x   1 netsw  users    1589 Aug  3 18:43 netsw-search.cgi
+-rwxr-xr-x   1 netsw  users    1885 Aug  1 17:41 netsw-tree.cgi
+-rw-r--r--   1 netsw  users     234 Jul 30 16:35 netsw-unlimit.lst
+</pre></div>
+
+          <p>The <code>DATA/</code> subdirectory holds the above
+          directory structure, i.e. the real
+          <strong><em>net.sw</em></strong> stuff and gets
+          automatically updated via <code>rdist</code> from time to
+          time. The second part of the problem remains: how to link
+          these two structures together into one smooth-looking URL
+          tree? We want to hide the <code>DATA/</code> directory
+          from the user while running the appropriate CGI scripts
+          for the various URLs. Here is the solution: first I put
+          the following into the per-directory configuration file
+          in the <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code>
+          of the server to rewrite the announced URL
+          <code>/net.sw/</code> to the internal path
+          <code>/e/netsw</code>:</p>
+
+<div class="example"><pre>
+RewriteRule  ^net.sw$       net.sw/        [R]
+RewriteRule  ^net.sw/(.*)$  e/netsw/$1
+</pre></div>
+
+          <p>The first rule is for requests which miss the trailing
+          slash! The second rule does the real thing. And then
+          comes the killer configuration which stays in the
+          per-directory config file
+          <code>/e/netsw/.www/.wwwacl</code>:</p>
+
+<div class="example"><pre>
+Options       ExecCGI FollowSymLinks Includes MultiViews
+
+RewriteEngine on
+
+#  we are reached via /net.sw/ prefix
+RewriteBase   /net.sw/
+
+#  first we rewrite the root dir to
+#  the handling cgi script
+RewriteRule   ^$                       netsw-home.cgi     [L]
+RewriteRule   ^index\.html$            netsw-home.cgi     [L]
+
+#  strip out the subdirs when
+#  the browser requests us from perdir pages
+RewriteRule   ^.+/(netsw-[^/]+/.+)$    $1                 [L]
+
+#  and now break the rewriting for local files
+RewriteRule   ^netsw-home\.cgi.*       -                  [L]
+RewriteRule   ^netsw-changes\.cgi.*    -                  [L]
+RewriteRule   ^netsw-search\.cgi.*     -                  [L]
+RewriteRule   ^netsw-tree\.cgi$        -                  [L]
+RewriteRule   ^netsw-about\.html$      -                  [L]
+RewriteRule   ^netsw-img/.*$           -                  [L]
+
+#  anything else is a subdir which gets handled
+#  by another cgi script
+RewriteRule   !^netsw-lsdir\.cgi.*     -                  [C]
+RewriteRule   (.*)                     netsw-lsdir.cgi/$1
+</pre></div>
+
+          <p>Some hints for interpretation:</p>
+
+          <ol>
+            <li>Notice the <code>L</code> (last) flag and no
+            substitution field ('<code>-</code>') in the forth part</li>
+
+            <li>Notice the <code>!</code> (not) character and
+            the <code>C</code> (chain) flag at the first rule
+            in the last part</li>
+
+            <li>Notice the catch-all pattern in the last rule</li>
+          </ol>
+        </dd>
+      </dl>
+
+    
+
+    <h3>NCSA imagemap to Apache <code>mod_imap</code></h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>When switching from the NCSA webserver to the more
+          modern Apache webserver a lot of people want a smooth
+          transition. So they want pages which use their old NCSA
+          <code>imagemap</code> program to work under Apache with the
+          modern <code class="module"><a href="../mod/mod_imap.html">mod_imap</a></code>. The problem is that there
+          are a lot of hyperlinks around which reference the
+          <code>imagemap</code> program via
+          <code>/cgi-bin/imagemap/path/to/page.map</code>. Under
+          Apache this has to read just
+          <code>/path/to/page.map</code>.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We use a global rule to remove the prefix on-the-fly for
+          all requests:</p>
+
+<div class="example"><pre>
+RewriteEngine  on
+RewriteRule    ^/cgi-bin/imagemap(.*)  $1  [PT]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Search pages in more than one directory</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Sometimes it is necessary to let the webserver search
+          for pages in more than one directory. Here MultiViews or
+          other techniques cannot help.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We program a explicit ruleset which searches for the
+          files in the directories.</p>
+
+<div class="example"><pre>
+RewriteEngine on
+
+#   first try to find it in custom/...
+#   ...and if found stop and be happy:
+RewriteCond         /your/docroot/<strong>dir1</strong>/%{REQUEST_FILENAME}  -f
+RewriteRule  ^(.+)  /your/docroot/<strong>dir1</strong>/$1  [L]
+
+#   second try to find it in pub/...
+#   ...and if found stop and be happy:
+RewriteCond         /your/docroot/<strong>dir2</strong>/%{REQUEST_FILENAME}  -f
+RewriteRule  ^(.+)  /your/docroot/<strong>dir2</strong>/$1  [L]
+
+#   else go on for other Alias or ScriptAlias directives,
+#   etc.
+RewriteRule   ^(.+)  -  [PT]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Set Environment Variables According To URL Parts</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Perhaps you want to keep status information between
+          requests and use the URL to encode it. But you don't want
+          to use a CGI wrapper for all pages just to strip out this
+          information.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We use a rewrite rule to strip out the status information
+          and remember it via an environment variable which can be
+          later dereferenced from within XSSI or CGI. This way a
+          URL <code>/foo/S=java/bar/</code> gets translated to
+          <code>/foo/bar/</code> and the environment variable named
+          <code>STATUS</code> is set to the value "java".</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteRule   ^(.*)/<strong>S=([^/]+)</strong>/(.*)    $1/$3 [E=<strong>STATUS:$2</strong>]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Virtual User Hosts</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Assume that you want to provide
+          <code>www.<strong>username</strong>.host.domain.com</code>
+          for the homepage of username via just DNS A records to the
+          same machine and without any virtualhosts on this
+          machine.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>For HTTP/1.0 requests there is no solution, but for
+          HTTP/1.1 requests which contain a Host: HTTP header we
+          can use the following ruleset to rewrite
+          <code>http://www.username.host.com/anypath</code>
+          internally to <code>/home/username/anypath</code>:</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteCond   %{<strong>HTTP_HOST</strong>}                 ^www\.<strong>[^.]+</strong>\.host\.com$
+RewriteRule   ^(.+)                        %{HTTP_HOST}$1          [C]
+RewriteRule   ^www\.<strong>([^.]+)</strong>\.host\.com(.*) /home/<strong>$1</strong>$2
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Redirect Homedirs For Foreigners</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>We want to redirect homedir URLs to another webserver
+          <code>www.somewhere.com</code> when the requesting user
+          does not stay in the local domain
+          <code>ourdomain.com</code>. This is sometimes used in
+          virtual host contexts.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>Just a rewrite condition:</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteCond   %{REMOTE_HOST}  <strong>!^.+\.ourdomain\.com$</strong>
+RewriteRule   ^(/~.+)         http://www.somewhere.com/$1 [R,L]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Redirect Failing URLs To Other Webserver</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>A typical FAQ about URL rewriting is how to redirect
+          failing requests on webserver A to webserver B. Usually
+          this is done via <code class="directive"><a href="../mod/core.html#errordocument">ErrorDocument</a></code> CGI-scripts in Perl, but
+          there is also a <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> solution.
+          But notice that this performs more poorly than using an
+          <code class="directive"><a href="../mod/core.html#errordocument">ErrorDocument</a></code>
+          CGI-script!</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>The first solution has the best performance but less
+          flexibility, and is less error safe:</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteCond   /your/docroot/%{REQUEST_FILENAME} <strong>!-f</strong>
+RewriteRule   ^(.+)                             http://<strong>webserverB</strong>.dom/$1
+</pre></div>
+
+          <p>The problem here is that this will only work for pages
+          inside the <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code>. While you can add more
+          Conditions (for instance to also handle homedirs, etc.)
+          there is better variant:</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteCond   %{REQUEST_URI} <strong>!-U</strong>
+RewriteRule   ^(.+)          http://<strong>webserverB</strong>.dom/$1
+</pre></div>
+
+          <p>This uses the URL look-ahead feature of <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.
+          The result is that this will work for all types of URLs
+          and is a safe way. But it does a performance impact on
+          the webserver, because for every request there is one
+          more internal subrequest. So, if your webserver runs on a
+          powerful CPU, use this one. If it is a slow machine, use
+          the first approach or better a <code class="directive"><a href="../mod/core.html#errordocument">ErrorDocument</a></code> CGI-script.</p>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Extended Redirection</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Sometimes we need more control (concerning the
+          character escaping mechanism) of URLs on redirects.
+          Usually the Apache kernels URL escape function also
+          escapes anchors, i.e. URLs like "<code>url#anchor</code>".
+          You cannot use this directly on redirects with
+          <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> because the
+          <code>uri_escape()</code> function of Apache
+          would also escape the hash character.
+          How can we redirect to such a URL?</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We have to use a kludge by the use of a NPH-CGI script
+          which does the redirect itself. Because here no escaping
+          is done (NPH=non-parseable headers). First we introduce a
+          new URL scheme <code>xredirect:</code> by the following
+          per-server config-line (should be one of the last rewrite
+          rules):</p>
+
+<div class="example"><pre>
+RewriteRule ^xredirect:(.+) /path/to/nph-xredirect.cgi/$1 \
+            [T=application/x-httpd-cgi,L]
+</pre></div>
+
+          <p>This forces all URLs prefixed with
+          <code>xredirect:</code> to be piped through the
+          <code>nph-xredirect.cgi</code> program. And this program
+          just looks like:</p>
+
+<div class="example"><pre>
+#!/path/to/perl
+##
+##  nph-xredirect.cgi -- NPH/CGI script for extended redirects
+##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved.
+##
+
+$| = 1;
+$url = $ENV{'PATH_INFO'};
+
+print "HTTP/1.0 302 Moved Temporarily\n";
+print "Server: $ENV{'SERVER_SOFTWARE'}\n";
+print "Location: $url\n";
+print "Content-type: text/html\n";
+print "\n";
+print "&lt;html&gt;\n";
+print "&lt;head&gt;\n";
+print "&lt;title&gt;302 Moved Temporarily (EXTENDED)&lt;/title&gt;\n";
+print "&lt;/head&gt;\n";
+print "&lt;body&gt;\n";
+print "&lt;h1&gt;Moved Temporarily (EXTENDED)&lt;/h1&gt;\n";
+print "The document has moved &lt;a HREF=\"$url\"&gt;here&lt;/a&gt;.&lt;p&gt;\n";
+print "&lt;/body&gt;\n";
+print "&lt;/html&gt;\n";
+
+##EOF##
+</pre></div>
+
+          <p>This provides you with the functionality to do
+          redirects to all URL schemes, i.e. including the one
+          which are not directly accepted by <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.
+          For instance you can now also redirect to
+          <code>news:newsgroup</code> via</p>
+
+<div class="example"><pre>
+RewriteRule ^anyurl  xredirect:news:newsgroup
+</pre></div>
+
+          <div class="note">Notice: You have not to put <code>[R]</code> or
+          <code>[R,L]</code> to the above rule because the
+          <code>xredirect:</code> need to be expanded later
+          by our special "pipe through" rule above.</div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Archive Access Multiplexer</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Do you know the great CPAN (Comprehensive Perl Archive
+          Network) under <a href="http://www.perl.com/CPAN">http://www.perl.com/CPAN</a>?
+          This does a redirect to one of several FTP servers around
+          the world which carry a CPAN mirror and is approximately
+          near the location of the requesting client. Actually this
+          can be called an FTP access multiplexing service. While
+          CPAN runs via CGI scripts, how can a similar approach
+          implemented via <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>?</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>First we notice that from version 3.0.0
+          <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> can
+          also use the "<code>ftp:</code>" scheme on redirects.
+          And second, the location approximation can be done by a
+          <code class="directive"><a href="../mod/mod_rewrite.html#rewritemap">RewriteMap</a></code>
+          over the top-level domain of the client.
+          With a tricky chained ruleset we can use this top-level
+          domain as a key to our multiplexing map.</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteMap    multiplex                txt:/path/to/map.cxan
+RewriteRule   ^/CxAN/(.*)              %{REMOTE_HOST}::$1                 [C]
+RewriteRule   ^.+\.<strong>([a-zA-Z]+)</strong>::(.*)$  ${multiplex:<strong>$1</strong>|ftp.default.dom}$2  [R,L]
+</pre></div>
+
+<div class="example"><pre>
+##
+##  map.cxan -- Multiplexing Map for CxAN
+##
+
+de        ftp://ftp.cxan.de/CxAN/
+uk        ftp://ftp.cxan.uk/CxAN/
+com       ftp://ftp.cxan.com/CxAN/
+ :
+##EOF##
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Time-Dependent Rewriting</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>When tricks like time-dependent content should happen a
+          lot of webmasters still use CGI scripts which do for
+          instance redirects to specialized pages. How can it be done
+          via <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>?</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>There are a lot of variables named <code>TIME_xxx</code>
+          for rewrite conditions. In conjunction with the special
+          lexicographic comparison patterns <code>&lt;STRING</code>,
+          <code>&gt;STRING</code> and <code>=STRING</code> we can
+          do time-dependent redirects:</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteCond   %{TIME_HOUR}%{TIME_MIN} &gt;0700
+RewriteCond   %{TIME_HOUR}%{TIME_MIN} &lt;1900
+RewriteRule   ^foo\.html$             foo.day.html
+RewriteRule   ^foo\.html$             foo.night.html
+</pre></div>
+
+          <p>This provides the content of <code>foo.day.html</code>
+          under the URL <code>foo.html</code> from
+          <code>07:00-19:00</code> and at the remaining time the
+          contents of <code>foo.night.html</code>. Just a nice
+          feature for a homepage...</p>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Backward Compatibility for YYYY to XXXX migration</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>How can we make URLs backward compatible (still
+          existing virtually) after migrating <code>document.YYYY</code>
+          to <code>document.XXXX</code>, e.g. after translating a
+          bunch of <code>.html</code> files to <code>.phtml</code>?</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We just rewrite the name to its basename and test for
+          existence of the new extension. If it exists, we take
+          that name, else we rewrite the URL to its original state.</p>
+
+
+<div class="example"><pre>
+#   backward compatibility ruleset for
+#   rewriting document.html to document.phtml
+#   when and only when document.phtml exists
+#   but no longer document.html
+RewriteEngine on
+RewriteBase   /~quux/
+#   parse out basename, but remember the fact
+RewriteRule   ^(.*)\.html$              $1      [C,E=WasHTML:yes]
+#   rewrite to document.phtml if exists
+RewriteCond   %{REQUEST_FILENAME}.phtml -f
+RewriteRule   ^(.*)$ $1.phtml                   [S=1]
+#   else reverse the previous basename cutout
+RewriteCond   %{ENV:WasHTML}            ^yes$
+RewriteRule   ^(.*)$ $1.html
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="content" id="content">Content Handling</a></h2>
+
+    
+
+    <h3>From Old to New (intern)</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Assume we have recently renamed the page
+          <code>bar.html</code> to <code>foo.html</code> and now want
+          to provide the old URL for backward compatibility. Actually
+          we want that users of the old URL even not recognize that
+          the pages was renamed.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We rewrite the old URL to the new one internally via the
+          following rule:</p>
+
+<div class="example"><pre>
+RewriteEngine  on
+RewriteBase    /~quux/
+RewriteRule    ^<strong>foo</strong>\.html$  <strong>bar</strong>.html
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>From Old to New (extern)</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Assume again that we have recently renamed the page
+          <code>bar.html</code> to <code>foo.html</code> and now want
+          to provide the old URL for backward compatibility. But this
+          time we want that the users of the old URL get hinted to
+          the new one, i.e. their browsers Location field should
+          change, too.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We force a HTTP redirect to the new URL which leads to a
+          change of the browsers and thus the users view:</p>
+
+<div class="example"><pre>
+RewriteEngine  on
+RewriteBase    /~quux/
+RewriteRule    ^<strong>foo</strong>\.html$  <strong>bar</strong>.html  [<strong>R</strong>]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Browser Dependent Content</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>At least for important top-level pages it is sometimes
+          necessary to provide the optimum of browser dependent
+          content, i.e. one has to provide a maximum version for the
+          latest Netscape variants, a minimum version for the Lynx
+          browsers and a average feature version for all others.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We cannot use content negotiation because the browsers do
+          not provide their type in that form. Instead we have to
+          act on the HTTP header "User-Agent". The following condig
+          does the following: If the HTTP header "User-Agent"
+          begins with "Mozilla/3", the page <code>foo.html</code>
+          is rewritten to <code>foo.NS.html</code> and and the
+          rewriting stops. If the browser is "Lynx" or "Mozilla" of
+          version 1 or 2 the URL becomes <code>foo.20.html</code>.
+          All other browsers receive page <code>foo.32.html</code>.
+          This is done by the following ruleset:</p>
+
+<div class="example"><pre>
+RewriteCond %{HTTP_USER_AGENT}  ^<strong>Mozilla/3</strong>.*
+RewriteRule ^foo\.html$         foo.<strong>NS</strong>.html          [<strong>L</strong>]
+
+RewriteCond %{HTTP_USER_AGENT}  ^<strong>Lynx/</strong>.*         [OR]
+RewriteCond %{HTTP_USER_AGENT}  ^<strong>Mozilla/[12]</strong>.*
+RewriteRule ^foo\.html$         foo.<strong>20</strong>.html          [<strong>L</strong>]
+
+RewriteRule ^foo\.html$         foo.<strong>32</strong>.html          [<strong>L</strong>]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Dynamic Mirror</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Assume there are nice webpages on remote hosts we want
+          to bring into our namespace. For FTP servers we would use
+          the <code>mirror</code> program which actually maintains an
+          explicit up-to-date copy of the remote data on the local
+          machine. For a webserver we could use the program
+          <code>webcopy</code> which acts similar via HTTP. But both
+          techniques have one major drawback: The local copy is
+          always just as up-to-date as often we run the program. It
+          would be much better if the mirror is not a static one we
+          have to establish explicitly. Instead we want a dynamic
+          mirror with data which gets updated automatically when
+          there is need (updated data on the remote host).</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>To provide this feature we map the remote webpage or even
+          the complete remote webarea to our namespace by the use
+          of the <i>Proxy Throughput</i> feature
+          (flag <code>[P]</code>):</p>
+
+<div class="example"><pre>
+RewriteEngine  on
+RewriteBase    /~quux/
+RewriteRule    ^<strong>hotsheet/</strong>(.*)$  <strong>http://www.tstimpreso.com/hotsheet/</strong>$1  [<strong>P</strong>]
+</pre></div>
+
+<div class="example"><pre>
+RewriteEngine  on
+RewriteBase    /~quux/
+RewriteRule    ^<strong>usa-news\.html</strong>$   <strong>http://www.quux-corp.com/news/index.html</strong>  [<strong>P</strong>]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Reverse Dynamic Mirror</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>...</dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+<div class="example"><pre>
+RewriteEngine on
+RewriteCond   /mirror/of/remotesite/$1           -U
+RewriteRule   ^http://www\.remotesite\.com/(.*)$ /mirror/of/remotesite/$1
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Retrieve Missing Data from Intranet</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>This is a tricky way of virtually running a corporate
