In this issue

Apache Site: www.apache.org
Release: 1.3.6 (Released 25^th March 1999) (local download sites)
Beta: None

Apache 1.3.6 is the current stable release. Users of Apache 1.3.4 and earlier on Unix systems should upgrade to this version. Read the Guide to 1.3.6 for information about changes between 1.3.4 and 1.3.6 and between 1.2 and 1.3.6.

Patches for bugs in Apache 1.3.6 will be made available in the apply_to_1.3.6 subdirectory of the patches directory on the Apache site. Some new features and other unofficial patches are available in the 1.3 patches directory. For details of all previously reported bugs, see the Apache bug database and known bugs pages. Many common configuration questions are answered in the Apache FAQ.

The ApacheBench program (support/ab.c) can now send basic authentication, cookie and other arbitrary headers. This program can be used for simple benchmarks of a server.

The bin\htpasswd.exe program is used on Windows to modify passwords in user authentication files. It currently prompts for the password. From the next release it will be possible to give the password on the command line (using the -b option), so that passwords can be set via scripts.

From the next release, Apache on NT will support multiple services. At the moment, when Apache is installed as a service it uses the fixed name "Apache". This means it can only be installed once on a machine. The next release will support the ability to choose the service name, using a new -n command lline option. If not given, it will default to "Apache", like previous versions.

The recently released version 5 of Microsoft's Internet Explorer has some new "features" which may affect sites.

The first new "feature" is that MSIE 5 may replace a site's own error messages with its in-built error pages. This occurs if the error page from the site is less than a particular size. For most errors, this is 512 bytes. If the error page from the site is more than 512 bytes, MSIE 5 will display the site's error message, otherwise it will not display it. For a few statuses (403, 405 and 410), the cut-off size is 256. The solution to this problem is to ensure that all error pages are greater than 512 bytes. However note that most of Apache's built in error messages will be lesss than 512 bytes, so the only way to ensure that viewers see the site's real error pages is to use ErrorDocument. Microsoft explain how to use the registry or IE's options to turn off this "feature".

In the second new "feature", MSIE 5 can display a site-defined icon when a site's URL is displayed in a favourites list. This icon is obtained by asking the site for "favicon.ico". If the URL contains slash characters (normally used to represent a directory hierarchy), MSIE 5 will request "favicon.ico" in each directory. This leads to requests for "favicon.ico" in various directories, which will normally return a 404 Not Found status. The format of the "favicon.ico" is the Microsoft Win32 proprietary "icon" format, although it is accessed with the abbreviated ".ico" extension because of limitations of Microsoft's file systems. There does not appear to be anyway to turn these unnecessary requests off at either the browser or server. This Microsoft document mentions favicon.ico in passing.

Computing Magazine reports that Apache threatens rise of NT. According to the story, Microsoft are trying to sell NT as an operating system for use by ISPs and hosting companies. This is an area where Apache is widely used.