Increase the number of open FDs we look to close when spawning apps.

[mod_fastcgi.git] / docs / mod_fastcgi.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<!-- $Id: mod_fastcgi.html,v 1.16 2000/05/22 12:43:44 robs Exp $ -->

<head>
<title>Apache module mod_fastcgi</title>
</head>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->

<body BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#000080" ALINK="#FF0000">

<p align="center"><img SRC="http://www.apache.org/docs/images/sub.gif"
ALT="[APACHE FEATHER BANNER]" width="500" height="62"> </p>

<h1 ALIGN="CENTER">Module mod_fastcgi</h1>

<p>This 3<sup>rd</sup> party module provides support for the FastCGI protocol. &nbsp;
FastCGI is a language independent, scalable, open extension to CGI that provides high
performance and persistence without the limitations of server specific APIs.</p>

<p>FastCGI applications are not limited to a particular development language (the protocol
is open).&nbsp; FastCGI application libraries currently exist for Perl, C/C++, Java, Python,
and TCL.</p>

<p>FastCGI applications use (TCP or Unix) sockets to communicate with the web server.
&nbsp;This scalable architecture allows applications to run on the same platform as the
web server or on many machines scattered across an enterprise network.</p>

<p>FastCGI applications are portable to other web server platforms.&nbsp; FastCGI is
supported either directly or through commercial extensions by most popular web servers.</p>

<p>FastCGI applications are fast because they're persistent.&nbsp; There is no per-request
startup and initialization overhead.&nbsp; This makes possible the development of
applications which would otherwise be impractical within the CGI paradigm (e.g. a huge
Perl script, or an application which requires a connection to one or more databases).
&nbsp; </p>

<p>For more information on FastCGI, go to the <a HREF="http://www.FastCGI.com/">FastCGI
website</a>.&nbsp; To receive FastCGI related announcements and notifications of module
updates, send mail to <a href="mailto:fastcgi-announce-request@idle.com">fastcgi-announce-request@idle.com</a>
with &quot;subscribe&quot; in the Subject field.&nbsp; To participate in the discussion of
<code>mod_fastcgi</code> and FastCGI application development, send mail to <a
href="mailto:fastcgi-developers-request@idle.com">fastcgi-developers-request@idle.com</a>
with &quot;subscribe&quot; in the Subject field.</p>

<h2>Summary</h2>

<p>For information about building and installing the module, see the <a href="../INSTALL">INSTALL</a>
document that came with the distribution.</p>

<p>FastCGI applications under <code>mod_fastcgi</code> are defined as one of three types:
static, dynamic, or external.&nbsp; They're configured using the <a href="#fastcgiserver">FastCgiServer</a>,
<a href="#FastCgiConfig">FastCgiConfig</a>, and <a href="#FastCgiExternalServer">FastCgiExternalServer</a>
<a href="#directives">directives</a> respectively.&nbsp; Any URI that Apache identifies as
a FastCGI application and which hasn't been explicitly configured using a <a
href="#fastcgiserver">FastCgiServer</a> or <a href="#FastCgiExternalServer">FastCgiExternalServer</a>
directive is handled as a dynamic application (see the <a href="#FastCgiConfig">FastCgiConfig</a>
directive for more information).</p>

<p>FastCGI static and dynamic applications are spawned and managed by the FastCGI Process
Manager, fcgi-pm.&nbsp; The process manager is spawned by Apache at server initialization.
&nbsp; External applications are presumed to be started and managed independently.</p>

<p>Apache must be configured to identify requests for FastCGI URIs.&nbsp; <code>mod_fastcgi</code>
registers (with Apache) a handler type of <code>fastcgi-script</code> for this purpose.</p>

<p>To configure Apache to handle all files (within the scope of the directive) as FastCGI
applications (e.g. for a fcgi-bin directory):</p>

<blockquote>
  <p><code><a href="http://www.apache.org/docs/mod/mod_mime.html#sethandler">SetHandler</a>
  fastcgi-script</code></p>
</blockquote>

<p>To configure Apache to handle files (within the scope of&nbsp; the directive) with
the specified extension(s) as FastCGI applications:</p>

<blockquote>
  <p><code><a href="http://www.apache.org/docs/mod/mod_mime.html#addhandler">AddHandler</a>
  fastcgi-script fcg fcgi fpl</code></p>
</blockquote>