+          (external) Internet webserver
+          (<code>www.quux-corp.dom</code>), while actually keeping
+          and maintaining its data on a (internal) Intranet webserver
+          (<code>www2.quux-corp.dom</code>) which is protected by a
+          firewall. The trick is that on the external webserver we
+          retrieve the requested data on-the-fly from the internal
+          one.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>First, we have to make sure that our firewall still
+          protects the internal webserver and that only the
+          external webserver is allowed to retrieve data from it.
+          For a packet-filtering firewall we could for instance
+          configure a firewall ruleset like the following:</p>
+
+<div class="example"><pre>
+<strong>ALLOW</strong> Host www.quux-corp.dom Port &gt;1024 --&gt; Host www2.quux-corp.dom Port <strong>80</strong>
+<strong>DENY</strong>  Host *                 Port *     --&gt; Host www2.quux-corp.dom Port <strong>80</strong>
+</pre></div>
+
+          <p>Just adjust it to your actual configuration syntax.
+          Now we can establish the <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+          rules which request the missing data in the background
+          through the proxy throughput feature:</p>
+
+<div class="example"><pre>
+RewriteRule ^/~([^/]+)/?(.*)          /home/$1/.www/$2
+RewriteCond %{REQUEST_FILENAME}       <strong>!-f</strong>
+RewriteCond %{REQUEST_FILENAME}       <strong>!-d</strong>
+RewriteRule ^/home/([^/]+)/.www/?(.*) http://<strong>www2</strong>.quux-corp.dom/~$1/pub/$2 [<strong>P</strong>]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Load Balancing</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Suppose we want to load balance the traffic to
+          <code>www.foo.com</code> over <code>www[0-5].foo.com</code>
+          (a total of 6 servers). How can this be done?</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>There are a lot of possible solutions for this problem.
+          We will discuss first a commonly known DNS-based variant
+          and then the special one with <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>:</p>
+
+          <ol>
+            <li>
+              <strong>DNS Round-Robin</strong>
+
+              <p>The simplest method for load-balancing is to use
+              the DNS round-robin feature of <code>BIND</code>.
+              Here you just configure <code>www[0-9].foo.com</code>
+              as usual in your DNS with A(address) records, e.g.</p>
+
+<div class="example"><pre>
+www0   IN  A       1.2.3.1
+www1   IN  A       1.2.3.2
+www2   IN  A       1.2.3.3
+www3   IN  A       1.2.3.4
+www4   IN  A       1.2.3.5
+www5   IN  A       1.2.3.6
+</pre></div>
+
+              <p>Then you additionally add the following entry:</p>
+
+<div class="example"><pre>
+www    IN  CNAME   www0.foo.com.
+       IN  CNAME   www1.foo.com.
+       IN  CNAME   www2.foo.com.
+       IN  CNAME   www3.foo.com.
+       IN  CNAME   www4.foo.com.
+       IN  CNAME   www5.foo.com.
+       IN  CNAME   www6.foo.com.
+</pre></div>
+
+              <p>Notice that this seems wrong, but is actually an
+              intended feature of <code>BIND</code> and can be used
+              in this way. However, now when <code>www.foo.com</code> gets
+              resolved, <code>BIND</code> gives out <code>www0-www6</code>
+              - but in a slightly permutated/rotated order every time.
+              This way the clients are spread over the various
+              servers. But notice that this not a perfect load
+              balancing scheme, because DNS resolve information
+              gets cached by the other nameservers on the net, so
+              once a client has resolved <code>www.foo.com</code>
+              to a particular <code>wwwN.foo.com</code>, all
+              subsequent requests also go to this particular name
+              <code>wwwN.foo.com</code>. But the final result is
+              ok, because the total sum of the requests are really
+              spread over the various webservers.</p>
+            </li>
+
+            <li>
+              <strong>DNS Load-Balancing</strong>
+
+              <p>A sophisticated DNS-based method for
+              load-balancing is to use the program
+              <code>lbnamed</code> which can be found at <a href="http://www.stanford.edu/~schemers/docs/lbnamed/lbnamed.html">
+              http://www.stanford.edu/~schemers/docs/lbnamed/lbnamed.html</a>.
+              It is a Perl 5 program in conjunction with auxilliary
+              tools which provides a real load-balancing for
+              DNS.</p>
+            </li>
+
+            <li>
+              <strong>Proxy Throughput Round-Robin</strong>
+
+              <p>In this variant we use <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+              and its proxy throughput feature. First we dedicate
+              <code>www0.foo.com</code> to be actually
+              <code>www.foo.com</code> by using a single</p>
+
+<div class="example"><pre>
+www    IN  CNAME   www0.foo.com.
+</pre></div>
+
+              <p>entry in the DNS. Then we convert
+              <code>www0.foo.com</code> to a proxy-only server,
+              i.e. we configure this machine so all arriving URLs
+              are just pushed through the internal proxy to one of
+              the 5 other servers (<code>www1-www5</code>). To
+              accomplish this we first establish a ruleset which
+              contacts a load balancing script <code>lb.pl</code>
+              for all URLs.</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteMap    lb      prg:/path/to/lb.pl
+RewriteRule   ^/(.+)$ ${lb:$1}           [P,L]
+</pre></div>
+
+              <p>Then we write <code>lb.pl</code>:</p>
+
+<div class="example"><pre>
+#!/path/to/perl
+##
+##  lb.pl -- load balancing script
+##
+
+$| = 1;
+
+$name   = "www";     # the hostname base
+$first  = 1;         # the first server (not 0 here, because 0 is myself)
+$last   = 5;         # the last server in the round-robin
+$domain = "foo.dom"; # the domainname
+
+$cnt = 0;
+while (&lt;STDIN&gt;) {
+    $cnt = (($cnt+1) % ($last+1-$first));
+    $server = sprintf("%s%d.%s", $name, $cnt+$first, $domain);
+    print "http://$server/$_";
+}
+
+##EOF##
+</pre></div>
+
+              <div class="note">A last notice: Why is this useful? Seems like
+              <code>www0.foo.com</code> still is overloaded? The
+              answer is yes, it is overloaded, but with plain proxy
+              throughput requests, only! All SSI, CGI, ePerl, etc.
+              processing is completely done on the other machines.
+              This is the essential point.</div>
+            </li>
+
+            <li>
+              <strong>Hardware/TCP Round-Robin</strong>
+
+              <p>There is a hardware solution available, too. Cisco
+              has a beast called LocalDirector which does a load
+              balancing at the TCP/IP level. Actually this is some
+              sort of a circuit level gateway in front of a
+              webcluster. If you have enough money and really need
+              a solution with high performance, use this one.</p>
+            </li>
+          </ol>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Reverse Proxy</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>...</dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+<div class="example"><pre>
+##
+##  apache-rproxy.conf -- Apache configuration for Reverse Proxy Usage
+##
+
+#   server type
+ServerType           standalone
+Listen               8000
+MinSpareServers      16
+StartServers         16
+MaxSpareServers      16
+MaxClients           16
+MaxRequestsPerChild  100
+
+#   server operation parameters
+KeepAlive            on
+MaxKeepAliveRequests 100
+KeepAliveTimeout     15
+Timeout              400
+IdentityCheck        off
+HostnameLookups      off
+
+#   paths to runtime files
+PidFile              /path/to/apache-rproxy.pid
+LockFile             /path/to/apache-rproxy.lock
+ErrorLog             /path/to/apache-rproxy.elog
+CustomLog            /path/to/apache-rproxy.dlog "%{%v/%T}t %h -&gt; %{SERVER}e URL: %U"
+
+#   unused paths
+ServerRoot           /tmp
+DocumentRoot         /tmp
+CacheRoot            /tmp
+RewriteLog           /dev/null
+TransferLog          /dev/null
+TypesConfig          /dev/null
+AccessConfig         /dev/null
+ResourceConfig       /dev/null
+
+#   speed up and secure processing
+&lt;Directory /&gt;
+Options -FollowSymLinks -SymLinksIfOwnerMatch
+AllowOverride None
+&lt;/Directory&gt;
+
+#   the status page for monitoring the reverse proxy
+&lt;Location /apache-rproxy-status&gt;
+SetHandler server-status
+&lt;/Location&gt;
+
+#   enable the URL rewriting engine
+RewriteEngine        on
+RewriteLogLevel      0
+
+#   define a rewriting map with value-lists where
+#   mod_rewrite randomly chooses a particular value
+RewriteMap     server  rnd:/path/to/apache-rproxy.conf-servers
+
+#   make sure the status page is handled locally
+#   and make sure no one uses our proxy except ourself
+RewriteRule    ^/apache-rproxy-status.*  -  [L]
+RewriteRule    ^(http|ftp)://.*          -  [F]
+
+#   now choose the possible servers for particular URL types
+RewriteRule    ^/(.*\.(cgi|shtml))$  to://${server:dynamic}/$1  [S=1]
+RewriteRule    ^/(.*)$               to://${server:static}/$1
+
+#   and delegate the generated URL by passing it
+#   through the proxy module
+RewriteRule    ^to://([^/]+)/(.*)    http://$1/$2   [E=SERVER:$1,P,L]
+
+#   and make really sure all other stuff is forbidden
+#   when it should survive the above rules...
+RewriteRule    .*                    -              [F]
+
+#   enable the Proxy module without caching
+ProxyRequests        on
+NoCache              *
+
+#   setup URL reverse mapping for redirect reponses
+ProxyPassReverse  /  http://www1.foo.dom/
+ProxyPassReverse  /  http://www2.foo.dom/
+ProxyPassReverse  /  http://www3.foo.dom/
+ProxyPassReverse  /  http://www4.foo.dom/
+ProxyPassReverse  /  http://www5.foo.dom/
+ProxyPassReverse  /  http://www6.foo.dom/
+</pre></div>
+
+<div class="example"><pre>
+##
+##  apache-rproxy.conf-servers -- Apache/mod_rewrite selection table
+##
+
+#   list of backend servers which serve static
+#   pages (HTML files and Images, etc.)
+static    www1.foo.dom|www2.foo.dom|www3.foo.dom|www4.foo.dom
+
+#   list of backend servers which serve dynamically
+#   generated page (CGI programs or mod_perl scripts)
+dynamic   www5.foo.dom|www6.foo.dom
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>New MIME-type, New Service</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>On the net there are a lot of nifty CGI programs. But
+          their usage is usually boring, so a lot of webmaster
+          don't use them. Even Apache's Action handler feature for
+          MIME-types is only appropriate when the CGI programs
+          don't need special URLs (actually <code>PATH_INFO</code>
+          and <code>QUERY_STRINGS</code>) as their input. First,
+          let us configure a new file type with extension
+          <code>.scgi</code> (for secure CGI) which will be processed
+          by the popular <code>cgiwrap</code> program. The problem
+          here is that for instance we use a Homogeneous URL Layout
+          (see above) a file inside the user homedirs has the URL
+          <code>/u/user/foo/bar.scgi</code>. But
+          <code>cgiwrap</code> needs the URL in the form
+          <code>/~user/foo/bar.scgi/</code>. The following rule
+          solves the problem:</p>
+
+<div class="example"><pre>
+RewriteRule ^/[uge]/<strong>([^/]+)</strong>/\.www/(.+)\.scgi(.*) ...
+... /internal/cgi/user/cgiwrap/~<strong>$1</strong>/$2.scgi$3  [NS,<strong>T=application/x-http-cgi</strong>]
+</pre></div>
+
+          <p>Or assume we have some more nifty programs:
+          <code>wwwlog</code> (which displays the
+          <code>access.log</code> for a URL subtree and
+          <code>wwwidx</code> (which runs Glimpse on a URL
+          subtree). We have to provide the URL area to these
+          programs so they know on which area they have to act on.
+          But usually this ugly, because they are all the times
+          still requested from that areas, i.e. typically we would
+          run the <code>swwidx</code> program from within
+          <code>/u/user/foo/</code> via hyperlink to</p>
+
+<div class="example"><pre>
+/internal/cgi/user/swwidx?i=/u/user/foo/
+</pre></div>
+
+          <p>which is ugly. Because we have to hard-code
+          <strong>both</strong> the location of the area
+          <strong>and</strong> the location of the CGI inside the
+          hyperlink. When we have to reorganize the area, we spend a
+          lot of time changing the various hyperlinks.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>The solution here is to provide a special new URL format
+          which automatically leads to the proper CGI invocation.
+          We configure the following:</p>
+
+<div class="example"><pre>
+RewriteRule   ^/([uge])/([^/]+)(/?.*)/\*  /internal/cgi/user/wwwidx?i=/$1/$2$3/
+RewriteRule   ^/([uge])/([^/]+)(/?.*):log /internal/cgi/user/wwwlog?f=/$1/$2$3
+</pre></div>
+
+          <p>Now the hyperlink to search at
+          <code>/u/user/foo/</code> reads only</p>
+
+<div class="example"><pre>
+HREF="*"
+</pre></div>
+
+          <p>which internally gets automatically transformed to</p>
+
+<div class="example"><pre>
+/internal/cgi/user/wwwidx?i=/u/user/foo/
+</pre></div>
+
+          <p>The same approach leads to an invocation for the
+          access log CGI program when the hyperlink
+          <code>:log</code> gets used.</p>
+        </dd>
+      </dl>
+
+    
+
+    <h3>From Static to Dynamic</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>How can we transform a static page
+          <code>foo.html</code> into a dynamic variant
+          <code>foo.cgi</code> in a seamless way, i.e. without notice
+          by the browser/user.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We just rewrite the URL to the CGI-script and force the
+          correct MIME-type so it gets really run as a CGI-script.
+          This way a request to <code>/~quux/foo.html</code>
+          internally leads to the invocation of
+          <code>/~quux/foo.cgi</code>.</p>
+
+<div class="example"><pre>
+RewriteEngine  on
+RewriteBase    /~quux/
+RewriteRule    ^foo\.<strong>html</strong>$  foo.<strong>cgi</strong>  [T=<strong>application/x-httpd-cgi</strong>]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>On-the-fly Content-Regeneration</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Here comes a really esoteric feature: Dynamically
+          generated but statically served pages, i.e. pages should be
+          delivered as pure static pages (read from the filesystem
+          and just passed through), but they have to be generated
+          dynamically by the webserver if missing. This way you can
+          have CGI-generated pages which are statically served unless
+          one (or a cronjob) removes the static contents. Then the
+          contents gets refreshed.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          This is done via the following ruleset:
+
+<div class="example"><pre>
+RewriteCond %{REQUEST_FILENAME}   <strong>!-s</strong>
+RewriteRule ^page\.<strong>html</strong>$          page.<strong>cgi</strong>   [T=application/x-httpd-cgi,L]
+</pre></div>
+
+          <p>Here a request to <code>page.html</code> leads to a
+          internal run of a corresponding <code>page.cgi</code> if
+          <code>page.html</code> is still missing or has filesize
+          null. The trick here is that <code>page.cgi</code> is a
+          usual CGI script which (additionally to its <code>STDOUT</code>)
+          writes its output to the file <code>page.html</code>.
+          Once it was run, the server sends out the data of
+          <code>page.html</code>. When the webmaster wants to force
+          a refresh the contents, he just removes
+          <code>page.html</code> (usually done by a cronjob).</p>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Document With Autorefresh</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Wouldn't it be nice while creating a complex webpage if
+          the webbrowser would automatically refresh the page every
+          time we write a new version from within our editor?
+          Impossible?</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>No! We just combine the MIME multipart feature, the
+          webserver NPH feature and the URL manipulation power of
+          <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>. First, we establish a new
+          URL feature: Adding just <code>:refresh</code> to any
+          URL causes this to be refreshed every time it gets
+          updated on the filesystem.</p>
+
+<div class="example"><pre>
+RewriteRule   ^(/[uge]/[^/]+/?.*):refresh  /internal/cgi/apache/nph-refresh?f=$1
+</pre></div>
+
+          <p>Now when we reference the URL</p>
+
+<div class="example"><pre>
+/u/foo/bar/page.html:refresh
+</pre></div>
+
+          <p>this leads to the internal invocation of the URL</p>
+
+<div class="example"><pre>
+/internal/cgi/apache/nph-refresh?f=/u/foo/bar/page.html
+</pre></div>
+
+          <p>The only missing part is the NPH-CGI script. Although
+          one would usually say "left as an exercise to the reader"
+          ;-) I will provide this, too.</p>
+
+<div class="example"><pre>
+#!/sw/bin/perl
+##
+##  nph-refresh -- NPH/CGI script for auto refreshing pages
+##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved.
+##
+$| = 1;
+
+#   split the QUERY_STRING variable
+@pairs = split(/&amp;/, $ENV{'QUERY_STRING'});
+foreach $pair (@pairs) {
+    ($name, $value) = split(/=/, $pair);
+    $name =~ tr/A-Z/a-z/;
+    $name = 'QS_' . $name;
+    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
+    eval "\$$name = \"$value\"";
+}
+$QS_s = 1 if ($QS_s eq '');
+$QS_n = 3600 if ($QS_n eq '');
+if ($QS_f eq '') {
+    print "HTTP/1.0 200 OK\n";
+    print "Content-type: text/html\n\n";
+    print "&amp;lt;b&amp;gt;ERROR&amp;lt;/b&amp;gt;: No file given\n";
+    exit(0);
+}
+if (! -f $QS_f) {
+    print "HTTP/1.0 200 OK\n";
+    print "Content-type: text/html\n\n";
+    print "&amp;lt;b&amp;gt;ERROR&amp;lt;/b&amp;gt;: File $QS_f not found\n";
+    exit(0);
+}
+
+sub print_http_headers_multipart_begin {
+    print "HTTP/1.0 200 OK\n";
+    $bound = "ThisRandomString12345";
+    print "Content-type: multipart/x-mixed-replace;boundary=$bound\n";
+    &amp;print_http_headers_multipart_next;
+}
+
+sub print_http_headers_multipart_next {
+    print "\n--$bound\n";
+}
+
+sub print_http_headers_multipart_end {
+    print "\n--$bound--\n";
+}
+
+sub displayhtml {
+    local($buffer) = @_;
+    $len = length($buffer);
+    print "Content-type: text/html\n";
+    print "Content-length: $len\n\n";
+    print $buffer;
+}
+
+sub readfile {
+    local($file) = @_;
+    local(*FP, $size, $buffer, $bytes);
+    ($x, $x, $x, $x, $x, $x, $x, $size) = stat($file);
+    $size = sprintf("%d", $size);
+    open(FP, "&amp;lt;$file");
+    $bytes = sysread(FP, $buffer, $size);
+    close(FP);
+    return $buffer;
+}
+
+$buffer = &amp;readfile($QS_f);
+&amp;print_http_headers_multipart_begin;
+&amp;displayhtml($buffer);
+
+sub mystat {
+    local($file) = $_[0];
+    local($time);
+
+    ($x, $x, $x, $x, $x, $x, $x, $x, $x, $mtime) = stat($file);
+    return $mtime;
+}
+
+$mtimeL = &amp;mystat($QS_f);
+$mtime = $mtime;
+for ($n = 0; $n &amp;lt; $QS_n; $n++) {
+    while (1) {
+        $mtime = &amp;mystat($QS_f);
+        if ($mtime ne $mtimeL) {
+            $mtimeL = $mtime;
+            sleep(2);
+            $buffer = &amp;readfile($QS_f);
+            &amp;print_http_headers_multipart_next;
+            &amp;displayhtml($buffer);
+            sleep(5);
+            $mtimeL = &amp;mystat($QS_f);
+            last;
+        }
+        sleep($QS_s);
+    }
+}
+
+&amp;print_http_headers_multipart_end;
+
+exit(0);
+
+##EOF##
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Mass Virtual Hosting</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>The <code class="directive"><a href="../mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code> feature of Apache is nice
+          and works great when you just have a few dozens
+          virtual hosts. But when you are an ISP and have hundreds of
+          virtual hosts to provide this feature is not the best
+          choice.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>To provide this feature we map the remote webpage or even
+          the complete remote webarea to our namespace by the use
+          of the <i>Proxy Throughput</i> feature (flag <code>[P]</code>):</p>
+
+<div class="example"><pre>
+##
+##  vhost.map
+##
+www.vhost1.dom:80  /path/to/docroot/vhost1
+www.vhost2.dom:80  /path/to/docroot/vhost2
+     :
+www.vhostN.dom:80  /path/to/docroot/vhostN
+</pre></div>
+
+<div class="example"><pre>
+##
+##  httpd.conf
+##
+    :
+#   use the canonical hostname on redirects, etc.
+UseCanonicalName on
+
+    :
+#   add the virtual host in front of the CLF-format
+CustomLog  /path/to/access_log  "%{VHOST}e %h %l %u %t \"%r\" %&gt;s %b"
+    :
+
+#   enable the rewriting engine in the main server
+RewriteEngine on
+
+#   define two maps: one for fixing the URL and one which defines
+#   the available virtual hosts with their corresponding
+#   DocumentRoot.
+RewriteMap    lowercase    int:tolower
+RewriteMap    vhost        txt:/path/to/vhost.map
+
+#   Now do the actual virtual host mapping
+#   via a huge and complicated single rule:
+#
+#   1. make sure we don't map for common locations
+RewriteCond   %{REQUEST_URL}  !^/commonurl1/.*
+RewriteCond   %{REQUEST_URL}  !^/commonurl2/.*
+    :
+RewriteCond   %{REQUEST_URL}  !^/commonurlN/.*
+#
+#   2. make sure we have a Host header, because
+#      currently our approach only supports
+#      virtual hosting through this header
+RewriteCond   %{HTTP_HOST}  !^$
+#
+#   3. lowercase the hostname
+RewriteCond   ${lowercase:%{HTTP_HOST}|NONE}  ^(.+)$
+#
+#   4. lookup this hostname in vhost.map and
+#      remember it only when it is a path
+#      (and not "NONE" from above)
+RewriteCond   ${vhost:%1}  ^(/.*)$
+#
+#   5. finally we can map the URL to its docroot location
+#      and remember the virtual host for logging puposes
