The 2.0.23 release joins the list of abandoned 2.0 releases, suffering
from a segfault in mod_mime caused by some recent
optimisation work in the module. A fix has been committed and
2.0.24 is currently in testing.
Graham Leggett has been working on LDAP support for Apache,
submitting an LDAP abstraction layer for the APR utility library which
provides a common interface to the several LDAP libraries available today such
as OpenLDAP. He went on to
implement an LDAP-based authentication module for Apache 2.0 using
this new API. There was some discussion about storing Apache
configuration directives within an LDAP database; the consensus was
that this is best achieved using a pre-processor program rather than
adding LDAP configuration support.
Linux Today have a controversial guest column
Open Source Lose the Battle for the Web?" The author looks at why
users would switch from Apache to IIS:
"it's nothing short of miraculous that Apache managed to retain its market
share for about two years while essentially treading water. Let's face it,
in spite of a few point releases, Apache hasn't introduced any significant
user features in two years"..."Even Apache 2.0 (when it finally deigns to appear) won't offer any really
revolutionary user benefits. It's just a better architecture for a vanilla
webserver. What we need today is no longer a webserver, but a web services
delivery platform. Sorry, but Apache doesn't cut it anymore..."
The aim of the Apache httpd project is to develop and maintain an
open-source HTTP server and to provide secure, efficient and an extensible
server providing HTTP services in sync with the standards.
The Apache web server often forms part of a complete web services
The article has generated
large debate on the Slashdot news site.
Apache Software Foundation member Marc Slemko told Apache Week: "One
of the main reasons to use the Apache HTTP server is because it is
'just a webserver'. One of the reasons it is a lot less likely to
ever be vulnerable to anything like Code Red is because it is 'just a
webserver' without dozens of wacky modules enabled by default that are
poorly written and almost no one uses."
Apache offers a personal view on why Apache has more developer
momentum than Microsoft or Sun - because it guarantees developer
freedom. In his own words:
"As a platform for
independent developers neither of the BigCo's half-hearted attempts to
offer developers freedom is convincing. The Apache philosophy is the right
one for me."
We continue to get a large number of messages from system
administrators who see requests for /default.ida in
their Apache access logs. The requests look similar to this:
192.168.2.12 - - [19/Jul/2001:16:55:47 +0100] "GET /default.ida?NNNNNNN
HTTP/1.0" 400 252 -
If you are running Apache there is nothing to worry about, these
requests are part of the Code Red
Worm designed to search out vulnerable IIS servers
running on Windows. You can quite happily ignore these
requests, or get them back
Other common log entries you might see include:
- Requests for robots.txt in the root directory. These
requests are normally automatically made by robots which will analyse
the contents of this file to see what files and directories they are
not allowed to access. The format of the robots.txt file is given
in the HTML 4 Specification.
- Requests for favicon.ico in various directories
(first seen in April 1999). Microsoft Internet Explorer version 5 and
above can display a site-defined icon when a site's URL is displayed
in a favourites list. This icon is obtained by asking the site for
favicon.ico. If the URL contains slash characters
(normally used to represent a directory hierarchy), MSIE 5 will
request "favicon.ico" in each parent directory until it finds one or
reaches the root. The format of the favicon.ico file is
the Microsoft icon format. To see this 'feature' in action, bookmark
this page using MSIE.
- Requests for cmd.exe in various directories. These are
usually attempts to exploit various security
vulnerabilities that affect Microsoft IIS servers.
In this section we highlight some of the articles on the web that are of
interest to Apache users.
Fancy a role in Episode 2, Attack of the Code Red 2 Worm? No, this is not
a new B-grade movie but how you can be a good internet citizen and let
people know that their server has been infected by the Worm. One way
is by using Apache::CodeRed written by Reuven M. Lerner. In
he explains how the module intercepts requests for
/default.ida, determines the host name of the HTTP client,
sends only one warning e-mail message in a 24-hour period to SecurityFocus
and the administrator of that client, and keeps a list of IP addresses to
WebmasterBase.com looks at the pros and cons of three methods of passing
information to your web pages without the use of a query string so that
your web site has search
engine-friendly URLs. The methods are the implementation of
PATH_INFO, .htaccess error pages, and the
ForceType directive, and have been tested using PHP with
Apache on Linux but they should also work on other platforms.
You may have set up your Apache web server perfectly but if you have not
tested your web site thoroughly, it may still fail. Therefore, this basic
testing" guide walks you through the numerous stages of testing. It
starts with ensuring that the site looks as it is intended to, proceeds to
testing functionality, scripts, browser compatibility in a realistic
environment, proofing content, getting feedback from a selected group of
users who previewed your site, checking your search engine rankings, and
ends with analysing your users. After doing all those tests you may be
exhausted, but hey, that's not too high a price to pay for a perfect
From XML Basics, the Developer Shed has now moved on to "XSL Basics
(part 1)" which explains how XSLT (Extensible Stylesheet Language
Transformations) works, with sufficient examples on using it to present
marked-up XML data. Hungry for more? Then you may as well read "XPath Basics"
too. XPath provides a standard method of addressing parts of an XML
document and is used by both XSLT and XPointer. As XML standards are still
evolving, the author warns that this XPath tutorial may become invalid in
the future but currently it is based on the W3C's XPath 1.0 recommendation.
This occasional section contains short announcements of jobs
that require significant Apache experience. To see more jobs
or find out how to submit your vacancy visit the Apache Week Jobs
Tomcat Web Admin / Java Developer (Atlanta, GA)
Thompson Technologies is seeking an Apache / Tomcat Administrator with experience with Java to troubleshoot servers and rewrite code to make sure applications are working correctly. This is full time position in Atlanta, GA