<dl>
  <p>Consult the Apache documentation for more information regarding these and other
  directives which affect request handling (such as <code><a
  href="http://www.apache.org/docs/mod/mod_actions.html#action">Action</a>).</code></p>
  <p>Dynamic FastCGI applications require the <code>ExecCGI</code> option be enabled
  (see the <a
  href="http://www.apache.org/docs/mod/core.html#options"><code>Options</code></a> 
  directive) in the
  application's directory.&nbsp; </p>
  <h2>Notes</h2>
  <p><code>mod_fastcgi</code> logs FastCGI application error (stderr) output to the server
  log associated with the request.&nbsp; Errors reported by the FastCGI process manager,
  fcgi-pm, are reported to the main server log (typically, logs/error_log).&nbsp;
  Data written to stdout or stderr before entering the FastCGI <em>accept</em>
  loop or via a mechanism that is not FastCGI protocol aware will also be
  directed to the main server log.&nbsp; If
  Apache's <a href="http://www.apache.org/docs/mod/core.html#loglevel"><code>LogLevel</code></a>
  is set to <code>info</code> additional informational messages are printed to the
  logs, these messages may be especially helpful while debugging a
  configuration..</p>
  <p>To pass per-request environment variables to FastCGI applications, have a look at: <a
  href="http://www.apache.org/docs/mod/mod_env.html"><code>mod_env</code></a> (<code>SetEnv</code>,
  <code>PassEnv</code>, <code>UnSetEnv</code>), <a
  href="http://www.apache.org/docs/mod/mod_setenvif.html"><code>mod_setenvif</code></a> (<code>BrowserMatch</code>,
  <code>BrowserMatchNoCase</code>, <code>SetEnvIf</code>, <code>SetEnvIfNoCase</code>), and <a
  href="http://www.apache.org/docs/mod/mod_rewrite.html"><code>mod_rewrite</code></a> (if
  your feeling adventurous).</p>
  <p>FastCGI application output is buffered by default.&nbsp; This is not the case for CGI
  scripts (under Apache 1.3).&nbsp; To override the default behavior, use the -flush
  option.&nbsp; Non-parsed header (nph-) scripts will be rejected by mod_fastcgi
  simply as
  warning the behavior is different (create a symbolic link to the script without the
  &quot;nph-&quot; prefix if this poses a problem).</p>
  <p>Redirects are handled similar to CGI.&nbsp; Location headers with values that begin
  with &quot;/&quot; are treated as internal-redirects; otherwise, they are treated as
  external redirects (302).</p>
  <p>Session affinity (as well as distribution) should be achievable outside of <code>mod_fastcgi</code>
  using <a
  href="http://www.apache.org/docs/mod/mod_rewrite.html"><code>mod_rewrite</code></a>.&nbsp; If you get this working, please post the details to <a
  href="mailto:fastcgi-developers@idle.com">fastcgi-developers@idle.com</a> so they can be
  included here.</p>
  <h2>FastCGI Specification Compliance</h2>
  <p>The FastCGI specification is not implemented in its entirety and I've deviated a bit as
  well resulting in some Apache specific features.</p>
  <p>The file descriptors for stdout and stderr are left open.&nbsp; This is
  prohibited by the specification.&nbsp; I can't see any reason to require that
  they be closed, and leaving them open prevents FastCGI applications which were
  not completely ported to FastCGI from failing miserably.&nbsp; This does not
  mean the applications shouldn't be fixed such that this doesn't occur, but is
  invaluable when using a 3rd party library (without source code) which expects
  to be able to write to stderr.&nbsp; Anything written to stdout or stderr in
  this manner will be directed to the main server log.</p>
  <p>The Filter and Log Roles are not supported.&nbsp; The Filter Role has
  little value in
  Apache until the output of one handler can be piped into another (Apache 2.0 is expected
  to support this).&nbsp; The Log Role has some value, but Apache's &quot;piped
  logs&quot; feature is similar (and is even more CPU friendly). </p>
  <p>Multiplexed requests are not supported. &nbsp; This does NOT mean FastCGI
  applications can't be multithreaded.&nbsp; It means that each request requires
  its own independent connect()/accept().&nbsp; The protocol supports the concept of a
  connection simultaneously shared by multiple requests.&nbsp; The FastCGI application
  library which provides the FastCGI protocol support within FastCGI applications does not
  currently support it (and thus doesn't have to be supported here).&nbsp; This may become a
  higher priority when <code>mod_fastcgi</code> is ported to NT (Apache is threaded on
  NT which makes shared persistent multiplexed connection more reasonable to
  consider).&nbsp; </p>
  <p>The Authorizer Role has three variations corresponding to each three
  specific Apache request handling phases:&nbsp; Authentication, Authorization, and Access Control.
  &nbsp; <code>mod_fastcgi</code> sets up the (Apache specific) environment variable
  &quot;FCGI_APACHE_ROLE&quot; to indicate which Apache authorizer phase is being performed.</p>
  <p><code>mod_fastcgi</code> sends nearly all of the standard environment variables
  typically available to CGI/FastCGI request handlers including some explicitly precluded by
  the FastCGI specification; I didn't see the point to leaving them out.&nbsp; All headers
  returned by a FastCGI authentication application in a successful response (Status: 200)
  are passed to subprocesses (CGI/FastCGI invocations) as environment variables rather than
  just those prefixed by &quot;<code>Variable-</code>&quot; as the FastCGI specification
  calls for; I didn't see the point in leaving them out either.&nbsp; FastCGI specification
  compliant authorizer behavior can be obtained by using the &quot;<code>-compat</code>&quot;
  option to the Auth server directives.</p>
  <p>Custom failure responses from FastCGI authorizer applications are not
  supported (speak up if you need this).&nbsp; See the <a href="http://www.apache.org/docs/mod/core.html#errordocument">ErrorDocument</a>
  directive for a workaround (hint: a CGI/FastCGI application can serve the
  error document).</p>
  <h2><a name="directives">Directives</a></h2>
  <ul>
    <li><a HREF="#FastCgiServer"><code>FastCgiServer</code></a></li>
    <li><code><a HREF="#FastCgiConfig">FastCgiConfig</a></code></li>
    <li><a HREF="#FastCgiExternalServer"><code>FastCgiExternalServer</code></a></li>
    <li><code><a HREF="#FastCgiIpcDir">FastCgiIpcDir</a></code></li>
    <li><a href="#FastCgiSuexec"><code>FastCgiSuexec</code></a></li>
    <li><a href="#FastCgiAuthenticator"><code>FastCgiAuthenticator</code></a></li>
    <li><a href="#FastCgiAuthenticatorAuthoritative"><code>FastCgiAuthenticatorAuthoritative</code></a></li>
    <li><a href="#FastCgiAuthorizer"><code>FastCgiAuthorizer</code></a></li>
    <li><a href="#FastCgiAuthorizerAuthoritative"><code>FastCgiAuthorizerAuthoritative</code></a></li>
    <li><a href="#FastCgiAccessChecker"><code>FastCgiAccessChecker</code></a></li>
    <li><a href="#FastCgiAccessCheckerAuthoritative"><code>FastCgiAccessCheckerAuthoritative</code></a></li>
  </ul>
  <dd>&nbsp;</dd>
</dl>