+RewriteRule   ^/(.*)$   %1/$1  [E=VHOST:${lowercase:%{HTTP_HOST}}]
+    :
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="access" id="access">Access Restriction</a></h2>
+
+    
+
+    <h3>Blocking of Robots</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>How can we block a really annoying robot from
+          retrieving pages of a specific webarea? A
+          <code>/robots.txt</code> file containing entries of the
+          "Robot Exclusion Protocol" is typically not enough to get
+          rid of such a robot.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We use a ruleset which forbids the URLs of the webarea
+          <code>/~quux/foo/arc/</code> (perhaps a very deep
+          directory indexed area where the robot traversal would
+          create big server load). We have to make sure that we
+          forbid access only to the particular robot, i.e. just
+          forbidding the host where the robot runs is not enough.
+          This would block users from this host, too. We accomplish
+          this by also matching the User-Agent HTTP header
+          information.</p>
+
+<div class="example"><pre>
+RewriteCond %{HTTP_USER_AGENT}   ^<strong>NameOfBadRobot</strong>.*
+RewriteCond %{REMOTE_ADDR}       ^<strong>123\.45\.67\.[8-9]</strong>$
+RewriteRule ^<strong>/~quux/foo/arc/</strong>.+   -   [<strong>F</strong>]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Blocked Inline-Images</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Assume we have under <code>http://www.quux-corp.de/~quux/</code>
+          some pages with inlined GIF graphics. These graphics are
+          nice, so others directly incorporate them via hyperlinks to
+          their pages. We don't like this practice because it adds
+          useless traffic to our server.</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>While we cannot 100% protect the images from inclusion,
+          we can at least restrict the cases where the browser
+          sends a HTTP Referer header.</p>
+
+<div class="example"><pre>
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
+RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
+RewriteRule <strong>.*\.gif$</strong>        -                                    [F]
+</pre></div>
+
+<div class="example"><pre>
+RewriteCond %{HTTP_REFERER}         !^$
+RewriteCond %{HTTP_REFERER}         !.*/foo-with-gif\.html$
+RewriteRule <strong>^inlined-in-foo\.gif$</strong>   -                        [F]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Host Deny</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>How can we forbid a list of externally configured hosts
+          from using our server?</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>For Apache &gt;= 1.3b6:</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteMap    hosts-deny  txt:/path/to/hosts.deny
+RewriteCond   ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]
+RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND
+RewriteRule   ^/.*  -  [F]
+</pre></div>
+
+          <p>For Apache &lt;= 1.3b6:</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteMap    hosts-deny  txt:/path/to/hosts.deny
+RewriteRule   ^/(.*)$ ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND}/$1
+RewriteRule   !^NOT-FOUND/.* - [F]
+RewriteRule   ^NOT-FOUND/(.*)$ ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}/$1
+RewriteRule   !^NOT-FOUND/.* - [F]
+RewriteRule   ^NOT-FOUND/(.*)$ /$1
+</pre></div>
+
+<div class="example"><pre>
+##
+##  hosts.deny
+##
+##  ATTENTION! This is a map, not a list, even when we treat it as such.
+##             mod_rewrite parses it for key/value pairs, so at least a
+##             dummy value "-" must be present for each entry.
+##
+
+193.102.180.41 -
+bsdti1.sdm.de  -
+192.76.162.40  -
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Proxy Deny</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>How can we forbid a certain host or even a user of a
+          special host from using the Apache proxy?</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We first have to make sure <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>
+          is below(!) <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> in the Configuration
+          file when compiling the Apache webserver. This way it gets
+          called <em>before</em> <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>. Then we
+          configure the following for a host-dependent deny...</p>
+
+<div class="example"><pre>
+RewriteCond %{REMOTE_HOST} <strong>^badhost\.mydomain\.com$</strong>
+RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]
+</pre></div>
+
+          <p>...and this one for a user@host-dependent deny:</p>
+
+<div class="example"><pre>
+RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST}  <strong>^badguy@badhost\.mydomain\.com$</strong>
+RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Special Authentication Variant</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>Sometimes a very special authentication is needed, for
+          instance a authentication which checks for a set of
+          explicitly configured users. Only these should receive
+          access and without explicit prompting (which would occur
+          when using the Basic Auth via <code class="module"><a href="../mod/mod_access.html">mod_access</a></code>).</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>We use a list of rewrite conditions to exclude all except
+          our friends:</p>
+
+<div class="example"><pre>
+RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend1@client1.quux-corp\.com$</strong>
+RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend2</strong>@client2.quux-corp\.com$
+RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend3</strong>@client3.quux-corp\.com$
+RewriteRule ^/~quux/only-for-friends/      -                                 [F]
+</pre></div>
+        </dd>
+      </dl>
+
+    
+
+    <h3>Referer-based Deflector</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>How can we program a flexible URL Deflector which acts
+          on the "Referer" HTTP header and can be configured with as
+          many referring pages as we like?</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>Use the following really tricky ruleset...</p>
+
+<div class="example"><pre>
+RewriteMap  deflector txt:/path/to/deflector.map
+
+RewriteCond %{HTTP_REFERER} !=""
+RewriteCond ${deflector:%{HTTP_REFERER}} ^-$
+RewriteRule ^.* %{HTTP_REFERER} [R,L]
+
+RewriteCond %{HTTP_REFERER} !=""
+RewriteCond ${deflector:%{HTTP_REFERER}|NOT-FOUND} !=NOT-FOUND
+RewriteRule ^.* ${deflector:%{HTTP_REFERER}} [R,L]
+</pre></div>
+
+          <p>... in conjunction with a corresponding rewrite
+          map:</p>
+
+<div class="example"><pre>
+##
+##  deflector.map
+##
+
+http://www.badguys.com/bad/index.html    -
+http://www.badguys.com/bad/index2.html   -
+http://www.badguys.com/bad/index3.html   http://somewhere.com/
+</pre></div>
+
+          <p>This automatically redirects the request back to the
+          referring page (when "<code>-</code>" is used as the value
+          in the map) or to a specific URL (when an URL is specified
+          in the map as the second argument).</p>
+        </dd>
+      </dl>
+
+    
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div><div class="section"><h2><a name="other" id="other">Other</a></h2>
+
+    
+
+    <h3>External Rewriting Engine</h3>
+
+      
+
+      <dl>
+        <dt><strong>Description:</strong></dt>
+
+        <dd>
+          <p>A FAQ: How can we solve the FOO/BAR/QUUX/etc.
+          problem? There seems no solution by the use of
+          <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>...</p>
+        </dd>
+
+        <dt><strong>Solution:</strong></dt>
+
+        <dd>
+          <p>Use an external <code class="directive"><a href="../mod/mod_rewrite.html#rewritemap">RewriteMap</a></code>, i.e. a program which acts
+          like a <code class="directive"><a href="../mod/mod_rewrite.html#rewritemap">RewriteMap</a></code>. It is run once on startup of Apache
+          receives the requested URLs on <code>STDIN</code> and has
+          to put the resulting (usually rewritten) URL on
+          <code>STDOUT</code> (same order!).</p>
+
+<div class="example"><pre>
+RewriteEngine on
+RewriteMap    quux-map       <strong>prg:</strong>/path/to/map.quux.pl
+RewriteRule   ^/~quux/(.*)$  /~quux/<strong>${quux-map:$1}</strong>
+</pre></div>
+
+<div class="example"><pre>
+#!/path/to/perl
+
+#   disable buffered I/O which would lead
+#   to deadloops for the Apache server
+$| = 1;
+
+#   read URLs one per line from stdin and
+#   generate substitution URL on stdout
+while (&lt;&gt;) {
+    s|^foo/|bar/|;
+    print $_;
+}
+</pre></div>
+
+          <p>This is a demonstration-only example and just rewrites
+          all URLs <code>/~quux/foo/...</code> to
+          <code>/~quux/bar/...</code>. Actually you can program
+          whatever you like. But notice that while such maps can be
+          <strong>used</strong> also by an average user, only the
+          system administrator can <strong>define</strong> it.</p>
+        </dd>
+      </dl>
+
+    
+
+  </div></div><div id="footer"><p class="apache">Maintained by the <a href="http://httpd.apache.org/docs-project/">Apache HTTP Server Documentation Project</a></p><p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div></body></html>
\ No newline at end of file
diff --git a/docs/manual/misc/rewriteguide.html b/docs/manual/misc/rewriteguide.xml
index 8079c2b88e..4e320c44d5 100644
--- a/docs/manual/misc/rewriteguide.html
+++ b/docs/manual/misc/rewriteguide.xml
@@ -1,115 +1,114 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
-    <title>Apache 1.3 URL Rewriting Guide</title>
-  </head>
-  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
-  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
-  vlink="#000080" alink="#FF0000">
-    <blockquote>
-      <!--#include virtual="header.html" -->
-
-      <div align="center">
-        <h1>Apache 1.3<br />
-         URL Rewriting Guide<br />
-        </h1>
-
-        <address>
-          Originally written by<br />
-           Ralf S. Engelschall &lt;rse@apache.org&gt;<br />
-           December 1997
-        </address>
-      </div>
-
-      <p>This document supplements the mod_rewrite <a
-      href="../mod/mod_rewrite.html">reference documentation</a>.
-      It describes how one can use Apache's mod_rewrite to solve
-      typical URL-based problems webmasters are usually confronted
-      with in practice. I give detailed descriptions on how to
-      solve each problem by configuring URL rewriting rulesets.</p>
-
-      <h2><a id="ToC1" name="ToC1">Introduction to
-      mod_rewrite</a></h2>
-      The Apache module mod_rewrite is a killer one, i.e. it is a
-      really sophisticated module which provides a powerful way to
-      do URL manipulations. With it you can nearly do all types of
-      URL manipulations you ever dreamed about. The price you have
-      to pay is to accept complexity, because mod_rewrite's major
-      drawback is that it is not easy to understand and use for the
-      beginner. And even Apache experts sometimes discover new
-      aspects where mod_rewrite can help. 
-
-      <p>In other words: With mod_rewrite you either shoot yourself
-      in the foot the first time and never use it again or love it
-      for the rest of your life because of its power. This paper
-      tries to give you a few initial success events to avoid the
-      first case by presenting already invented solutions to
-      you.</p>
-
-      <h2><a id="ToC2" name="ToC2">Practical Solutions</a></h2>
-      Here come a lot of practical solutions I've either invented
-      myself or collected from other peoples solutions in the past.
-      Feel free to learn the black magic of URL rewriting from
-      these examples. 
-
-      <table bgcolor="#FFE0E0" border="0" cellspacing="0"
-      cellpadding="5">
-        <tr>
-          <td>ATTENTION: Depending on your server-configuration it
-          can be necessary to slightly change the examples for your
-          situation, e.g. adding the [PT] flag when additionally
-          using mod_alias and mod_userdir, etc. Or rewriting a
-          ruleset to fit in <code>.htaccess</code> context instead
-          of per-server context. Always try to understand what a
-          particular ruleset really does before you use it. It
-          avoid problems.</td>
-        </tr>
-      </table>
-
-      <h1>URL Layout</h1>
-
-      <h2>Canonical URLs</h2>
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
+<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
+
+<manualpage>
+  <relativepath href=".." />
+
+  <title>URL Rewriting Guide</title>
+
+  <summary>
+    <note>
+      <address>Originally written by<br />
+      Ralf S. Engelschall &lt;rse@apache.org&gt;<br />
+      December 1997</address>
+    </note>
+
+    <p>This document supplements the <module>mod_rewrite</module>
+    <a href="../mod/mod_rewrite.html">reference documentation</a>.
+    It describes how one can use Apache's <module>mod_rewrite</module>
+    to solve typical URL-based problems webmasters are usually confronted
+    with in practice. I give detailed descriptions on how to
+    solve each problem by configuring URL rewriting rulesets.</p>
+
+  </summary>
+
+  <section id="ToC1">
+
+    <title>Introduction to <code>mod_rewrite</code></title>
+
+    <p>The Apache module <module>mod_rewrite</module> is a killer
+    one, i.e. it is a really sophisticated module which provides
+    a powerful way to do URL manipulations. With it you can nearly
+    do all types of URL manipulations you ever dreamed about.
+    The price you have to pay is to accept complexity, because
+    <module>mod_rewrite</module>'s major drawback is that it is
+    not easy to understand and use for the beginner. And even
+    Apache experts sometimes discover new aspects where
+    <module>mod_rewrite</module> can help.</p>
+
+    <p>In other words: With <module>mod_rewrite</module> you either
+    shoot yourself in the foot the first time and never use it again
+    or love it for the rest of your life because of its power.
+    This paper tries to give you a few initial success events to
+    avoid the first case by presenting already invented solutions
+    to you.</p>
+
+  </section>
+
+  <section id="ToC2">
+
+    <title>Practical Solutions</title>
+
+    <p>Here come a lot of practical solutions I've either invented
+    myself or collected from other peoples solutions in the past.
+    Feel free to learn the black magic of URL rewriting from
+    these examples.</p>
+
+    <note type="warning">ATTENTION: Depending on your server-configuration
+    it can be necessary to slightly change the examples for your
+    situation, e.g. adding the <code>[PT]</code> flag when
+    additionally using <module>mod_alias</module> and
+    <module>mod_userdir</module>, etc. Or rewriting a ruleset
+    to fit in <code>.htaccess</code> context instead
+    of per-server context. Always try to understand what a
+    particular ruleset really does before you use it. It
+    avoid problems.</note>
+
+  </section>
+
+  <section id="url">
+
+    <title>URL Layout</title>
+
+    <section>
+
+      <title>Canonical URLs</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>On some webservers there are more than one URL for a
-        resource. Usually there are canonical URLs (which should be
-        actually used and distributed) and those which are just
-        shortcuts, internal ones, etc. Independent of which URL the
-        user supplied with the request he should finally see the
-        canonical one only.</dd>
+        <dd>
+          <p>On some webservers there are more than one URL for a
+          resource. Usually there are canonical URLs (which should be
+          actually used and distributed) and those which are just
+          shortcuts, internal ones, etc. Independent of which URL the
+          user supplied with the request he should finally see the
+          canonical one only.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We do an external HTTP redirect for all non-canonical
+          <p>We do an external HTTP redirect for all non-canonical
           URLs to fix them in the location view of the Browser and
           for all subsequent requests. In the example ruleset below
           we replace <code>/~user</code> by the canonical
           <code>/u/user</code> and fix a missing trailing slash for
-          <code>/u/user</code>. 
+          <code>/u/user</code>.</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteRule   ^/<strong>~</strong>([^/]+)/?(.*)    /<strong>u</strong>/$1/$2  [<strong>R</strong>]
 RewriteRule   ^/([uge])/(<strong>[^/]+</strong>)$  /$1/$2<strong>/</strong>   [<strong>R</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Canonical Hostnames</h2>
+    </section>
+
+    <section>
+
+      <title>Canonical Hostnames</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
@@ -119,11 +118,7 @@ RewriteRule   ^/([uge])/(<strong>[^/]+</strong>)$  /$1/$2<strong>/</strong>   [<
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
 RewriteCond %{HTTP_HOST}   !^$
 RewriteCond %{SERVER_PORT} !^80$
@@ -131,75 +126,78 @@ RewriteRule ^/(.*)         http://fully.qualified.domain.name:%{SERVER_PORT}/$1
 RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
 RewriteCond %{HTTP_HOST}   !^$
 RewriteRule ^/(.*)         http://fully.qualified.domain.name/$1 [L,R]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Moved DocumentRoot</h2>
+    </section>
+
+    <section>
+
+      <title>Moved <code>DocumentRoot</code></title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Usually the DocumentRoot of the webserver directly
-        relates to the URL ``<code>/</code>''. But often this data
-        is not really of top-level priority, it is perhaps just one
-        entity of a lot of data pools. For instance at our Intranet
-        sites there are <code>/e/www/</code> (the homepage for
-        WWW), <code>/e/sww/</code> (the homepage for the Intranet)
-        etc. Now because the data of the DocumentRoot stays at
-        <code>/e/www/</code> we had to make sure that all inlined
-        images and other stuff inside this data pool work for
-        subsequent requests.</dd>
+        <dd>
+          <p>Usually the <directive module="core">DocumentRoot</directive>
+          of the webserver directly relates to the URL "<code>/</code>".
+          But often this data is not really of top-level priority, it is
+          perhaps just one entity of a lot of data pools. For instance at
+          our Intranet sites there are <code>/e/www/</code>
+          (the homepage for WWW), <code>/e/sww/</code> (the homepage for
+          the Intranet) etc. Now because the data of the <directive module="core"
+          >DocumentRoot</directive> stays at <code>/e/www/</code> we had
+          to make sure that all inlined images and other stuff inside this
+          data pool work for subsequent requests.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We just redirect the URL <code>/</code> to
+          <p>We just redirect the URL <code>/</code> to
           <code>/e/www/</code>. While is seems trivial it is
-          actually trivial with mod_rewrite, only. Because the
-          typical old mechanisms of URL <em>Aliases</em> (as
-          provides by mod_alias and friends) only used
-          <em>prefix</em> matching. With this you cannot do such a
-          redirection because the DocumentRoot is a prefix of all
-          URLs. With mod_rewrite it is really trivial: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+          actually trivial with <module>mod_rewrite</module>, only.
+          Because the typical old mechanisms of URL <em>Aliases</em>
+          (as provides by <module>mod_alias</module> and friends)
+          only used <em>prefix</em> matching. With this you cannot
+          do such a redirection because the <directive module="core"
+          >DocumentRoot</directive> is a prefix of all URLs. With
+          <module>mod_rewrite</module> it is really trivial:</p>
+
+<example><pre>
 RewriteEngine on
 RewriteRule   <strong>^/$</strong>  /e/www/  [<strong>R</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Trailing Slash Problem</h2>
+    </section>
+
+    <section>
+
+      <title>Trailing Slash Problem</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Every webmaster can sing a song about the problem of
-        the trailing slash on URLs referencing directories. If they
-        are missing, the server dumps an error, because if you say
-        <code>/~quux/foo</code> instead of <code>/~quux/foo/</code>
-        then the server searches for a <em>file</em> named
-        <code>foo</code>. And because this file is a directory it
-        complains. Actually it tries to fix it itself in most of
-        the cases, but sometimes this mechanism need to be emulated
-        by you. For instance after you have done a lot of
-        complicated URL rewritings to CGI scripts etc.</dd>
+        <dd>
+          <p>Every webmaster can sing a song about the problem of
+          the trailing slash on URLs referencing directories. If they
+          are missing, the server dumps an error, because if you say
+          <code>/~quux/foo</code> instead of <code>/~quux/foo/</code>
+          then the server searches for a <em>file</em> named
+          <code>foo</code>. And because this file is a directory it
+          complains. Actually it tries to fix it itself in most of
+          the cases, but sometimes this mechanism need to be emulated
+          by you. For instance after you have done a lot of
+          complicated URL rewritings to CGI scripts etc.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          The solution to this subtle problem is to let the server
+          <p>The solution to this subtle problem is to let the server
           add the trailing slash automatically. To do this
           correctly we have to use an external redirect, so the
           browser correctly requests subsequent images etc. If we
@@ -210,98 +208,89 @@ RewriteRule   <strong>^/$</strong>  /e/www/  [<strong>R</strong>]
           request for <code>image.gif</code> in
           <code>/~quux/foo/index.html</code> would become
           <code>/~quux/image.gif</code> without the external
-          redirect! 
+          redirect!</p>
 
