Apache Week

Copyright 1996-2005
Red Hat, Inc.

First published: 4th October 1996

Converting from NCSA

The two most popular Web servers according to the Netcraft Survey are Apache and NCSA HTTPd. Both servers are widely used, although according to the server survey Apache is used on over twice as many sites as NCSA, and the market share of NCSA is dropping while Apache's is growing. This feature is designed to explain the differences between NCSA HTTPd and Apache, so that users of either server can decide if the other meets their requirements better. We then look in detail at the directives changed between NCSA and Apache, which can be used by existing NCSA users if they decide to convert to Apache. Or it can also act as a guide to converting the other way.

NCSA version 1.3 was the base for Apache development. Initially, Apache was a drop-in replacement for the NCSA HTTPd, however as both have developed there are now some differences between the two servers. Since then, much of Apache's code has been considerably rewritten, in particular to allow the functionality to be extended with modules. This feature explains how the current versions of Apache and NCSA HTTPd differ, what features Apache adds, and those it lacks. This is followed by a detailed list changes between NCSA and Apache. The versions used for the comparison are Apache 1.3 and NCSA HTTPd 1.5.2.

Apache Features

Perhaps the most important difference between Apache and NCSA is that Apache is extensible via a programming API. The means that the functionality of Apache can be extended almost arbitrarily, via modules. The list of Apache features given here concentrates on the functions provided by the server in its default configuration, or with the addition of modules distributed as part of Apache. However there are a lot of additional modules which can be added to perform specific tasks. See our feature on additional modules for an idea of the extensibility of Apache. Unless stated otherwise, the features listed in this section are available with the default server configuration. If the module is marked as optional, then it is part of the official Apache distribution, but not compiled in by default. If a module is described as third party then it is not part of the Apache distribution.

Leaving aside the third-party modules, the main features that Apache supports and NCSA does not are:

  • Additional authentication options: anonymous, from a Berkeley DB file, from an mSQL or Postgres95 database
  • All directives can appear in any of the configuration files
  • Automatically set the mime type of responses based on the file contents (using mod_mime_magic)
  • Call a CGI program when file of particular mime type is accessed, with Action directive
  • Configurable logging format (with LogFormat) and multiple log files (with CustomgLog)
  • Correct some typos in URLs with the optional "spelling" module (mod_speling)
  • Create a user clickstream log (optional mod_usertrack module)
  • Customise CGI environment variables (optional mod_env module)
  • Dynamic module loading (optional mod_so module)
  • Enhanced server-side includes (SSI)
  • Imagemap extensions - internal support (like NCSA 1.5) with additional directives (ImapMenu, ImapBase, ImapDefault)
  • Info module which displays the compiled in modules and current configuration
  • Listen on selected addresses and ports (Listen directive)
  • Pipe any log file to another process, instead of writing to a file
  • Proxy module to provide HTTP and FTP proxying. Can also operate as a "reverse proxy" to load-balance multiple servers.
  • Restrict access by URL with <Location> sections, which compliments <Directory>. Restrict access by filename with <Files>. All of these can also match against regular expressions.
  • Rewrite URLs based on complex criteria (including conditionals), with mod_rewrite
  • Server pool tuning with MaxSpareServers and MinSpareServers
  • Server-based content negotiation, based either on a file listing the variants, or automatically generated from file extensions
  • Set actions for files with particular extensions (SetHandler and AddHandler directives)
  • Set environment variables based on any received headers or other information about the request, with SetenvIf.
  • Set mime type for all files in directory with ForceType directive
  • Status module to see the status of the child processes and what request they are currently servicing
  • Turn DNS lookups on/off at run time (HostnameLookups directive)
  • USER_NAME environment variable set when SSI execs a CGI, giving owner of SSI file
  • Use CERN format 'metafiles' to add header info to response (optional mod_cern_meta module)
  • Unbuffered CGI output (actually Apache does buffer CGI output for efficient use of the network, but will send output to the client as soon as the CGI is no longer providing more output)
  • Year 2000 compliant
  • <VirtualHost> sections can contain almost any configuration directive, with no need for <SRMOptions> sections

NCSA Features

Apache does not implement these features:

  • Kerberos
  • Parsing output of CGI for SSI directives
  • Authentication against NIS usernames and passwords (although there are third party modules which do this)


Some features that are available in both NCSA and Apache are implemented differently in the servers. The detailed list of changed directives, below, gives more information. This is a summary of the main changes.

  • .htaccess files restricting by host
    .htaccess files written using the examples on the NCSA site which restrict by host, not by user, may not work with Apache. The examples to restrict by host also include the AuthName and AuthType directives, which are only used in user authentication. The fix is to remove any of these commands from .htaccess files which only restrict by hostname (any AuthUserFile and AuthGroupFile directives should also be removed).
  • DBM User and Group Files
    Apache supports DBM user and group files for authentication if the optional DBM module is used (mod_auth_dbm). This is configured by different directives, unlike NCSA which uses the same directives with a second argument to specify DBM format. (Apache 1.2 will also allow use of the same directive syntax as NCSA)
  • Digest Support
    Digest authentication can be added to Apache with the optional digest module (mod_digest).
  • FastCGI support
    This is available for Apache with an third party module (from the fastCGI site).
  • Non-IP Virtual Hosts
    In Apache, these are implemented using the normal <VirtualHost> sections. The name to respond to is given in the <VirtualHost> directive or on a ServerAlias directive. The NameVirtualHost directive must be given to specify which interfaces are used for name-based virtual hosts. Apache does not implement <Host>.
  • Log Files
    Apache logs to the transfer log in the standard common log format. It does not support the LogOptions directive to build user agent and referrer information into the log file. However, the log format can be completely customised with the LogFormat directive and multiple logs can be created with CustomLog.
  • KeepAlive
    The directives to support keepalive (persistent connections) use a different syntax.
  • Server Pool
    Both Apache and NCSA 'pre-fork' a pool of servers to handle requests. However, in Apache the main (parent) process does not handle any part of the request. In NCSA, the parent process receives each request then hands it to a suitable child. In Apache, a pool of 'spare' servers is maintained, and the number of servers is configurable.
    This is a runtime directive in Apache.