<dl>
  <hr>
  <h2><a name="FastCgiServer">FastCgiServer</a></h2>
<!-- %plaintext &lt;?INDEX {\tt FastCgiServer} directive&gt; -->
  <table border="0">
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Syntax" REL="Help"><strong>Syntax:</strong></a></td>
      <td><code>FastCgiServer <em>filename</em> <em>option option ...</em></code></td>
    </tr>
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Context" REL="Help"><strong>Context:</strong></a></td>
      <td>server config</td>
    </tr>
  </table>
  <p>The <code>FastCgiServer</code> directive defines <em>filename</em> as a static FastCGI
  application.&nbsp; If the filename does not begin with a slash (/) then it is assumed to
  be relative to the <a href="http://www.apache.org/docs/mod/core.html#serverroot">ServerRoot</a>.
  </p>
  <p>By default, the Process Manager will start one instance of the application with the
  default configuration specified (in parenthesis) below.&nbsp; Should a static application
  instance die for any reason <code>mod_fastcgi</code> will spawn another to replace it and
  log the event (at the <code>warn</code> <a href="http://www.apache.org/docs/mod/core.html#loglevel"><code>LogLevel</code></a>).</p>
  <p><em>Option</em> can be one of (case insensitive):</p>
  <dt><code><b>-appConnTimeout <em>n</em></b>&nbsp;(0 seconds)</code></dt>
  <dd>The number of seconds to wait for a connection to the FastCGI application to
    complete or 0 to indicate a blocking <code>connect()</code> should be
    used.&nbsp; If the timeout expires, a&nbsp; SERVER_ERROR results.&nbsp; For
    non-zero values, this is the amount of time used in a <code>select()</code> 
    to write to the file descriptor returned by a non-blocking
    <code>connect().</code>&nbsp; Non-blocking <code>connect()</code>s are troublesome
    on many platforms.&nbsp; See also -idle-timeout, it produces similar results
    but in a more portable manner.</dd>
  <dt><code><b>-idle-timeout <em>n</em></b>&nbsp;(30 seconds)</code></dt>
  <dd>The number of seconds of FastCGI application inactivity allowed before the
    request is aborted and the event is logged (at the <code>error</code> <a href="http://www.apache.org/docs/mod/core.html#loglevel"><code>LogLevel</code></a>).&nbsp;
    The inactivity timer applies only as long as a connection is pending with
    the FastCGI application.&nbsp; If a request is queued to an application, but
    the application doesn't respond (by writing and flushing) within this
    period, the request will be aborted.&nbsp; If communication is complete with
    the application but incomplete with the client (the response is buffered),
    the timeout does not apply.</dd>
  <dt><code><b>-initial-env <em>name[=value</b><strong>]</strong> none</em></b><em><strong>]</strong> none</em></code></dt>
  <dd>A name-value pair to be passed in the FastCGI application's&nbsp; <i> initial</i> environment.&nbsp; To pass a variable from Apache's environment, don't
    provide the &quot;=&quot; (if the variable isn't actually in the environment, it will be
    defined without a value).&nbsp; To define a variable without a value, provide the
    &quot;=&quot; without any value.&nbsp; The option can be used repeatedly.</dd>
  <dt><code><b>-init-start-delay <em>n</b>&nbsp;</em>(1 second)</code></dt>
  <dd>The minimum number of seconds between the spawning of instances of this application.
    &nbsp; This delay decreases the demand placed on the system at server initialization.</dd>
  <dt><code><strong>-flush</strong>&nbsp;<em>none</em></code></dt>
  <dd>Force a write to the client as data is received from the application.&nbsp; By default, <code>mod_fastcgi</code>
    buffers data in order to free the application as quickly as possible.</dd>
  <dt><code><b>-listen-queue-depth <em>n</em></b>&nbsp;(100)</code></dt>
  <dd>The depth of listen() queue (also known as the backlog) shared by all of the instances
    of this application.&nbsp; A deeper listen queue allows the server to cope with transient
    load fluctuations without rejecting requests; it does not increase throughput. &nbsp;
    Adding additional application instances may increase throughput/performance, depending
    upon the application and the host. </dd>
  <dt><code><b>-pass-header <em>header </em></b><em> none</em></code></dt>
  <dd>The name of an HTTP Request Header to be passed in the <i>request</i>
    environment.&nbsp; This option makes available the contents of headers which
    are normally not available (e.g. Authorization) to a CGI environment. </dd>
  <dt><code><b>-processes <em>n</em> </b>(1)</code></dt>
  <dd>The number of instances of the application to spawn at server initialization. </dd>
  <dt><code><b>-priority <em>n</em></b> (0)</code></dt>
  <dd>The process priority to be assigned to the application instances (using <code>setpriority()</code>).</dd>
  <dt><code><b>-port <em>n</b> none</em></code></dt>
  <dd>The TCP port number (1-65535) the application will use for communication with the web
    server.&nbsp; This option makes the application accessible from other machines on the
    network (as well as this one).&nbsp; The <code>-socket</code> and <code>-port</code>
    options are mutually exclusive.</dd>
  <dt><code><b>-restart-delay<em> n</em></b>&nbsp;(5 seconds)</code></dt>
  <dd>The minimum number of seconds between the respawning of failed instances of this
    application.&nbsp; This delay prevents a broken application from soaking up too much of
    the system.</dd>
  <dt><code><b>-socket<em> filename</em>&nbsp;</b><em>(gen'd)</em></code></dt>
  <dd><b>Unix: </b>The filename of the Unix domain socket that the application will use for communication
    with the web server.&nbsp; The module creates the socket within the directory specified by
    <code>FastCgiIpcDir</code>.&nbsp; This option makes the application accessible to other
    applications (e.g. <code>cgi-fcgi</code>) on the same machine or via an external FastCGI
    application definition (<code>FastCgiExternalServer</code>).&nbsp; If neither the <code>-socket</code>
    nor the <code>-port</code> options are given, the module generates a Unix domain socket
    filename.&nbsp; The <code>-socket</code> and <code>-port</code> options are mutually
    exclusive.</dd>
<DD>
<B>Windows NT: </B>The name of the named pipe that the application will
use for communication with the web server.&nbsp; The module creates the
named pipe off the named pipe root specified by the FastCgiIpcDir.&nbsp;
. This option makes the application accessible to other applications (e.g.
<TT>cgi-fcgi</TT>) on the same machine or via an external FastCGI application
definition (<TT>FastCgiExternalServer</TT>).&nbsp; If neither the <TT>-socket</TT>
nor the <TT>-port</TT> options are given, the module generates a name for
the named pipe.&nbsp; The <TT>-socket</TT> and <TT>-port</TT> options are
mutually exclusive.</DD>
</dl>