           <p>So, to do this trick we write:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine  on
 RewriteBase    /~quux/
 RewriteRule    ^foo<strong>$</strong>  foo<strong>/</strong>  [<strong>R</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>The crazy and lazy can even do the following in the
           top-level <code>.htaccess</code> file of their homedir.
           But notice that this creates some processing
           overhead.</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine  on
 RewriteBase    /~quux/
 RewriteCond    %{REQUEST_FILENAME}  <strong>-d</strong>
 RewriteRule    ^(.+<strong>[^/]</strong>)$           $1<strong>/</strong>  [R]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Webcluster through Homogeneous URL Layout</h2>
+    </section>
+
+    <section>
+
+      <title>Webcluster through Homogeneous URL Layout</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>We want to create a homogeneous and consistent URL
-        layout over all WWW servers on a Intranet webcluster, i.e.
-        all URLs (per definition server local and thus server
-        dependent!) become actually server <em>independent</em>!
-        What we want is to give the WWW namespace a consistent
-        server-independent layout: no URL should have to include
-        any physically correct target server. The cluster itself
-        should drive us automatically to the physical target
-        host.</dd>
+        <dd>
+          <p>We want to create a homogeneous and consistent URL
+          layout over all WWW servers on a Intranet webcluster, i.e.
+          all URLs (per definition server local and thus server
+          dependent!) become actually server <em>independent</em>!
+          What we want is to give the WWW namespace a consistent
+          server-independent layout: no URL should have to include
+          any physically correct target server. The cluster itself
+          should drive us automatically to the physical target
+          host.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          First, the knowledge of the target servers come from
+          <p>First, the knowledge of the target servers come from
           (distributed) external maps which contain information
           where our users, groups and entities stay. The have the
-          form 
-<pre>
+          form</p>
+
+<example><pre>
 user1  server_of_user1
 user2  server_of_user2
 :      :
-</pre>
+</pre></example>
 