<dl>
  <hr>
  <h2><a NAME="FastCgiConfig">FastCgiConfig</a></h2>
<!-- %plaintext &lt;?INDEX {\tt FastCgiConfig} directive&gt; -->
  <table border="0">
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Syntax" REL="Help"><strong>Syntax:</strong></a></td>
      <td><code>FastCgiConfig <em>option option ...</em></code></td>
    </tr>
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Context" REL="Help"><strong>Context:</strong></a></td>
      <td>server config</td>
    </tr>
  </table>
  <p>The <code>FastCgiConfig</code> directive defines the default parameters for
  <i>all</i> dynamic
  FastCGI applications.&nbsp; This directive does not affect static or external
  applications in any way.</p>
  <p>Dynamic applications are not started at server initialization, but upon demand. &nbsp;
  If the demand is heavy, additional application instances are started.&nbsp; As the demand
  fades, application instances are killed off.&nbsp; Many of the options govern this
  process.</p>
  <p><em>Option</em> can be one of (case insensitive):</p>
  <dt><code><b>-appConnTimeout <em>n</em></b>&nbsp;(0 seconds)</code></dt>
  <dd>The number of seconds to wait for a connection to the FastCGI application to
    complete or 0 to indicate a blocking <code>connect()</code> should be
    used.&nbsp;
    If the timeout expires, a&nbsp; SERVER_ERROR results.&nbsp; For non-zero
    values, this is the amount of time used in a <code>select()</code>  to write
    to the file descriptor returned by a non-blocking
    <code>connect().</code>&nbsp;
    Non-blocking <code>connect()</code>s are troublesome on many platforms and
    thus the use of the option is not recommended.&nbsp; See also -idle-timeout, it produces similar results but in
    a more portable manner.</dd>
  <dt><code><b>-idle-timeout <em>n</em></b>&nbsp;(30 seconds)</code></dt>
  <dd>The number of seconds of FastCGI application inactivity allowed before the
    request is aborted and the event is logged (at the <code>error</code> <a href="http://www.apache.org/docs/mod/core.html#loglevel"><code>LogLevel</code></a>).&nbsp;
    The inactivity timer applies only as long as a connection is pending with
    the FastCGI application.&nbsp; If a request is queued to an application, but
    the application doesn't respond (by writing and flushing) within this
    period, the request will be aborted.&nbsp; If communication is complete with
    the application but incomplete with the client (the response is buffered),
    the timeout does not apply.</dd>
  <dt><code><strong>-autoUpdate</strong> <em>none</em></code></dt>
  <dd>This option causes mod_fastcgi to check the age of the application on disk before
    processing each request.&nbsp; If the application is more recent, the process manager is
    notified and all running instances of the application are killed off.&nbsp; In general,
    its preferred that this type of functionality be built-in to the application (e.g. every
    100th request it checks to see if there's a newer version on disk and exits if so). &nbsp;
    There may be an outstanding problem (bug) when this option is used with <code>-restart</code>.</dd>
  <dt><code><b>-gainValue <em>n</em></b> (0.5)</code></dt>
  <dd>A floating point value between 0 and 1 that is used as an exponent in the computation of
    the exponentially decayed connection times load factor of the currently running dynamic
    FastCGI applications.&nbsp; Old values are scaled by (1 -<code> gainValue</code>), so
    making it smaller weights them more heavily compared to the current value, which is scaled
    by <code>gainValue</code>.</dd>
  <dt><code><b>-initial-env <em>name[=value</b><strong>]</strong> none</em></code></dt>
  <dd>A name-value pair to be passed in the initial environment when instances of the
    application are spawned.&nbsp; To pass a variable from the Apache environment, don't
    provide the &quot;=&quot; (if the variable isn't actually in the environment, it will be
    defined without a value).&nbsp; To define a variable without a value, provide the
    &quot;=&quot; without any value.&nbsp; The option can be used repeatedly.</dd>
  <dt><code><b>-init-start-delay <em>n</b>&nbsp;</em>(1 second)</code></dt>
  <dd>The minimum number of seconds between the spawning of instances of this application.
    &nbsp; This delay decreases the demand placed on the system at server initialization.</dd>
  <dt><code><b>-killInterval <em>n</em></b> (300 seconds)</code></dt>
  <dd>The killInterval determines how often the dynamic application instance killing policy is
    implemented within the process manager.&nbsp; Lower numbers result in a more aggressive
    policy, higher numbers a less aggressive policy.</dd>
  <dt><code><b>-listen-queue-depth <em>n</em></b>&nbsp;(100)</code></dt>
  <dd>The depth of listen() queue (also known as the backlog) shared by all of the instances
    of this application.&nbsp; A deeper listen queue allows the server to cope with transient
    load fluctuations without rejecting requests; it does not increase throughput. &nbsp;
    Adding additional application instances may increase throughput/performance, depending
    upon the application and the host. </dd>
  <dt><code><b>-maxClassProcesses <em>n</em></b> (10)</code></dt>
  <dd>The maximum number of dynamic FastCGI application instances allowed to run for any one
    FastCGI application.</dd>
  <dt><code><b>-maxProcesses <em>n</em></b> (50)</code></dt>
  <dd>The maximum total number of dynamic FastCGI application instances allowed to run at any
    one time.</dd>
  <dt><code><b>-minProcesses <em>n</em></b> (5)</code></dt>
  <dd>The minimum total number of dynamic FastCGI application instances allowed to run at any
    one time without being killed off by the process manager (due to lack of demand).</dd>
  <dt><code><b>-multiThreshhold <em>n</b> </em>(50)</code></dt>
  <dd>An integer between 0 and 100 used to determine whether any one instance of a FastCGI
    application should be terminated.&nbsp; If the application has more than one instance
    currently running, this attribute will be used to decide whether one of them should be
    terminated.&nbsp; If only one instance remains, <code>singleTHreshhold</code> is used
    instead.</dd>
  <dt><code><b>-pass-header <em>header </em></b><em> none</em></code></dt>
  <dd>The name of an HTTP Request Header to be passed in the <i>request</i>
    environment.&nbsp; This option makes available the contents of headers which
    are normally not available (e.g. Authorization) to a CGI environment. </dd>
  <dt><code><b>-priority <em>n</em></b> (0)</code></dt>
  <dd>The process priority to be assigned to the application instances (using <code>setpriority()</code>).</dd>
  <dt><code><b>-processSlack <em>n</em></b> (5 seconds)</code></dt>