           <p>We put them into files <code>map.xxx-to-host</code>.
           Second we need to instruct all servers to redirect URLs
           of the forms</p>
-<pre>
+
+<example><pre>
 /u/user/anypath
 /g/group/anypath
 /e/entity/anypath
-</pre>
+</pre></example>
 
           <p>to</p>
-<pre>
+
+<example><pre>
 http://physical-host/u/user/anypath
 http://physical-host/g/group/anypath
 http://physical-host/e/entity/anypath
-</pre>
+</pre></example>
 
           <p>when the URL is not locally valid to a server. The
           following ruleset does this for us by the help of the map
           files (assuming that server0 is a default server which
           will be used if a user has no entry in the map):</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
 
 RewriteMap      user-to-host   txt:/path/to/map.user-to-host
@@ -314,86 +303,85 @@ RewriteRule   ^/e/<strong>([^/]+)</strong>/?(.*) http://<strong>${entity-to-host
 
 RewriteRule   ^/([uge])/([^/]+)/?$          /$1/$2/.www/
 RewriteRule   ^/([uge])/([^/]+)/([^.]+.+)   /$1/$2/.www/$3\
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Move Homedirs to Different Webserver</h2>
+    </section>
+
+    <section>
+
+      <title>Move Homedirs to Different Webserver</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Many webmasters have asked for a solution to the
-        following situation: They wanted to redirect just all
-        homedirs on a webserver to another webserver. They usually
-        need such things when establishing a newer webserver which
-        will replace the old one over time.</dd>
+        <dd>
+          <p>Many webmasters have asked for a solution to the
+          following situation: They wanted to redirect just all
+          homedirs on a webserver to another webserver. They usually
+          need such things when establishing a newer webserver which
+          will replace the old one over time.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          The solution is trivial with mod_rewrite. On the old
-          webserver we just redirect all
+          <p>The solution is trivial with <module>mod_rewrite</module>.
+          On the old webserver we just redirect all
           <code>/~user/anypath</code> URLs to
-          <code>http://newserver/~user/anypath</code>. 
+          <code>http://newserver/~user/anypath</code>.</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
 RewriteRule   ^/~(.+)  http://<strong>newserver</strong>/~$1  [R,L]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Structured Homedirs</h2>
+    </section>
+
+    <section>
+
+      <title>Structured Homedirs</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Some sites with thousands of users usually use a
-        structured homedir layout, i.e. each homedir is in a
-        subdirectory which begins for instance with the first
-        character of the username. So, <code>/~foo/anypath</code>
-        is <code>/home/<strong>f</strong>/foo/.www/anypath</code>
-        while <code>/~bar/anypath</code> is
-        <code>/home/<strong>b</strong>/bar/.www/anypath</code>.</dd>
+        <dd>
+          <p>Some sites with thousands of users usually use a
+          structured homedir layout, i.e. each homedir is in a
+          subdirectory which begins for instance with the first
+          character of the username. So, <code>/~foo/anypath</code>
+          is <code>/home/<strong>f</strong>/foo/.www/anypath</code>
+          while <code>/~bar/anypath</code> is
+          <code>/home/<strong>b</strong>/bar/.www/anypath</code>.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We use the following ruleset to expand the tilde URLs
-          into exactly the above layout. 
+          <p>We use the following ruleset to expand the tilde URLs
+          into exactly the above layout.</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
 RewriteRule   ^/~(<strong>([a-z])</strong>[a-z0-9]+)(.*)  /home/<strong>$2</strong>/$1/.www$3
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Filesystem Reorganization</h2>
+    </section>
+
+    <section>
+
+      <title>Filesystem Reorganization</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
         <dd>
-          This really is a hardcore example: a killer application
+          <p>This really is a hardcore example: a killer application
           which heavily uses per-directory
           <code>RewriteRules</code> to get a smooth look and feel
           on the Web while its data structure is never touched or
@@ -404,8 +392,9 @@ RewriteRule   ^/~(<strong>([a-z])</strong>[a-z0-9]+)(.*)  /home/<strong>$2</stro
           science I have also worked for many years as a system and
           network administrator in my spare time. Every week I need
           some sort of software so I created a deep hierarchy of
-          directories where I stored the packages: 
-<pre>
+          directories where I stored the packages:</p>
+
+<example><pre>
 drwxrwxr-x   2 netsw  users    512 Aug  3 18:39 Audio/
 drwxrwxr-x   2 netsw  users    512 Jul  9 14:37 Benchmark/
 drwxrwxr-x  12 netsw  users    512 Jul  9 00:34 Crypto/
@@ -422,7 +411,7 @@ drwxrwxr-x   7 netsw  users    512 Jul  9 09:24 SoftEng/
 drwxrwxr-x   7 netsw  users    512 Jul  9 12:17 System/
 drwxrwxr-x  12 netsw  users    512 Aug  3 20:15 Typesetting/
 drwxrwxr-x  10 netsw  users    512 Jul  9 14:08 X11/
-</pre>
+</pre></example>
 
           <p>In July 1996 I decided to make this archive public to
           the world via a nice Web interface. "Nice" means that I
@@ -438,11 +427,12 @@ drwxrwxr-x  10 netsw  users    512 Jul  9 14:08 X11/
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          The solution has two parts: The first is a set of CGI
+          <p>The solution has two parts: The first is a set of CGI
           scripts which create all the pages at all directory
           levels on-the-fly. I put them under
-          <code>/e/netsw/.www/</code> as follows: 
-<pre>
+          <code>/e/netsw/.www/</code> as follows:</p>
+
+<example><pre>
 -rw-r--r--   1 netsw  users    1318 Aug  1 18:10 .wwwacl
 drwxr-xr-x  18 netsw  users     512 Aug  5 15:51 DATA/
 -rw-rw-rw-   1 netsw  users  372982 Aug  5 16:35 LOGFILE
@@ -456,7 +446,7 @@ drwxr-xr-x   2 netsw  users     512 Jul  8 23:47 netsw-img/
 -rwxr-xr-x   1 netsw  users    1589 Aug  3 18:43 netsw-search.cgi
 -rwxr-xr-x   1 netsw  users    1885 Aug  1 17:41 netsw-tree.cgi
 -rw-r--r--   1 netsw  users     234 Jul 30 16:35 netsw-unlimit.lst
-</pre>
+</pre></example>
 
           <p>The <code>DATA/</code> subdirectory holds the above
           directory structure, i.e. the real
@@ -468,21 +458,15 @@ drwxr-xr-x   2 netsw  users     512 Jul  8 23:47 netsw-img/
           from the user while running the appropriate CGI scripts
           for the various URLs. Here is the solution: first I put
           the following into the per-directory configuration file
-          in the Document Root of the server to rewrite the
-          announced URL <code>/net.sw/</code> to the internal path
+          in the <directive module="core">DocumentRoot</directive>
+          of the server to rewrite the announced URL
+          <code>/net.sw/</code> to the internal path
           <code>/e/netsw</code>:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteRule  ^net.sw$       net.sw/        [R]
 RewriteRule  ^net.sw/(.*)$  e/netsw/$1
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>The first rule is for requests which miss the trailing
           slash! The second rule does the real thing. And then
@@ -490,19 +474,15 @@ RewriteRule  ^net.sw/(.*)$  e/netsw/$1
           per-directory config file
           <code>/e/netsw/.www/.wwwacl</code>:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-Options       ExecCGI FollowSymLinks Includes MultiViews 
+<example><pre>
+Options       ExecCGI FollowSymLinks Includes MultiViews
 
 RewriteEngine on
 
 #  we are reached via /net.sw/ prefix
 RewriteBase   /net.sw/
 
-#  first we rewrite the root dir to 
+#  first we rewrite the root dir to
 #  the handling cgi script
 RewriteRule   ^$                       netsw-home.cgi     [L]
 RewriteRule   ^index\.html$            netsw-home.cgi     [L]
@@ -523,81 +503,80 @@ RewriteRule   ^netsw-img/.*$           -                  [L]
 #  by another cgi script
 RewriteRule   !^netsw-lsdir\.cgi.*     -                  [C]
 RewriteRule   (.*)                     netsw-lsdir.cgi/$1
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>Some hints for interpretation:</p>
 
           <ol>
-            <li>Notice the L (last) flag and no substitution field
-            ('-') in the forth part</li>
+            <li>Notice the <code>L</code> (last) flag and no
+            substitution field ('<code>-</code>') in the forth part</li>
 
-            <li>Notice the ! (not) character and the C (chain) flag
-            at the first rule in the last part</li>
+            <li>Notice the <code>!</code> (not) character and
+            the <code>C</code> (chain) flag at the first rule
+            in the last part</li>
 
             <li>Notice the catch-all pattern in the last rule</li>
           </ol>
         </dd>
       </dl>
 
-      <h2>NCSA imagemap to Apache mod_imap</h2>
+    </section>
+
+    <section>
+
+      <title>NCSA imagemap to Apache <code>mod_imap</code></title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>When switching from the NCSA webserver to the more
-        modern Apache webserver a lot of people want a smooth
-        transition. So they want pages which use their old NCSA
-        <code>imagemap</code> program to work under Apache with the
-        modern <code>mod_imap</code>. The problem is that there are
-        a lot of hyperlinks around which reference the
-        <code>imagemap</code> program via
-        <code>/cgi-bin/imagemap/path/to/page.map</code>. Under
-        Apache this has to read just
-        <code>/path/to/page.map</code>.</dd>
+        <dd>
+          <p>When switching from the NCSA webserver to the more
+          modern Apache webserver a lot of people want a smooth
+          transition. So they want pages which use their old NCSA
+          <code>imagemap</code> program to work under Apache with the
+          modern <module>mod_imap</module>. The problem is that there
+          are a lot of hyperlinks around which reference the
+          <code>imagemap</code> program via
+          <code>/cgi-bin/imagemap/path/to/page.map</code>. Under
+          Apache this has to read just
+          <code>/path/to/page.map</code>.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We use a global rule to remove the prefix on-the-fly for
-          all requests: 
+          <p>We use a global rule to remove the prefix on-the-fly for
+          all requests:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine  on
 RewriteRule    ^/cgi-bin/imagemap(.*)  $1  [PT]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Search pages in more than one directory</h2>
+    </section>
+
+    <section>
+
+      <title>Search pages in more than one directory</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Sometimes it is necessary to let the webserver search
-        for pages in more than one directory. Here MultiViews or
-        other techniques cannot help.</dd>
+        <dd>
+          <p>Sometimes it is necessary to let the webserver search
+          for pages in more than one directory. Here MultiViews or
+          other techniques cannot help.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We program a explicit ruleset which searches for the
-          files in the directories. 
+          <p>We program a explicit ruleset which searches for the
+          files in the directories.</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
 
 #   first try to find it in custom/...
@@ -613,223 +592,208 @@ RewriteRule  ^(.+)  /your/docroot/<strong>dir2</strong>/$1  [L]
 #   else go on for other Alias or ScriptAlias directives,
 #   etc.
 RewriteRule   ^(.+)  -  [PT]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Set Environment Variables According To URL Parts</h2>
+    </section>
+
+    <section>
+
+      <title>Set Environment Variables According To URL Parts</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Perhaps you want to keep status information between
-        requests and use the URL to encode it. But you don't want
-        to use a CGI wrapper for all pages just to strip out this
-        information.</dd>
+        <dd>
+          <p>Perhaps you want to keep status information between
+          requests and use the URL to encode it. But you don't want
+          to use a CGI wrapper for all pages just to strip out this
+          information.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We use a rewrite rule to strip out the status information
+          <p>We use a rewrite rule to strip out the status information
           and remember it via an environment variable which can be
           later dereferenced from within XSSI or CGI. This way a
           URL <code>/foo/S=java/bar/</code> gets translated to
           <code>/foo/bar/</code> and the environment variable named
-          <code>STATUS</code> is set to the value "java". 
+          <code>STATUS</code> is set to the value "java".</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
 RewriteRule   ^(.*)/<strong>S=([^/]+)</strong>/(.*)    $1/$3 [E=<strong>STATUS:$2</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Virtual User Hosts</h2>
+    </section>
+
+    <section>
+
+      <title>Virtual User Hosts</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Assume that you want to provide
-        <code>www.<strong>username</strong>.host.domain.com</code>
-        for the homepage of username via just DNS A records to the
-        same machine and without any virtualhosts on this
-        machine.</dd>
+        <dd>
+          <p>Assume that you want to provide
+          <code>www.<strong>username</strong>.host.domain.com</code>
+          for the homepage of username via just DNS A records to the
+          same machine and without any virtualhosts on this
+          machine.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          For HTTP/1.0 requests there is no solution, but for
+          <p>For HTTP/1.0 requests there is no solution, but for
           HTTP/1.1 requests which contain a Host: HTTP header we
           can use the following ruleset to rewrite
           <code>http://www.username.host.com/anypath</code>
-          internally to <code>/home/username/anypath</code>: 
+          internally to <code>/home/username/anypath</code>:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
 RewriteCond   %{<strong>HTTP_HOST</strong>}                 ^www\.<strong>[^.]+</strong>\.host\.com$
 RewriteRule   ^(.+)                        %{HTTP_HOST}$1          [C]
 RewriteRule   ^www\.<strong>([^.]+)</strong>\.host\.com(.*) /home/<strong>$1</strong>$2
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Redirect Homedirs For Foreigners</h2>
+    </section>
+
+    <section>
+
+      <title>Redirect Homedirs For Foreigners</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>We want to redirect homedir URLs to another webserver
-        <code>www.somewhere.com</code> when the requesting user
-        does not stay in the local domain
-        <code>ourdomain.com</code>. This is sometimes used in
-        virtual host contexts.</dd>
+        <dd>
+          <p>We want to redirect homedir URLs to another webserver
+          <code>www.somewhere.com</code> when the requesting user
+          does not stay in the local domain
+          <code>ourdomain.com</code>. This is sometimes used in
+          virtual host contexts.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          Just a rewrite condition: 
+          <p>Just a rewrite condition:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
 RewriteCond   %{REMOTE_HOST}  <strong>!^.+\.ourdomain\.com$</strong>
 RewriteRule   ^(/~.+)         http://www.somewhere.com/$1 [R,L]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Redirect Failing URLs To Other Webserver</h2>
+    </section>
+
+    <section>
+
+      <title>Redirect Failing URLs To Other Webserver</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>A typical FAQ about URL rewriting is how to redirect
-        failing requests on webserver A to webserver B. Usually
-        this is done via ErrorDocument CGI-scripts in Perl, but
-        there is also a mod_rewrite solution. But notice that this
-        performs more poorly than using an ErrorDocument
-        CGI-script!</dd>
+        <dd>
+          <p>A typical FAQ about URL rewriting is how to redirect
+          failing requests on webserver A to webserver B. Usually
+          this is done via <directive module="core"
+          >ErrorDocument</directive> CGI-scripts in Perl, but
+          there is also a <module>mod_rewrite</module> solution.
+          But notice that this performs more poorly than using an
+          <directive module="core">ErrorDocument</directive>
+          CGI-script!</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          The first solution has the best performance but less
-          flexibility, and is less error safe: 
+          <p>The first solution has the best performance but less
+          flexibility, and is less error safe:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
 RewriteCond   /your/docroot/%{REQUEST_FILENAME} <strong>!-f</strong>
 RewriteRule   ^(.+)                             http://<strong>webserverB</strong>.dom/$1
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>The problem here is that this will only work for pages
-          inside the DocumentRoot. While you can add more
+          inside the <directive module="core">DocumentRoot</directive>. While you can add more
           Conditions (for instance to also handle homedirs, etc.)
           there is better variant:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
 RewriteCond   %{REQUEST_URI} <strong>!-U</strong>
 RewriteRule   ^(.+)          http://<strong>webserverB</strong>.dom/$1
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
-          <p>This uses the URL look-ahead feature of mod_rewrite.
+          <p>This uses the URL look-ahead feature of <module>mod_rewrite</module>.
           The result is that this will work for all types of URLs
           and is a safe way. But it does a performance impact on
           the webserver, because for every request there is one
           more internal subrequest. So, if your webserver runs on a
           powerful CPU, use this one. If it is a slow machine, use
-          the first approach or better a ErrorDocument
-          CGI-script.</p>
+          the first approach or better a <directive module="core"
+          >ErrorDocument</directive> CGI-script.</p>
         </dd>
       </dl>
 