  <dd>If the sum of all currently running dynamic FastCGI applications and exceeds <code>maxProcesses
    - processSlack</code>, the process manager invokes the killing policy.&nbsp; This is to
    improve performance at higher loads by killing the some of&nbsp; the most inactive
    application instances before reaching <code>maxProcesses</code>.</dd>
  <dt><code><strong>-restart</strong> <em>none</em></code></dt>
  <dd>This option causes the process manager to restart dynamic applications upon failure
    (similar to static applications).</dd>
  <dt><code><b>-restart-delay<em> n</em></b>&nbsp;(5 seconds)</code></dt>
  <dd>The minimum number of seconds between the respawning of failed instances of this
    application.&nbsp; This delay prevents a broken application from soaking up too much of
    the system.</dd>
  <dt><code><b>-singleThreshhold <em>n</em></b>  (0)</code></dt>
  <dd>An integer between 0 and 100 used to determine whether the last instance of a FastCGI
    application can be terminated.&nbsp; If the process manager computed load factor for the
    application is lower than the specified threshold, the last instance is terminated. &nbsp;
    In order to make your executables run in the &quot;idle&quot; mode for the long time, you
    would specify value closer to 1, however if memory or CPU time is of primary concern, a
    value closer to 100 would be more applicable.&nbsp; A value of 0 will
    prevent the last instance of an application from being terminated; this is
    the default value, changing it is not recommended (especially if -appConnTimeout
    is set).</dd>
  <dt><code><b>-startDelay <em>n</em></b> (3 seconds)</code></dt>
  <dd>The number of seconds the web server waits patiently while trying to connect to a
    dynamic FastCGI application.&nbsp; If the interval expires, the process manager is
    notified with hope it will start another instance of the application.&nbsp; The <code>startDelay</code>
    must be smaller than <code>appConnTimeout</code> to be effective.</dd>
  <dt><code><b>-updateInterval <em>n</em></b>&nbsp; (300 seconds)</code></dt>
  <dd>The updateInterval determines how often statistical analysis is performed to determine
    the fate of dynamic FastCGI applications.</dd>
  <dt>&nbsp;</dt>
  <hr>
  <h2><a name="FastCgiExternalServer">FastCgiExternalServer</a></h2>
<!-- %plaintext &lt;?INDEX {\tt FastCgiConfig} directive&gt; -->
  <table border="0">
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Syntax" REL="Help"><strong>Syntax:</strong></a></td>
      <td><code>FastCgiExternalServer <em>filename</em> <em>-host hostname:port [-appConnTimeout
      n]</em></code></td>
    </tr>
    <tr>
      <td></td>
      <td><code>FastCgiExternalServer <em>filename</em> <em>-socket filename [-appConnTimeout n]</em></code></td>
    </tr>
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Context" REL="Help"><strong>Context:</strong></a></td>
      <td>server config</td>
    </tr>
  </table>
  <p>The <code>FastCgiExternalServer</code> directive defines <em>filename</em> as an
  external FastCGI application.&nbsp; If the filename does not begin with a slash (/) then
  it is assumed to be relative to the <a
  href="http://www.apache.org/docs/mod/core.html#serverroot">ServerRoot</a>. </p>
  <p>External FastCGI applications are not started by the process manager, they are presumed
  to be started and managed &quot;external&quot; to Apache and mod_fastcgi.&nbsp; The
  FastCGI devkit provides a simple tool, <code>cgi-fcgi</code>,&nbsp; for starting FastCGI applications independent of the
  server (applications can also be <i>self-starting</i>, see the devkit).</p>
  <dt><code><b>-appConnTimeout <em>n</em></b>&nbsp;(0 seconds)</code></dt>
  <dd>The number of seconds to wait for a connection to the FastCGI application to
    complete or 0 to indicate a blocking <code>connect()</code> should be
    used.&nbsp;
    If the timeout expires, a&nbsp; SERVER_ERROR results.&nbsp; For non-zero
    values, this is the amount of time used in a <code>select()</code>  to write
    to the file descriptor returned by a non-blocking
    <code>connect().</code>&nbsp;
    Non-blocking <code>connect()</code>s are troublesome on many
    platforms.&nbsp; See also -idle-timeout, it produces similar results but in
    a more portable manner.</dd>
  <dt><code><b>-idle-timeout <em>n</em></b>&nbsp;(30 seconds)</code></dt>
  <dd>The number of seconds of FastCGI application inactivity allowed before the
    request is aborted and the event is logged (at the <code>error</code> <a href="http://www.apache.org/docs/mod/core.html#loglevel"><code>LogLevel</code></a>).&nbsp;
    The inactivity timer applies only as long as a connection is pending with
    the FastCGI application.&nbsp; If a request is queued to an application, but
    the application doesn't respond (by writing and flushing) within this
    period, the request will be aborted.&nbsp; If communication is complete with
    the application but incomplete with the client (the response is buffered),
    the timeout does not apply.</dd>
  <dt><code><strong>-flush</strong>&nbsp;<em>none</em></code></dt>
  <dd>Force a write to the client as data is received from the application.&nbsp; By default, <code>mod_fastcgi</code>
    buffers data in order to free the application as quickly as possible.</dd>
  <dt><code><b>-host <em>hostname:port</b> none</em></code></dt>
  <dd>The hostname or IP address and TCP port number (1-65535) the application uses for
    communication with the web server. The <code>-socket</code> and <code>-host</code> options
    are mutually exclusive.</dd>
  <dt><code><b>-pass-header <em>header </em></b><em>none</em></code></dt>
  <dd>The name of an HTTP Request Header to be passed in the <i>request</i>
    environment.&nbsp; This option makes available the contents of headers which
    are normally not available (e.g. Authorization) to a CGI environment. </dd>
  <dt><code><b>-socket<em> filename</em>&nbsp;</b><em>none</em></code></dt>
  <dd><b>Unix: </b>The filename of the Unix domain socket the application uses for communication with the
    web server.&nbsp; The filename is relative to the <code>FastCgiIpcDir</code>.&nbsp; The <code>-socket</code>
    and <code>-port</code> options are mutually exclusive.</dd>
  <dd> <b>Windows NT:&nbsp;</b> The name of the named pipe the application uses
for communitcating with the web server. the name is relative to the <TT><A HREF="#FastCgiIpcDir">
FastCgiIpcDir</A></TT>.&nbsp;
The -<TT>socket </TT>and&nbsp;<TT> -port </TT>options are mutually exclusive.</DD>
  <dt>&nbsp;</dt>
  <hr>
  <h2><a name="FastCgiIpcDir">FastCgiIpcDir</a></h2>
<!-- %plaintext &lt;?INDEX {\tt FastCgiConfig} directive&gt; -->
  <table border="0">
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Syntax" REL="Help"><strong>Syntax:</strong></a></td>
      <td><code><B>Unix: </B>FastCgiIpcDir <em>directory</em></code></td>
    </tr>
    <tr>
       <td></td>
       <td><tt><b>Windows NT: </b>FastCgiIpcDir <i>name&nbsp;</i></tt></td> 
    </tr>
    <tr>
      <td><a href="http://www.apache.org/docs/mod/directive-dict.html#Default"><strong>Default:</strong></a></td>
      <td><code><b>Unix: </b>FastCgiIpcDir /tmp/fcgi</code></td>
    </tr>
    <tr>
      <td></td>
      <td><tt><b>Windows NT: </b>FastCgiIpcDir \\.\pipe\ModFastCgi\</tt></td>
    </tr>
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Context" REL="Help"><strong>Context:</strong></a></td>
      <td>server config</td>
    </tr>
  </table>
  <p><b>Unix: </b>The <code>FastCgiIpcDir</code> directive specifies <em>directory</em> as the place to
  store (and find, in the case of external FastCGI applications) the Unix socket files used
  for communication between the applications and the web server.&nbsp; If the directory does
  not begin with a slash (/) then it is assumed to be relative to the <a
  href="http://www.apache.org/docs/mod/core.html#serverroot">ServerRoot</a>. &nbsp; If the
  directory doesn't exist, an attempt is made to create it with appropriate
  permissions.&nbsp; Do not specify a directory that is not on a local filesystem!&nbsp; If
  you use the default directory (or another directory within <code>/tmp</code>), <code>mod_fastcgi</code>
  will break if your system periodically deletes files from <code>/tmp</code>.</p>
  <p><b>Windows NT: </b>The <tt>FastCgiIpcDir </tt>directive specifies <i>name
  </i>as the root for the named pipes used for communication between the
  application and the web server.&nbsp; The <i>name</i> must be in the form
  of <b>\\.\pipe\</b><i>pipname. </i>The <i>pipename </i>part can contain
  any charater other than a backslash,/p>
  <p>The <code>FastCgiIpcDir</code> directive must precede any <a href="#FastCgiServer"><code>FastCgiServer</code></a>
  or <a href="#FastCgiExternalServer"><code>FastCgiExternalServer</code></a> directives
  (which make use of Unix sockets). The directory must be readable, writeable, and
  executable (searchable) by the web server, but otherwise should not be accessible to
  anyone.</p>
  <hr>
  <h2><a name="FastCgiSuexec">FastCgiSuexec</a></h2>
<!-- %plaintext &lt;?INDEX {\tt FastCgiConfig} directive&gt; -->
  <table border="0">
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Syntax" REL="Help"><strong>Syntax:</strong></a></td>
      <td><code>FastCgiSuexec <em>On | Off | filename</em></code></td>
    </tr>
    <tr>
      <td><a href="http://www.apache.org/docs/mod/directive-dict.html#Default"><strong>Default:</strong></a></td>
      <td><code>FastCgiSuexec Off<em> </em></code></td>
    </tr>
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Context" REL="Help"><strong>Context:</strong></a></td>
      <td>server config</td>
    </tr>
  </table>
  <p>The <code>FastCgiSuexec</code> directive is used to enable support for an
  suexec-wrapper.&nbsp; <code>FastCgiSuexec</code> requires suexec be enabled in Apache (for
  CGI).&nbsp; To use the same suexec-wrapper in use by Apache, set <code>FastCgiSuexec</code>
  to <em>On</em>.&nbsp; To use a different suexec-wrapper, specify the <em>filename</em> of
  the suexec-wrapper.&nbsp; If the filename does not begin with a slash (/) then it is
  assumed to be relative to the <a
  href="http://www.apache.org/docs/mod/core.html#serverroot">ServerRoot</a>.</p>
  <p>When <code>FastCgiSuexec</code> is enabled, the location of static or external FastCGI
  application definitions is important.&nbsp; They inherit their user and group from the <code>User</code>
  and <code>Group</code> directives in the virtual server in which they were defined.&nbsp; <code>User</code>
  and <code>Group</code> directives should precede FastCGI application definitions. &nbsp;
  Note that this does <em>not</em> limit the FastCGI application to the virtual server in
  which they were defined, the application is allowed to service requests from any virtual
  server with the same user and group.&nbsp; If a request is received for a FastCGI
  application without an existing matching definition running with the correct user and
  group, a dynamic instance of the application is started with the correct user and group.
  &nbsp; This can lead to multiple copies of the same application running with different
  user/group.&nbsp; If this is a problem, preclude navigation to the application from other
  virtual servers or configure the virtual servers with the same User and Group.</p>
  <p>See the Apache documentation for more information about suexec (make sure you fully
  understand the security implications).</p>
  <hr>
  <h2><a name="FastCgiAuthenticator">FastCgiAuthenticator</a></h2>
<!-- %plaintext &lt;?INDEX {\tt FastCgiConfig} directive&gt; -->
  <table border="0">
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Syntax" REL="Help"><strong>Syntax:</strong></a></td>
      <td><code>FastCgiAuthenticator <em>filename [-compat]</em></code></td>
    </tr>
    <tr>
      <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Context" REL="Help"><strong>Context:</strong></a></td>
      <td>directory</td>
    </tr>
  </table>
  <p>The <code>FastCgiAuthenticator</code> directive is used to define a FastCGI application
  as a per-directory authenticator.&nbsp; Authenticators verify the requestor is who he says
  he is by matching the provided username and password against a list or database of known
  users and passwords.&nbsp; FastCGI based authenticators are useful primarily when the user
  database is maintained within an existing independent program or resides on a machine
  other than the web server.&nbsp; </p>
  <p>If the FastCGI application <em>filename</em> does not have a corresponding static or
  external server definition, it is started as a dynamic FastCGI application.&nbsp; If the
  filename does not begin with a slash (/) then it is assumed to be relative to the <a
  href="http://www.apache.org/docs/mod/core.html#serverroot">ServerRoot</a>.</p>
  <p><code>FastCgiAuthenticator</code> is used within <a
  href="http://www.apache.org/docs/mod/core.html#directory"><code>Directory</code></a> or <a
  href="http://www.apache.org/docs/mod/core.html#location"><code>Location</code></a>
  containers and must include an <a href="http://www.apache.org/docs/mod/core.html#authtype"><code>AuthType</code></a>
  and <a href="http://www.apache.org/docs/mod/core.html#authname"><code>AuthName</code></a>
  directive. &nbsp; Only the <code>Basic</code> user authentication type is supported.&nbsp;
  It must be accompanied by a <a href="http://www.apache.org/docs/mod/core.html#require"><code>require</code></a>
  or <code><a href="#FastCgiAuthorizer">FastCgiAuthorizer</a></code> directive in order to
  work correctly.</p>
</dl>