-      <h2>Extended Redirection</h2>
+    </section>
+
+    <section>
+
+      <title>Extended Redirection</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Sometimes we need more control (concerning the
-        character escaping mechanism) of URLs on redirects. Usually
-        the Apache kernels URL escape function also escapes
-        anchors, i.e. URLs like "url#anchor". You cannot use this
-        directly on redirects with mod_rewrite because the
-        uri_escape() function of Apache would also escape the hash
-        character. How can we redirect to such a URL?</dd>
+        <dd>
+          <p>Sometimes we need more control (concerning the
+          character escaping mechanism) of URLs on redirects.
+          Usually the Apache kernels URL escape function also
+          escapes anchors, i.e. URLs like "<code>url#anchor</code>".
+          You cannot use this directly on redirects with
+          <module>mod_rewrite</module> because the
+          <code>uri_escape()</code> function of Apache
+          would also escape the hash character.
+          How can we redirect to such a URL?</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We have to use a kludge by the use of a NPH-CGI script
+          <p>We have to use a kludge by the use of a NPH-CGI script
           which does the redirect itself. Because here no escaping
           is done (NPH=non-parseable headers). First we introduce a
           new URL scheme <code>xredirect:</code> by the following
           per-server config-line (should be one of the last rewrite
-          rules): 
+          rules):</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteRule ^xredirect:(.+) /path/to/nph-xredirect.cgi/$1 \
             [T=application/x-httpd-cgi,L]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>This forces all URLs prefixed with
           <code>xredirect:</code> to be piped through the
           <code>nph-xredirect.cgi</code> program. And this program
           just looks like:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 #!/path/to/perl
 ##
 ##  nph-xredirect.cgi -- NPH/CGI script for extended redirects
-##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved. 
+##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved.
 ##
 
 $| = 1;
@@ -851,79 +815,66 @@ print "&lt;/body&gt;\n";
 print "&lt;/html&gt;\n";
 
 ##EOF##
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>This provides you with the functionality to do
           redirects to all URL schemes, i.e. including the one
-          which are not directly accepted by mod_rewrite. For
-          instance you can now also redirect to
+          which are not directly accepted by <module>mod_rewrite</module>.
+          For instance you can now also redirect to
           <code>news:newsgroup</code> via</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteRule ^anyurl  xredirect:news:newsgroup
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
-          <p>Notice: You have not to put [R] or [R,L] to the above
-          rule because the <code>xredirect:</code> need to be
-          expanded later by our special "pipe through" rule
-          above.</p>
+          <note>Notice: You have not to put <code>[R]</code> or
+          <code>[R,L]</code> to the above rule because the
+          <code>xredirect:</code> need to be expanded later
+          by our special "pipe through" rule above.</note>
         </dd>
       </dl>
 
-      <h2>Archive Access Multiplexer</h2>
+    </section>
+
+    <section>
+
+      <title>Archive Access Multiplexer</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Do you know the great CPAN (Comprehensive Perl Archive
-        Network) under <a
-        href="http://www.perl.com/CPAN">http://www.perl.com/CPAN</a>?
-        This does a redirect to one of several FTP servers around
-        the world which carry a CPAN mirror and is approximately
-        near the location of the requesting client. Actually this
-        can be called an FTP access multiplexing service. While
-        CPAN runs via CGI scripts, how can a similar approach
-        implemented via mod_rewrite?</dd>
+        <dd>
+          <p>Do you know the great CPAN (Comprehensive Perl Archive
+          Network) under <a href="http://www.perl.com/CPAN"
+          >http://www.perl.com/CPAN</a>?
+          This does a redirect to one of several FTP servers around
+          the world which carry a CPAN mirror and is approximately
+          near the location of the requesting client. Actually this
+          can be called an FTP access multiplexing service. While
+          CPAN runs via CGI scripts, how can a similar approach
+          implemented via <module>mod_rewrite</module>?</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          First we notice that from version 3.0.0 mod_rewrite can
-          also use the "ftp:" scheme on redirects. And second, the
-          location approximation can be done by a rewritemap over
-          the top-level domain of the client. With a tricky chained
-          ruleset we can use this top-level domain as a key to our
-          multiplexing map. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+          <p>First we notice that from version 3.0.0
+          <module>mod_rewrite</module> can
+          also use the "<code>ftp:</code>" scheme on redirects.
+          And second, the location approximation can be done by a
+          <directive module="mod_rewrite">RewriteMap</directive>
+          over the top-level domain of the client.
+          With a tricky chained ruleset we can use this top-level
+          domain as a key to our multiplexing map.</p>
+
+<example><pre>
 RewriteEngine on
 RewriteMap    multiplex                txt:/path/to/map.cxan
 RewriteRule   ^/CxAN/(.*)              %{REMOTE_HOST}::$1                 [C]
 RewriteRule   ^.+\.<strong>([a-zA-Z]+)</strong>::(.*)$  ${multiplex:<strong>$1</strong>|ftp.default.dom}$2  [R,L]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+</pre></example>
+
+<example><pre>
 ##
 ##  map.cxan -- Multiplexing Map for CxAN
 ##
@@ -933,78 +884,77 @@ uk        ftp://ftp.cxan.uk/CxAN/
 com       ftp://ftp.cxan.com/CxAN/
  :
 ##EOF##
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Time-Dependent Rewriting</h2>
+    </section>
+
+    <section>
+
+      <title>Time-Dependent Rewriting</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>When tricks like time-dependent content should happen a
-        lot of webmasters still use CGI scripts which do for
-        instance redirects to specialized pages. How can it be done
-        via mod_rewrite?</dd>
+        <dd>
+          <p>When tricks like time-dependent content should happen a
+          lot of webmasters still use CGI scripts which do for
+          instance redirects to specialized pages. How can it be done
+          via <module>mod_rewrite</module>?</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          There are a lot of variables named <code>TIME_xxx</code>
+          <p>There are a lot of variables named <code>TIME_xxx</code>
           for rewrite conditions. In conjunction with the special
-          lexicographic comparison patterns &lt;STRING, &gt;STRING
-          and =STRING we can do time-dependent redirects: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+          lexicographic comparison patterns <code>&lt;STRING</code>,
+          <code>&gt;STRING</code> and <code>=STRING</code> we can
+          do time-dependent redirects:</p>
+
+<example><pre>
 RewriteEngine on
 RewriteCond   %{TIME_HOUR}%{TIME_MIN} &gt;0700
 RewriteCond   %{TIME_HOUR}%{TIME_MIN} &lt;1900
 RewriteRule   ^foo\.html$             foo.day.html
 RewriteRule   ^foo\.html$             foo.night.html
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>This provides the content of <code>foo.day.html</code>
-          under the URL <code>foo.html</code> from 07:00-19:00 and
-          at the remaining time the contents of
-          <code>foo.night.html</code>. Just a nice feature for a
-          homepage...</p>
+          under the URL <code>foo.html</code> from
+          <code>07:00-19:00</code> and at the remaining time the
+          contents of <code>foo.night.html</code>. Just a nice
+          feature for a homepage...</p>
         </dd>
       </dl>
 
-      <h2>Backward Compatibility for YYYY to XXXX migration</h2>
+    </section>
+
+    <section>
+
+      <title>Backward Compatibility for YYYY to XXXX migration</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>How can we make URLs backward compatible (still
-        existing virtually) after migrating document.YYYY to
-        document.XXXX, e.g. after translating a bunch of .html
-        files to .phtml?</dd>
+        <dd>
+          <p>How can we make URLs backward compatible (still
+          existing virtually) after migrating <code>document.YYYY</code>
+          to <code>document.XXXX</code>, e.g. after translating a
+          bunch of <code>.html</code> files to <code>.phtml</code>?</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We just rewrite the name to its basename and test for
+          <p>We just rewrite the name to its basename and test for
           existence of the new extension. If it exists, we take
-          that name, else we rewrite the URL to its original state.
-          
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-#   backward compatibility ruleset for 
+          that name, else we rewrite the URL to its original state.</p>
+
+
+<example><pre>
+#   backward compatibility ruleset for
 #   rewriting document.html to document.phtml
 #   when and only when document.phtml exists
 #   but no longer document.html
@@ -1018,95 +968,100 @@ RewriteRule   ^(.*)$ $1.phtml                   [S=1]
 #   else reverse the previous basename cutout
 RewriteCond   %{ENV:WasHTML}            ^yes$
 RewriteRule   ^(.*)$ $1.html
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h1>Content Handling</h1>
+    </section>
+
+  </section>
+
+  <section id="content">
 
-      <h2>From Old to New (intern)</h2>
+    <title>Content Handling</title>
+
+    <section>
+
+      <title>From Old to New (intern)</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Assume we have recently renamed the page
-        <code>bar.html</code> to <code>foo.html</code> and now want
-        to provide the old URL for backward compatibility. Actually
-        we want that users of the old URL even not recognize that
-        the pages was renamed.</dd>
+        <dd>
+          <p>Assume we have recently renamed the page
+          <code>bar.html</code> to <code>foo.html</code> and now want
+          to provide the old URL for backward compatibility. Actually
+          we want that users of the old URL even not recognize that
+          the pages was renamed.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We rewrite the old URL to the new one internally via the
-          following rule: 
+          <p>We rewrite the old URL to the new one internally via the
+          following rule:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine  on
 RewriteBase    /~quux/
 RewriteRule    ^<strong>foo</strong>\.html$  <strong>bar</strong>.html
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>From Old to New (extern)</h2>
+    </section>
+
+    <section>
+
+      <title>From Old to New (extern)</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Assume again that we have recently renamed the page
-        <code>bar.html</code> to <code>foo.html</code> and now want
-        to provide the old URL for backward compatibility. But this
-        time we want that the users of the old URL get hinted to
-        the new one, i.e. their browsers Location field should
-        change, too.</dd>
+        <dd>
+          <p>Assume again that we have recently renamed the page
+          <code>bar.html</code> to <code>foo.html</code> and now want
+          to provide the old URL for backward compatibility. But this
+          time we want that the users of the old URL get hinted to
+          the new one, i.e. their browsers Location field should
+          change, too.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We force a HTTP redirect to the new URL which leads to a
-          change of the browsers and thus the users view: 
+          <p>We force a HTTP redirect to the new URL which leads to a
+          change of the browsers and thus the users view:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine  on
 RewriteBase    /~quux/
 RewriteRule    ^<strong>foo</strong>\.html$  <strong>bar</strong>.html  [<strong>R</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Browser Dependent Content</h2>
+    </section>
+
+    <section>
+
+      <title>Browser Dependent Content</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>At least for important top-level pages it is sometimes
-        necessary to provide the optimum of browser dependent
-        content, i.e. one has to provide a maximum version for the
-        latest Netscape variants, a minimum version for the Lynx
-        browsers and a average feature version for all others.</dd>
+        <dd>
+          <p>At least for important top-level pages it is sometimes
+          necessary to provide the optimum of browser dependent
+          content, i.e. one has to provide a maximum version for the
+          latest Netscape variants, a minimum version for the Lynx
+          browsers and a average feature version for all others.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We cannot use content negotiation because the browsers do
+          <p>We cannot use content negotiation because the browsers do
           not provide their type in that form. Instead we have to
           act on the HTTP header "User-Agent". The following condig
           does the following: If the HTTP header "User-Agent"
@@ -1115,13 +1070,9 @@ RewriteRule    ^<strong>foo</strong>\.html$  <strong>bar</strong>.html  [<strong
           rewriting stops. If the browser is "Lynx" or "Mozilla" of
           version 1 or 2 the URL becomes <code>foo.20.html</code>.
           All other browsers receive page <code>foo.32.html</code>.
-          This is done by the following ruleset: 
+          This is done by the following ruleset:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteCond %{HTTP_USER_AGENT}  ^<strong>Mozilla/3</strong>.*
 RewriteRule ^foo\.html$         foo.<strong>NS</strong>.html          [<strong>L</strong>]
 
@@ -1130,67 +1081,61 @@ RewriteCond %{HTTP_USER_AGENT}  ^<strong>Mozilla/[12]</strong>.*
 RewriteRule ^foo\.html$         foo.<strong>20</strong>.html          [<strong>L</strong>]
 
 RewriteRule ^foo\.html$         foo.<strong>32</strong>.html          [<strong>L</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Dynamic Mirror</h2>
+    </section>
+
+    <section>
+
+      <title>Dynamic Mirror</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Assume there are nice webpages on remote hosts we want
-        to bring into our namespace. For FTP servers we would use
-        the <code>mirror</code> program which actually maintains an
-        explicit up-to-date copy of the remote data on the local
-        machine. For a webserver we could use the program
-        <code>webcopy</code> which acts similar via HTTP. But both
-        techniques have one major drawback: The local copy is
-        always just as up-to-date as often we run the program. It
-        would be much better if the mirror is not a static one we
-        have to establish explicitly. Instead we want a dynamic
-        mirror with data which gets updated automatically when
-        there is need (updated data on the remote host).</dd>
+        <dd>
+          <p>Assume there are nice webpages on remote hosts we want
+          to bring into our namespace. For FTP servers we would use
+          the <code>mirror</code> program which actually maintains an
+          explicit up-to-date copy of the remote data on the local
+          machine. For a webserver we could use the program
+          <code>webcopy</code> which acts similar via HTTP. But both
+          techniques have one major drawback: The local copy is
+          always just as up-to-date as often we run the program. It
+          would be much better if the mirror is not a static one we
+          have to establish explicitly. Instead we want a dynamic
+          mirror with data which gets updated automatically when
+          there is need (updated data on the remote host).</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          To provide this feature we map the remote webpage or even
+          <p>To provide this feature we map the remote webpage or even
           the complete remote webarea to our namespace by the use
-          of the <i>Proxy Throughput</i> feature (flag [P]): 
+          of the <i>Proxy Throughput</i> feature
+          (flag <code>[P]</code>):</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine  on
 RewriteBase    /~quux/
 RewriteRule    ^<strong>hotsheet/</strong>(.*)$  <strong>http://www.tstimpreso.com/hotsheet/</strong>$1  [<strong>P</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+</pre></example>
+
+<example><pre>
 RewriteEngine  on
 RewriteBase    /~quux/
 RewriteRule    ^<strong>usa-news\.html</strong>$   <strong>http://www.quux-corp.com/news/index.html</strong>  [<strong>P</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Reverse Dynamic Mirror</h2>
+    </section>
+
+    <section>
+
+      <title>Reverse Dynamic Mirror</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
@@ -1200,125 +1145,105 @@ RewriteRule    ^<strong>usa-news\.html</strong>$   <strong>http://www.quux-corp.
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
-RewriteCond   /mirror/of/remotesite/$1           -U 
+RewriteCond   /mirror/of/remotesite/$1           -U
 RewriteRule   ^http://www\.remotesite\.com/(.*)$ /mirror/of/remotesite/$1
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Retrieve Missing Data from Intranet</h2>
+    </section>
+
+    <section>
+
+      <title>Retrieve Missing Data from Intranet</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>This is a tricky way of virtually running a corporate
-        (external) Internet webserver
-        (<code>www.quux-corp.dom</code>), while actually keeping
-        and maintaining its data on a (internal) Intranet webserver
-        (<code>www2.quux-corp.dom</code>) which is protected by a
-        firewall. The trick is that on the external webserver we
-        retrieve the requested data on-the-fly from the internal
-        one.</dd>
+        <dd>
+          <p>This is a tricky way of virtually running a corporate
+          (external) Internet webserver
+          (<code>www.quux-corp.dom</code>), while actually keeping
+          and maintaining its data on a (internal) Intranet webserver
+          (<code>www2.quux-corp.dom</code>) which is protected by a
+          firewall. The trick is that on the external webserver we
+          retrieve the requested data on-the-fly from the internal
+          one.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          First, we have to make sure that our firewall still
+          <p>First, we have to make sure that our firewall still
           protects the internal webserver and that only the
           external webserver is allowed to retrieve data from it.
           For a packet-filtering firewall we could for instance
-          configure a firewall ruleset like the following: 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-<strong>ALLOW</strong> Host www.quux-corp.dom Port &gt;1024 --&gt; Host www2.quux-corp.dom Port <strong>80</strong>  
+          configure a firewall ruleset like the following:</p>
+
+<example><pre>
+<strong>ALLOW</strong> Host www.quux-corp.dom Port &gt;1024 --&gt; Host www2.quux-corp.dom Port <strong>80</strong>
 <strong>DENY</strong>  Host *                 Port *     --&gt; Host www2.quux-corp.dom Port <strong>80</strong>
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>Just adjust it to your actual configuration syntax.
-          Now we can establish the mod_rewrite rules which request
-          the missing data in the background through the proxy
-          throughput feature:</p>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+          Now we can establish the <module>mod_rewrite</module>
+          rules which request the missing data in the background
+          through the proxy throughput feature:</p>
+
+<example><pre>
 RewriteRule ^/~([^/]+)/?(.*)          /home/$1/.www/$2
 RewriteCond %{REQUEST_FILENAME}       <strong>!-f</strong>
 RewriteCond %{REQUEST_FILENAME}       <strong>!-d</strong>
 RewriteRule ^/home/([^/]+)/.www/?(.*) http://<strong>www2</strong>.quux-corp.dom/~$1/pub/$2 [<strong>P</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Load Balancing</h2>
+    </section>
+
+    <section>
+
+      <title>Load Balancing</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Suppose we want to load balance the traffic to
-        <code>www.foo.com</code> over <code>www[0-5].foo.com</code>
-        (a total of 6 servers). How can this be done?</dd>
+        <dd>
+          <p>Suppose we want to load balance the traffic to
+          <code>www.foo.com</code> over <code>www[0-5].foo.com</code>
+          (a total of 6 servers). How can this be done?</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          There are a lot of possible solutions for this problem.
+          <p>There are a lot of possible solutions for this problem.
           We will discuss first a commonly known DNS-based variant
-          and then the special one with mod_rewrite: 
+          and then the special one with <module>mod_rewrite</module>:</p>
 
           <ol>
             <li>
-              <strong>DNS Round-Robin</strong> 
+              <strong>DNS Round-Robin</strong>
 
               <p>The simplest method for load-balancing is to use
-              the DNS round-robin feature of BIND. Here you just
-              configure <code>www[0-9].foo.com</code> as usual in
-              your DNS with A(address) records, e.g.</p>
-
-              <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-              cellpadding="5">
-                <tr>
-                  <td>
-<pre>
+              the DNS round-robin feature of <code>BIND</code>.
+              Here you just configure <code>www[0-9].foo.com</code>
+              as usual in your DNS with A(address) records, e.g.</p>
+
+<example><pre>
 www0   IN  A       1.2.3.1
 www1   IN  A       1.2.3.2
 www2   IN  A       1.2.3.3
 www3   IN  A       1.2.3.4
 www4   IN  A       1.2.3.5
 www5   IN  A       1.2.3.6
-</pre>
-                  </td>
-                </tr>
-              </table>
+</pre></example>
 
               <p>Then you additionally add the following entry:</p>
 
-              <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-              cellpadding="5">
-                <tr>
-                  <td>
-<pre>
+<example><pre>
 www    IN  CNAME   www0.foo.com.
        IN  CNAME   www1.foo.com.
        IN  CNAME   www2.foo.com.
@@ -1326,16 +1251,13 @@ www    IN  CNAME   www0.foo.com.
        IN  CNAME   www4.foo.com.
        IN  CNAME   www5.foo.com.
        IN  CNAME   www6.foo.com.
-</pre>
-                  </td>
-                </tr>
-              </table>
+</pre></example>
 
               <p>Notice that this seems wrong, but is actually an
-              intended feature of BIND and can be used in this way.
-              However, now when <code>www.foo.com</code> gets
-              resolved, BIND gives out <code>www0-www6</code> - but
-              in a slightly permutated/rotated order every time.
+              intended feature of <code>BIND</code> and can be used
+              in this way. However, now when <code>www.foo.com</code> gets
+              resolved, <code>BIND</code> gives out <code>www0-www6</code>
+              - but in a slightly permutated/rotated order every time.
               This way the clients are spread over the various
               servers. But notice that this not a perfect load
               balancing scheme, because DNS resolve information
@@ -1349,7 +1271,7 @@ www    IN  CNAME   www0.foo.com.
             </li>
 
             <li>
-              <strong>DNS Load-Balancing</strong> 
+              <strong>DNS Load-Balancing</strong>
 
               <p>A sophisticated DNS-based method for
               load-balancing is to use the program
@@ -1362,23 +1284,16 @@ www    IN  CNAME   www0.foo.com.
             </li>
 
             <li>
-              <strong>Proxy Throughput Round-Robin</strong> 
+              <strong>Proxy Throughput Round-Robin</strong>
 
-              <p>In this variant we use mod_rewrite and its proxy
-              throughput feature. First we dedicate
+              <p>In this variant we use <module>mod_rewrite</module>
+              and its proxy throughput feature. First we dedicate
               <code>www0.foo.com</code> to be actually
               <code>www.foo.com</code> by using a single</p>
 
-              <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-              cellpadding="5">
-                <tr>
-                  <td>
-<pre>
+<example><pre>
 www    IN  CNAME   www0.foo.com.
-</pre>
-                  </td>
-                </tr>
-              </table>
+</pre></example>
 
               <p>entry in the DNS. Then we convert
               <code>www0.foo.com</code> to a proxy-only server,
@@ -1389,26 +1304,15 @@ www    IN  CNAME   www0.foo.com.
               contacts a load balancing script <code>lb.pl</code>
               for all URLs.</p>
 
-              <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-              cellpadding="5">
-                <tr>
-                  <td>
-<pre>
+<example><pre>
 RewriteEngine on
 RewriteMap    lb      prg:/path/to/lb.pl
 RewriteRule   ^/(.+)$ ${lb:$1}           [P,L]
-</pre>
-                  </td>
-                </tr>
-              </table>
+</pre></example>
 
               <p>Then we write <code>lb.pl</code>:</p>
 
-              <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-              cellpadding="5">
-                <tr>
-                  <td>
-<pre>
+<example><pre>
 #!/path/to/perl
 ##
 ##  lb.pl -- load balancing script
@@ -1417,7 +1321,7 @@ RewriteRule   ^/(.+)$ ${lb:$1}           [P,L]
 $| = 1;
 
 $name   = "www";     # the hostname base
-$first  = 1;         # the first server (not 0 here, because 0 is myself) 
+$first  = 1;         # the first server (not 0 here, because 0 is myself)
 $last   = 5;         # the last server in the round-robin
 $domain = "foo.dom"; # the domainname
 
@@ -1429,21 +1333,18 @@ while (&lt;STDIN&gt;) {
 }
 
 ##EOF##
-</pre>
-                  </td>
-                </tr>
-              </table>
+</pre></example>
 
-              <p>A last notice: Why is this useful? Seems like
+              <note>A last notice: Why is this useful? Seems like
               <code>www0.foo.com</code> still is overloaded? The
               answer is yes, it is overloaded, but with plain proxy
               throughput requests, only! All SSI, CGI, ePerl, etc.
               processing is completely done on the other machines.
-              This is the essential point.</p>
+              This is the essential point.</note>
             </li>
 
             <li>
-              <strong>Hardware/TCP Round-Robin</strong> 
+              <strong>Hardware/TCP Round-Robin</strong>
 
               <p>There is a hardware solution available, too. Cisco
               has a beast called LocalDirector which does a load
@@ -1456,7 +1357,11 @@ while (&lt;STDIN&gt;) {
         </dd>
       </dl>
 
-      <h2>Reverse Proxy</h2>
+    </section>
+
+    <section>
+
+      <title>Reverse Proxy</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
@@ -1466,11 +1371,7 @@ while (&lt;STDIN&gt;) {
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 ##
 ##  apache-rproxy.conf -- Apache configuration for Reverse Proxy Usage
 ##
@@ -1534,13 +1435,13 @@ RewriteRule    ^(http|ftp)://.*          -  [F]
 
 #   now choose the possible servers for particular URL types
 RewriteRule    ^/(.*\.(cgi|shtml))$  to://${server:dynamic}/$1  [S=1]
-RewriteRule    ^/(.*)$               to://${server:static}/$1  
+RewriteRule    ^/(.*)$               to://${server:static}/$1
 
-#   and delegate the generated URL by passing it 
+#   and delegate the generated URL by passing it
 #   through the proxy module
 RewriteRule    ^to://([^/]+)/(.*)    http://$1/$2   [E=SERVER:$1,P,L]
 
-#   and make really sure all other stuff is forbidden 
+#   and make really sure all other stuff is forbidden
 #   when it should survive the above rules...
 RewriteRule    .*                    -              [F]
 
@@ -1555,16 +1456,9 @@ ProxyPassReverse  /  http://www3.foo.dom/
 ProxyPassReverse  /  http://www4.foo.dom/
 ProxyPassReverse  /  http://www5.foo.dom/
 ProxyPassReverse  /  http://www6.foo.dom/
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+</pre></example>
+
+<example><pre>
 ##
 ##  apache-rproxy.conf-servers -- Apache/mod_rewrite selection table
 ##
@@ -1573,49 +1467,43 @@ ProxyPassReverse  /  http://www6.foo.dom/
 #   pages (HTML files and Images, etc.)
 static    www1.foo.dom|www2.foo.dom|www3.foo.dom|www4.foo.dom
 
-#   list of backend servers which serve dynamically 
+#   list of backend servers which serve dynamically
 #   generated page (CGI programs or mod_perl scripts)
 dynamic   www5.foo.dom|www6.foo.dom
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>New MIME-type, New Service</h2>
+    </section>
+
+    <section>
+
+      <title>New MIME-type, New Service</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
         <dd>
-          On the net there are a lot of nifty CGI programs. But
+          <p>On the net there are a lot of nifty CGI programs. But
           their usage is usually boring, so a lot of webmaster
           don't use them. Even Apache's Action handler feature for
           MIME-types is only appropriate when the CGI programs
-          don't need special URLs (actually PATH_INFO and
-          QUERY_STRINGS) as their input. First, let us configure a
-          new file type with extension <code>.scgi</code> (for
-          secure CGI) which will be processed by the popular
-          <code>cgiwrap</code> program. The problem here is that
-          for instance we use a Homogeneous URL Layout (see above)
-          a file inside the user homedirs has the URL
+          don't need special URLs (actually <code>PATH_INFO</code>
+          and <code>QUERY_STRINGS</code>) as their input. First,
+          let us configure a new file type with extension
+          <code>.scgi</code> (for secure CGI) which will be processed
+          by the popular <code>cgiwrap</code> program. The problem
+          here is that for instance we use a Homogeneous URL Layout
+          (see above) a file inside the user homedirs has the URL
           <code>/u/user/foo/bar.scgi</code>. But
           <code>cgiwrap</code> needs the URL in the form
           <code>/~user/foo/bar.scgi/</code>. The following rule
-          solves the problem: 
+          solves the problem:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteRule ^/[uge]/<strong>([^/]+)</strong>/\.www/(.+)\.scgi(.*) ...
 ... /internal/cgi/user/cgiwrap/~<strong>$1</strong>/$2.scgi$3  [NS,<strong>T=application/x-http-cgi</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>Or assume we have some more nifty programs:
           <code>wwwlog</code> (which displays the
@@ -1627,9 +1515,10 @@ RewriteRule ^/[uge]/<strong>([^/]+)</strong>/\.www/(.+)\.scgi(.*) ...
           still requested from that areas, i.e. typically we would
           run the <code>swwidx</code> program from within
           <code>/u/user/foo/</code> via hyperlink to</p>
-<pre>
+
+<example><pre>
 /internal/cgi/user/swwidx?i=/u/user/foo/
-</pre>
+</pre></example>
 
           <p>which is ugly. Because we have to hard-code
           <strong>both</strong> the location of the area
@@ -1641,32 +1530,27 @@ RewriteRule ^/[uge]/<strong>([^/]+)</strong>/\.www/(.+)\.scgi(.*) ...
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          The solution here is to provide a special new URL format
+          <p>The solution here is to provide a special new URL format
           which automatically leads to the proper CGI invocation.
-          We configure the following: 
+          We configure the following:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteRule   ^/([uge])/([^/]+)(/?.*)/\*  /internal/cgi/user/wwwidx?i=/$1/$2$3/
 RewriteRule   ^/([uge])/([^/]+)(/?.*):log /internal/cgi/user/wwwlog?f=/$1/$2$3
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>Now the hyperlink to search at
           <code>/u/user/foo/</code> reads only</p>
-<pre>
+
+<example><pre>
 HREF="*"
-</pre>
+</pre></example>
 
           <p>which internally gets automatically transformed to</p>
-<pre>
+
+<example><pre>
 /internal/cgi/user/wwwidx?i=/u/user/foo/
-</pre>
+</pre></example>
 
           <p>The same approach leads to an invocation for the
           access log CGI program when the hyperlink
@@ -1674,76 +1558,74 @@ HREF="*"
         </dd>
       </dl>
 
-      <h2>From Static to Dynamic</h2>
+    </section>
+
+    <section>
+
+      <title>From Static to Dynamic</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>How can we transform a static page
-        <code>foo.html</code> into a dynamic variant
-        <code>foo.cgi</code> in a seamless way, i.e. without notice
-        by the browser/user.</dd>
+        <dd>
+          <p>How can we transform a static page
+          <code>foo.html</code> into a dynamic variant
+          <code>foo.cgi</code> in a seamless way, i.e. without notice
+          by the browser/user.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We just rewrite the URL to the CGI-script and force the
+          <p>We just rewrite the URL to the CGI-script and force the
           correct MIME-type so it gets really run as a CGI-script.
           This way a request to <code>/~quux/foo.html</code>
           internally leads to the invocation of
-          <code>/~quux/foo.cgi</code>. 
+          <code>/~quux/foo.cgi</code>.</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine  on
 RewriteBase    /~quux/
 RewriteRule    ^foo\.<strong>html</strong>$  foo.<strong>cgi</strong>  [T=<strong>application/x-httpd-cgi</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>On-the-fly Content-Regeneration</h2>
+    </section>
+
+    <section>
+
+      <title>On-the-fly Content-Regeneration</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Here comes a really esoteric feature: Dynamically
-        generated but statically served pages, i.e. pages should be
-        delivered as pure static pages (read from the filesystem
-        and just passed through), but they have to be generated
-        dynamically by the webserver if missing. This way you can
-        have CGI-generated pages which are statically served unless
-        one (or a cronjob) removes the static contents. Then the
-        contents gets refreshed.</dd>
+        <dd>
+          <p>Here comes a really esoteric feature: Dynamically
+          generated but statically served pages, i.e. pages should be
+          delivered as pure static pages (read from the filesystem
+          and just passed through), but they have to be generated
+          dynamically by the webserver if missing. This way you can
+          have CGI-generated pages which are statically served unless
+          one (or a cronjob) removes the static contents. Then the
+          contents gets refreshed.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          This is done via the following ruleset: 
+          This is done via the following ruleset:
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteCond %{REQUEST_FILENAME}   <strong>!-s</strong>
 RewriteRule ^page\.<strong>html</strong>$          page.<strong>cgi</strong>   [T=application/x-httpd-cgi,L]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>Here a request to <code>page.html</code> leads to a
           internal run of a corresponding <code>page.cgi</code> if
           <code>page.html</code> is still missing or has filesize
           null. The trick here is that <code>page.cgi</code> is a
-          usual CGI script which (additionally to its STDOUT)
+          usual CGI script which (additionally to its <code>STDOUT</code>)
           writes its output to the file <code>page.html</code>.
           Once it was run, the server sends out the data of
           <code>page.html</code>. When the webmaster wants to force
@@ -1752,55 +1634,57 @@ RewriteRule ^page\.<strong>html</strong>$          page.<strong>cgi</strong>   [
         </dd>
       </dl>
 