<blockquote>
  <code><p>&lt;Directory htdocs/protected&gt;<br>
  AuthType Basic<br>
  AuthName ProtectedRealm<br>
  FastCgiAuthenticator fcgi-bin/authenticator<br>
  require valid-user<br>
  &lt;/Directory&gt;</code></p>
</blockquote>

<p><code>mod_fastcgi</code> sends nearly all of the standard environment variables
typically available to CGI/FastCGI request handlers.&nbsp; All headers returned by a
FastCGI authentication application in a successful response (Status: 200) are passed to
subprocesses (CGI/FastCGI invocations) as environment variables.&nbsp; All headers
returned in an unsuccessful response are passed on to the client.&nbsp; FastCGI
specification compliant behavior can be obtained by using the &quot;<code>-compat</code>&quot;
option.</p>

<p><code>mod_fastcgi</code> sets the environment variable &quot;FCGI_APACHE_ROLE&quot; to
&quot;AUTHENTICATOR&quot; to indicate which (Apache specific) authorizer phase is being
performed.</p>

<p>Custom failure responses from FastCGI authorizer applications are not (yet?)
supported.&nbsp; See the <a href="http://www.apache.org/docs/mod/core.html#errordocument">ErrorDocument</a>
directive for a workaround (a FastCGI application can serve the document).</p>

<hr>

<h2><a name="FastCgiAuthenticatorAuthoritative">FastCgiAuthenticatorAuthoritative</a></h2>
<!-- %plaintext &lt;?INDEX {\tt FastCgiConfig} directive&gt; -->

<table border="0">
  <tr>
    <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Syntax" REL="Help"><strong>Syntax:</strong></a></td>
    <td><code>FastCgiAuthenticatorAuthoritative <em>On | Off</em></code></td>
  </tr>
  <tr>
    <td><a href="http://www.apache.org/docs/mod/directive-dict.html#Default"><strong>Default:</strong></a></td>
    <td><code>FastCgiAuthenticatorAuthoritative On</code></td>
  </tr>
  <tr>
    <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Context" REL="Help"><strong>Context:</strong></a></td>
    <td>directory</td>
  </tr>
</table>

<p>Setting the <code>FastCgiAuthenticatorAuthoritative</code> directive explicitly to <em>Off</em>
allows authentication to be passed on to lower level modules (as defined in the <code>Configuration</code>
and <code>modules.c</code> files) if the FastCGI application fails to authenticate the
user. </p>

<p>A common use for this is in conjunction with a well protected <a
href="http://www.apache.org/docs/mod/mod_auth.html#authuserfile"><code>AuthUserFile</code></a>
containing a few (administration related) users.&nbsp; </p>

<p>By default, control is not passed on and an unknown user will result in an
Authorization Required reply.&nbsp; Disabling the default should be carefully considered.</p>

<hr>

<h2><a name="FastCgiAuthorizer">FastCgiAuthorizer</a></h2>
<!-- %plaintext &lt;?INDEX {\tt FastCgiConfig} directive&gt; -->

<table border="0">
  <tr>
    <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Syntax" REL="Help"><strong>Syntax:</strong></a></td>
    <td><code>FastCgiAuthorizer<em> filename [-compat]</em></code></td>
  </tr>
  <tr>
    <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Context" REL="Help"><strong>Context:</strong></a></td>
    <td>directory</td>
  </tr>
</table>

<dl>
  <p>The <code>FastCgiAuthorizer</code> directive is used to define a FastCGI application as
  a per-directory authorizer.&nbsp; Authorizers validate whether an authenticated requestor
  is allowed access to the requested resource.&nbsp; FastCGI based authorizers are useful
  primarily when there is a dynamic component to the authorization decision such as a time
  of day or whether or not the user has paid his bills.&nbsp; </p>
  <p>If the FastCGI application <em>filename</em> does not have a corresponding static or
  external server definition, it is started as a dynamic FastCGI application.&nbsp; If the
  filename does not begin with a slash (/) then it is assumed to be relative to the <a
  href="http://www.apache.org/docs/mod/core.html#serverroot">ServerRoot</a>.</p>
  <p><code>FastCgiAuthorizer</code> is used within <a
  href="http://www.apache.org/docs/mod/core.html#directory"><code>Directory</code></a> or <a
  href="http://www.apache.org/docs/mod/core.html#location"><code>Location</code></a>
  containers and must include an <a href="http://www.apache.org/docs/mod/core.html#authtype"><code>AuthType</code></a>
  and <a href="http://www.apache.org/docs/mod/core.html#authname"><code>AuthName</code></a>
  directive. &nbsp; It must be accompanied by an authentication directive such as <a
  href="#FastCgiAuthenticator"><code>FastCgiAuthenticator</code></a>, <a
  href="http://www.apache.org/docs/mod/mod_auth.html#authuserfile"><code>AuthUserFile</code></a>,
  <a href="http://www.apache.org/docs/mod/mod_auth_db.html#authdbuserfile"><code>AuthDBUserFile</code></a>
  or <a href="http://www.apache.org/docs/mod/mod_auth_dbm.html#authdbmuserfile"><code>AuthDBMUserFile</code></a>
  in order to work correctly.</p>
</dl>

<blockquote>
  <code><p>&lt;Directory htdocs/protected&gt;<br>
  AuthType Basic<br>
  AuthName ProtectedRealm<br>
  AuthDBMUserFile conf/authentication-database<br>
  FastCgiAuthorizer fcgi-bin/authorizer<br>
  &lt;/Directory&gt;</code></p>
</blockquote>

<p><code>mod_fastcgi</code> sends nearly all of the standard environment variables
typically available to CGI/FastCGI request handlers.&nbsp; All headers returned by a
FastCGI authorizer application in a successful response (Status: 200) are passed to
subprocesses (CGI/FastCGI invocations) as environment variables.&nbsp; All headers
returned in an unsuccessful response are passed on to the client.&nbsp; FastCGI
specification compliant behavior can be obtained by using the &quot;<code>-compat</code>&quot;
option.</p>