-      <h2>Document With Autorefresh</h2>
+    </section>
+
+    <section>
+
+      <title>Document With Autorefresh</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Wouldn't it be nice while creating a complex webpage if
-        the webbrowser would automatically refresh the page every
-        time we write a new version from within our editor?
-        Impossible?</dd>
+        <dd>
+          <p>Wouldn't it be nice while creating a complex webpage if
+          the webbrowser would automatically refresh the page every
+          time we write a new version from within our editor?
+          Impossible?</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          No! We just combine the MIME multipart feature, the
+          <p>No! We just combine the MIME multipart feature, the
           webserver NPH feature and the URL manipulation power of
-          mod_rewrite. First, we establish a new URL feature:
-          Adding just <code>:refresh</code> to any URL causes this
-          to be refreshed every time it gets updated on the
-          filesystem. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+          <module>mod_rewrite</module>. First, we establish a new
+          URL feature: Adding just <code>:refresh</code> to any
+          URL causes this to be refreshed every time it gets
+          updated on the filesystem.</p>
+
+<example><pre>
 RewriteRule   ^(/[uge]/[^/]+/?.*):refresh  /internal/cgi/apache/nph-refresh?f=$1
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>Now when we reference the URL</p>
-<pre>
+
+<example><pre>
 /u/foo/bar/page.html:refresh
-</pre>
+</pre></example>
 
           <p>this leads to the internal invocation of the URL</p>
-<pre>
+
+<example><pre>
 /internal/cgi/apache/nph-refresh?f=/u/foo/bar/page.html
-</pre>
+</pre></example>
 
           <p>The only missing part is the NPH-CGI script. Although
           one would usually say "left as an exercise to the reader"
           ;-) I will provide this, too.</p>
-<pre>
+
+<example><pre>
 #!/sw/bin/perl
 ##
 ##  nph-refresh -- NPH/CGI script for auto refreshing pages
-##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved. 
+##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved.
 ##
 $| = 1;
 
@@ -1898,50 +1782,46 @@ for ($n = 0; $n &amp;lt; $QS_n; $n++) {
 exit(0);
 
 ##EOF##
-</pre>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Mass Virtual Hosting</h2>
+    </section>
+
+    <section>
+
+      <title>Mass Virtual Hosting</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>The <code>&lt;VirtualHost&gt;</code> feature of Apache
-        is nice and works great when you just have a few dozens
-        virtual hosts. But when you are an ISP and have hundreds of
-        virtual hosts to provide this feature is not the best
-        choice.</dd>
+        <dd>
+          <p>The <directive type="section" module="core"
+          >VirtualHost</directive> feature of Apache is nice
+          and works great when you just have a few dozens
+          virtual hosts. But when you are an ISP and have hundreds of
+          virtual hosts to provide this feature is not the best
+          choice.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          To provide this feature we map the remote webpage or even
+          <p>To provide this feature we map the remote webpage or even
           the complete remote webarea to our namespace by the use
-          of the <i>Proxy Throughput</i> feature (flag [P]): 
+          of the <i>Proxy Throughput</i> feature (flag <code>[P]</code>):</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
+##
+##  vhost.map
 ##
-##  vhost.map 
-## 
 www.vhost1.dom:80  /path/to/docroot/vhost1
 www.vhost2.dom:80  /path/to/docroot/vhost2
      :
 www.vhostN.dom:80  /path/to/docroot/vhostN
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+</pre></example>
+
+<example><pre>
 ##
 ##  httpd.conf
 ##
@@ -1973,7 +1853,7 @@ RewriteCond   %{REQUEST_URL}  !^/commonurl2/.*
 RewriteCond   %{REQUEST_URL}  !^/commonurlN/.*
 #
 #   2. make sure we have a Host header, because
-#      currently our approach only supports 
+#      currently our approach only supports
 #      virtual hosting through this header
 RewriteCond   %{HTTP_HOST}  !^$
 #
@@ -1981,38 +1861,45 @@ RewriteCond   %{HTTP_HOST}  !^$
 RewriteCond   ${lowercase:%{HTTP_HOST}|NONE}  ^(.+)$
 #
 #   4. lookup this hostname in vhost.map and
-#      remember it only when it is a path 
+#      remember it only when it is a path
 #      (and not "NONE" from above)
 RewriteCond   ${vhost:%1}  ^(/.*)$
 #
-#   5. finally we can map the URL to its docroot location 
+#   5. finally we can map the URL to its docroot location
 #      and remember the virtual host for logging puposes
 RewriteRule   ^/(.*)$   %1/$1  [E=VHOST:${lowercase:%{HTTP_HOST}}]
-    : 
-</pre>
-              </td>
-            </tr>
-          </table>
+    :
+</pre></example>
         </dd>
       </dl>
 
-      <h1>Access Restriction</h1>
+    </section>
+
+  </section>
+
+  <section id="access">
 
-      <h2>Blocking of Robots</h2>
+    <title>Access Restriction</title>
+
+    <section>
+
+      <title>Blocking of Robots</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>How can we block a really annoying robot from
-        retrieving pages of a specific webarea? A
-        <code>/robots.txt</code> file containing entries of the
-        "Robot Exclusion Protocol" is typically not enough to get
-        rid of such a robot.</dd>
+        <dd>
+          <p>How can we block a really annoying robot from
+          retrieving pages of a specific webarea? A
+          <code>/robots.txt</code> file containing entries of the
+          "Robot Exclusion Protocol" is typically not enough to get
+          rid of such a robot.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We use a ruleset which forbids the URLs of the webarea
+          <p>We use a ruleset which forbids the URLs of the webarea
           <code>/~quux/foo/arc/</code> (perhaps a very deep
           directory indexed area where the robot traversal would
           create big server load). We have to make sure that we
@@ -2020,123 +1907,96 @@ RewriteRule   ^/(.*)$   %1/$1  [E=VHOST:${lowercase:%{HTTP_HOST}}]
           forbidding the host where the robot runs is not enough.
           This would block users from this host, too. We accomplish
           this by also matching the User-Agent HTTP header
-          information. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{HTTP_USER_AGENT}   ^<strong>NameOfBadRobot</strong>.*      
+          information.</p>
+
+<example><pre>
+RewriteCond %{HTTP_USER_AGENT}   ^<strong>NameOfBadRobot</strong>.*
 RewriteCond %{REMOTE_ADDR}       ^<strong>123\.45\.67\.[8-9]</strong>$
 RewriteRule ^<strong>/~quux/foo/arc/</strong>.+   -   [<strong>F</strong>]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Blocked Inline-Images</h2>
+    </section>
+
+    <section>
+
+      <title>Blocked Inline-Images</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Assume we have under http://www.quux-corp.de/~quux/
-        some pages with inlined GIF graphics. These graphics are
-        nice, so others directly incorporate them via hyperlinks to
-        their pages. We don't like this practice because it adds
-        useless traffic to our server.</dd>
+        <dd>
+          <p>Assume we have under <code>http://www.quux-corp.de/~quux/</code>
+          some pages with inlined GIF graphics. These graphics are
+          nice, so others directly incorporate them via hyperlinks to
+          their pages. We don't like this practice because it adds
+          useless traffic to our server.</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          While we cannot 100% protect the images from inclusion,
+          <p>While we cannot 100% protect the images from inclusion,
           we can at least restrict the cases where the browser
-          sends a HTTP Referer header. 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{HTTP_REFERER} <strong>!^$</strong>                                  
+          sends a HTTP Referer header.</p>
+
+<example><pre>
+RewriteCond %{HTTP_REFERER} <strong>!^$</strong>
 RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
 RewriteRule <strong>.*\.gif$</strong>        -                                    [F]
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{HTTP_REFERER}         !^$                                  
+</pre></example>
+
+<example><pre>
+RewriteCond %{HTTP_REFERER}         !^$
 RewriteCond %{HTTP_REFERER}         !.*/foo-with-gif\.html$
 RewriteRule <strong>^inlined-in-foo\.gif$</strong>   -                        [F]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Host Deny</h2>
+    </section>
+
+    <section>
+
+      <title>Host Deny</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>How can we forbid a list of externally configured hosts
-        from using our server?</dd>
+        <dd>
+          <p>How can we forbid a list of externally configured hosts
+          from using our server?</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          For Apache &gt;= 1.3b6: 
+          <p>For Apache &gt;= 1.3b6:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
 RewriteMap    hosts-deny  txt:/path/to/hosts.deny
 RewriteCond   ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]
 RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND
 RewriteRule   ^/.*  -  [F]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>For Apache &lt;= 1.3b6:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteEngine on
 RewriteMap    hosts-deny  txt:/path/to/hosts.deny
 RewriteRule   ^/(.*)$ ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND}/$1
 RewriteRule   !^NOT-FOUND/.* - [F]
-RewriteRule   ^NOT-FOUND/(.*)$ ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}/$1 
+RewriteRule   ^NOT-FOUND/(.*)$ ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}/$1
 RewriteRule   !^NOT-FOUND/.* - [F]
 RewriteRule   ^NOT-FOUND/(.*)$ /$1
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+</pre></example>
+
+<example><pre>
 ##
-##  hosts.deny 
+##  hosts.deny
 ##
 ##  ATTENTION! This is a map, not a list, even when we treat it as such.
 ##             mod_rewrite parses it for key/value pairs, so at least a
@@ -2146,110 +2006,100 @@ RewriteRule   ^NOT-FOUND/(.*)$ /$1
 193.102.180.41 -
 bsdti1.sdm.de  -
 192.76.162.40  -
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Proxy Deny</h2>
+    </section>
+
+    <section>
+
+      <title>Proxy Deny</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>How can we forbid a certain host or even a user of a
-        special host from using the Apache proxy?</dd>
+        <dd>
+          <p>How can we forbid a certain host or even a user of a
+          special host from using the Apache proxy?</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We first have to make sure mod_rewrite is below(!)
-          mod_proxy in the <code>Configuration</code> file when
-          compiling the Apache webserver. This way it gets called
-          _before_ mod_proxy. Then we configure the following for a
-          host-dependent deny... 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{REMOTE_HOST} <strong>^badhost\.mydomain\.com$</strong> 
+          <p>We first have to make sure <module>mod_rewrite</module>
+          is below(!) <module>mod_proxy</module> in the Configuration
+          file when compiling the Apache webserver. This way it gets
+          called <em>before</em> <module>mod_proxy</module>. Then we
+          configure the following for a host-dependent deny...</p>
+
+<example><pre>
+RewriteCond %{REMOTE_HOST} <strong>^badhost\.mydomain\.com$</strong>
 RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>...and this one for a user@host-dependent deny:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST}  <strong>^badguy@badhost\.mydomain\.com$</strong>
 RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Special Authentication Variant</h2>
+    </section>
+
+    <section>
+
+      <title>Special Authentication Variant</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>Sometimes a very special authentication is needed, for
-        instance a authentication which checks for a set of
-        explicitly configured users. Only these should receive
-        access and without explicit prompting (which would occur
-        when using the Basic Auth via mod_access).</dd>
+        <dd>
+          <p>Sometimes a very special authentication is needed, for
+          instance a authentication which checks for a set of
+          explicitly configured users. Only these should receive
+          access and without explicit prompting (which would occur
+          when using the Basic Auth via <module>mod_access</module>).</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          We use a list of rewrite conditions to exclude all except
-          our friends: 
+          <p>We use a list of rewrite conditions to exclude all except
+          our friends:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
-RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend1@client1.quux-corp\.com$</strong> 
-RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend2</strong>@client2.quux-corp\.com$ 
-RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend3</strong>@client3.quux-corp\.com$ 
+<example><pre>
+RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend1@client1.quux-corp\.com$</strong>
+RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend2</strong>@client2.quux-corp\.com$
+RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} <strong>!^friend3</strong>@client3.quux-corp\.com$
 RewriteRule ^/~quux/only-for-friends/      -                                 [F]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
         </dd>
       </dl>
 
-      <h2>Referer-based Deflector</h2>
+    </section>
+
+    <section>
+
+      <title>Referer-based Deflector</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>How can we program a flexible URL Deflector which acts
-        on the "Referer" HTTP header and can be configured with as
-        many referring pages as we like?</dd>
+        <dd>
+          <p>How can we program a flexible URL Deflector which acts
+          on the "Referer" HTTP header and can be configured with as
+          many referring pages as we like?</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          Use the following really tricky ruleset... 
+          <p>Use the following really tricky ruleset...</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 RewriteMap  deflector txt:/path/to/deflector.map
 
 RewriteCond %{HTTP_REFERER} !=""
@@ -2259,19 +2109,12 @@ RewriteRule ^.* %{HTTP_REFERER} [R,L]
 RewriteCond %{HTTP_REFERER} !=""
 RewriteCond ${deflector:%{HTTP_REFERER}|NOT-FOUND} !=NOT-FOUND
 RewriteRule ^.* ${deflector:%{HTTP_REFERER}} [R,L]
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>... in conjunction with a corresponding rewrite
           map:</p>
 
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+<example><pre>
 ##
 ##  deflector.map
 ##
@@ -2279,58 +2122,57 @@ RewriteRule ^.* ${deflector:%{HTTP_REFERER}} [R,L]
 http://www.badguys.com/bad/index.html    -
 http://www.badguys.com/bad/index2.html   -
 http://www.badguys.com/bad/index3.html   http://somewhere.com/
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>This automatically redirects the request back to the
-          referring page (when "-" is used as the value in the map)
-          or to a specific URL (when an URL is specified in the map
-          as the second argument).</p>
+          referring page (when "<code>-</code>" is used as the value
+          in the map) or to a specific URL (when an URL is specified
+          in the map as the second argument).</p>
         </dd>
       </dl>
 
-      <h1>Other</h1>
+    </section>
+
+  </section>
+
+  <section id="other">
 
-      <h2>External Rewriting Engine</h2>
+    <title>Other</title>
+
+    <section>
+
+      <title>External Rewriting Engine</title>
 
       <dl>
         <dt><strong>Description:</strong></dt>
 
-        <dd>A FAQ: How can we solve the FOO/BAR/QUUX/etc. problem?
-        There seems no solution by the use of mod_rewrite...</dd>
+        <dd>
+          <p>A FAQ: How can we solve the FOO/BAR/QUUX/etc.
+          problem? There seems no solution by the use of
+          <module>mod_rewrite</module>...</p>
+        </dd>
 
         <dt><strong>Solution:</strong></dt>
 
         <dd>
-          Use an external rewrite map, i.e. a program which acts
-          like a rewrite map. It is run once on startup of Apache
-          receives the requested URLs on STDIN and has to put the
-          resulting (usually rewritten) URL on STDOUT (same
-          order!). 
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+          <p>Use an external <directive module="mod_rewrite"
+          >RewriteMap</directive>, i.e. a program which acts
+          like a <directive module="mod_rewrite"
+          >RewriteMap</directive>. It is run once on startup of Apache
+          receives the requested URLs on <code>STDIN</code> and has
+          to put the resulting (usually rewritten) URL on
+          <code>STDOUT</code> (same order!).</p>
+
+<example><pre>
 RewriteEngine on
 RewriteMap    quux-map       <strong>prg:</strong>/path/to/map.quux.pl
 RewriteRule   ^/~quux/(.*)$  /~quux/<strong>${quux-map:$1}</strong>
-</pre>
-              </td>
-            </tr>
-          </table>
-
-          <table bgcolor="#E0E5F5" border="0" cellspacing="0"
-          cellpadding="5">
-            <tr>
-              <td>
-<pre>
+</pre></example>
+
+<example><pre>
 #!/path/to/perl
 
-#   disable buffered I/O which would lead 
+#   disable buffered I/O which would lead
 #   to deadloops for the Apache server
 $| = 1;
 
@@ -2340,10 +2182,7 @@ while (&lt;&gt;) {
     s|^foo/|bar/|;
     print $_;
 }
-</pre>
-              </td>
-            </tr>
-          </table>
+</pre></example>
 
           <p>This is a demonstration-only example and just rewrites
           all URLs <code>/~quux/foo/...</code> to
@@ -2353,8 +2192,10 @@ while (&lt;&gt;) {
           system administrator can <strong>define</strong> it.</p>
         </dd>
       </dl>
-      <!--#include virtual="footer.html" -->
-    </blockquote>
-  </body>
-</html>
+
+    </section>
+
+  </section>
+
+</manualpage>