<p><code>mod_fastcgi</code> sets the environment variable &quot;FCGI_APACHE_ROLE&quot; to
&quot;AUTHORIZER&quot; to indicate which (Apache specific) authorizer phase is being
performed.</p>

<p>Custom failure responses from FastCGI authorizer applications are not (yet?)
supported.&nbsp; See the <a href="http://www.apache.org/docs/mod/core.html#errordocument">ErrorDocument</a>
directive for a workaround (a FastCGI application can serve the document).</p>

<hr>

<h2><a name="FastCgiAuthorizerAuthoritative">FastCgiAuthorizerAuthoritative</a></h2>
<!-- %plaintext &lt;?INDEX {\tt FastCgiConfig} directive&gt; -->

<table border="0">
  <tr>
    <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Syntax" REL="Help"><strong>Syntax:</strong></a></td>
    <td><code>FastCgiAuthorizerAuthoritative <em>On | Off</em></code></td>
  </tr>
  <tr>
    <td><a href="http://www.apache.org/docs/mod/directive-dict.html#Default"><strong>Default:</strong></a></td>
    <td><code>FastCgiAuthorizerAuthoritative On</code></td>
  </tr>
  <tr>
    <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Context" REL="Help"><strong>Context:</strong></a></td>
    <td>directory</td>
  </tr>
</table>

<p>Setting the <code>FastCgiAuthorizerAuthoritative</code> directive explicitly to <em>Off</em>
allows authorization to be passed on to lower level modules (as defined in the <code>Configuration</code>
and <code>modules.c</code> files) if the FastCGI application fails to authorize the user. </p>

<p>By default, control is not passed on and an unauthorized user will result in an
Authorization Required reply.&nbsp; Disabling the default should be carefully considered.</p>

<hr>

<h2><a name="FastCgiAccessChecker">FastCgiAccessChecker</a></h2>
<!-- %plaintext &lt;?INDEX {\tt FastCgiConfig} directive&gt; -->

<table border="0">
  <tr>
    <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Syntax" REL="Help"><strong>Syntax:</strong></a></td>
    <td><code>FastCgiAccessChecker<em> filename [-compat]</em></code></td>
  </tr>
  <tr>
    <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Context" REL="Help"><strong>Context:</strong></a></td>
    <td>directory</td>
  </tr>
</table>

<dl>
  <p>The <code>FastCgiAccessChecker</code> (suggestions for a better name are welcome)
  directive is used to define a FastCGI application as a per-directory access
  validator.&nbsp; The Apache Access phase precede user authentication and thus the decision
  to (dis)allow access to the requested resource is based on the HTTP headers submitted with
  the request.&nbsp; FastCGI based authorizers are useful primarily when there is a dynamic
  component to the access validation decision such as a time of day or whether or not a
  domain has paid his bills.&nbsp; </p>
  <p>If the FastCGI application <em>filename</em> does not have a corresponding static or
  external server definition, it is started as a dynamic FastCGI application.&nbsp; If the
  filename does not begin with a slash (/) then it is assumed to be relative to the <a
  href="http://www.apache.org/docs/mod/core.html#serverroot">ServerRoot</a>.</p>
  <p><code>FastCgiAccessChecker</code> is used within <a
  href="http://www.apache.org/docs/mod/core.html#directory"><code>Directory</code></a> or <a
  href="http://www.apache.org/docs/mod/core.html#location"><code>Location</code></a>
  containers.</p>
</dl>

<blockquote>
  <code><p>&lt;Directory htdocs/protected&gt;<br>
  FastCgiAccessChecker fcgi-bin/access-checker<br>
  &lt;/Directory&gt;</code></p>
</blockquote>

<p><code>mod_fastcgi</code> sends nearly all of the standard environment variables
typically available to CGI/FastCGI request handlers.&nbsp; All headers returned by a
FastCGI access-checker application in a successful response (Status: 200) are passed to
subprocesses (CGI/FastCGI invocations) as environment variables.&nbsp; All headers
returned in an unsuccessful response are passed on to the client.&nbsp; FastCGI
specification compliant behavior can be obtained by using the &quot;<code>-compat</code>&quot;
option.</p>

<p><code>mod_fastcgi</code> sets the environment variable &quot;FCGI_APACHE_ROLE&quot; to
&quot;ACCESS_CHECKER&quot; to indicate which (Apache specific) authorizer phase is being
performed.</p>

<p>Custom failure responses from FastCGI authorizer applications are not (yet?)
supported.&nbsp; See the <a href="http://www.apache.org/docs/mod/core.html#errordocument">ErrorDocument</a>
directive for a workaround (a FastCGI application can serve the document).</p>

<hr>

<h2><a name="FastCgiAccessCheckerAuthoritative">FastCgiAccessCheckerAuthoritative</a></h2>
<!-- %plaintext &lt;?INDEX {\tt FastCgiConfig} directive&gt; -->

<table border="0">
  <tr>
    <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Syntax" REL="Help"><strong>Syntax:</strong></a></td>
    <td><code>FastCgiAccessCheckerAuthoritative <em>On | Off</em></code></td>
  </tr>
  <tr>
    <td><a href="http://www.apache.org/docs/mod/directive-dict.html#Default"><strong>Default:</strong></a></td>
    <td><code>FastCgiAccessCheckerAuthoritative On</code></td>
  </tr>
  <tr>
    <td><a HREF="http://www.apache.org/docs/mod/directive-dict.html#Context" REL="Help"><strong>Context:</strong></a></td>
    <td>directory</td>
  </tr>
</table>

<p>Setting the <code>FastCgiAccessCheckerAuthoritative</code> directive explicitly to <em>Off</em>
allows access checking to be passed on to lower level modules (as defined in the <code>Configuration</code>
and <code>modules.c</code> files) if the FastCGI application fails to allow access. </p>

<p>By default, control is not passed on and a failed access check will result in a
Forbidden reply.&nbsp; Disabling the default should be carefully considered.</p>

<hr>

<h3 ALIGN="CENTER"><a href="http://www.FastCGI.com/">www.FastCGI.com</a></h3>
</body>
</html>