Directive Changes

This section lists all the directives that NCSA supports. For each directive, we say whether that directive exists in Apache, and if it does, whether there is any change in meaning or syntax. Where directives do not exist in Apache, we either give an alternative method of implementing it in Apache, or state that the feature related to that directive is not implemented (if it will be implemented in Apache 1.2, we note it here).

Apache does not distinguish between the three configuration files that NCSA HTTPd uses. That is, in Apache, any directive can appear in any of the configuration files (and in fact it is possible to put all the directives into a single file, if desired). However, this list of directives is split into sections for each of the configuration files, and the directives listed in the same order as given in the NSCA documentation.

Directives valid in NCSA's Server Configuration file (httpd.conf):

  • ServerType: same
  • Port: same
  • User: same
  • Group: same
  • ServerAdmin: same
  • ServerRoot: same
  • ServerName: same
  • StartServers: same (but NCSA does not use the same method for its pool of servers)
  • MaxServers: use MaxClients instead, same syntax and meaning
  • MaxRequestsPerChild: same
  • TimeOut: same, except Apache resets the timeout on sending each time data is written (when sending a file), so this is not an overall timeout.
  • AccessConfig: same
  • ResourceConfig: same
  • TypesConfig: same
  • IdentityCheck: same, except can be set in .htaccess files
  • BindAddress: same syntax. Can however be used with virtual host configurations. See also new Listen directive for more control over addresses bound to
  • <Host>: not valid. Implement non-IP virtual hosting using normal <VirtualHost> section and NameVirtualHost
  • <VirtualHost>: same, except Apache does not support the errorlevel argument (it effectively defaults to 'required'). <VirtualHost> can take multple hosts and IP addresses. <VirtualHost> is used to implement non-IP vhosts (see NCSA Host directive) when combined with NameVirtualHost. Almost all directives are valid within a <VirtualHost> section, so the NCSA <SRMOptions> section is not needed in Apache.
  • <SRMOptions>: not applicable. Apache does not distinguish between the three config files, so directives are valid in all. You can just remove the <SRMOptions> and </SRMOptions> lines.
  • ErrorLog: same, except Apache can log to a pipe (ErrorLog |program)
  • TransferLog: same. Apache can also log to a pipe (i.e. another process) with "TransferLog |program". Log file is in standard 'common log format'. No LogOptions Combined format to include user agent or referer information, howeve the log format can be set with LogFormat directive and multiple log files created with CustomLog
  • AgentLog: available if mod_log_agent compiled in. Syntax same, except Apache may log to a pipe, AgentLog |program.
  • RefererLog: available if mod_log_referer compiled in. Syntax same, except Apache may log to a pipe, RefererLog |program.
  • RefererIgnore: available if mod_log_referer compiled in. Syntax same.
  • PidFile: same
  • LogDirGroupWriteOK: not implemented.
  • LogDirOtherWriteOK: not implemented.
  • LogOptions: not valid in Apache. To specify formats, use the mod_log_config module and LogFormat instead. For separate agent and referer logs, use mod_log_agent and mod_log_referer modules.
  • KeepAlive: on Apache, argument is the maximum number of requests per connection. Use a value of 0 to disable keepalives.
  • KeepAliveTimeout: same syntax. If not given, Apache defaults to 15, NCSA 10
  • MaxKeepAliveRequests: not valid. Use KeepAlive instead, except a value of 0 in NCSA means stay alive forever, in Apache it disables keepalives completely
  • AssumeDigestSupport: not valid (but it doesn't do anything in NCSA anyway)
  • Annotation-Server: not valid

Directives valid in NCSA's Resouce Configuration file (srm.conf):

  • DocumentRoot: same
  • UserDir: same, except apache can also use a full-path with * to represent username (e.g. UserDir /home/*/public_html). Also Apache can redirect to a full URL.
  • AccessFileName: same
  • Redirect same (but the order that Alias and Redirects are applied may be different). Apache can only redirect to a full URL, not a relative URL.
  • RedirectPermanent: same, but "Redirect permanent" is prefered
  • RedirectTemp: same, but "Redirect temp" is prefered
  • Alias: same
  • ScriptAlias : same
  • AddType same, except Apache can have multiple extensions listed
  • AddEncoding same, except Apache can have multiple extensions listed
  • DefaultType: same
  • DirectoryIndex: same (Apache can use multiple names, as can HTTPd 1.5). Apache can list names as URLs relative to the server root.
  • FancyIndexing: same, but IndexOptions preferred
  • DefaultIcon: same
  • ReadmeName: same
  • HeaderName: same
  • AddDescription: same
  • AddIcon: same
  • AddIconByType: same
  • AddIconByEncoding: same
  • IndexIgnore: same
  • IndexOptions: same
  • ErrorDocument: same, except Apache can also output a static string with ErrorDocument "string, or redirect to a full URL. Apache passes on more REDIRECT_xxx env variables (all variables existing at time of the redirect are renamed REDIRECT_variable). But it does not pass on the error message in QUERY_STRING, or REDIRECT_REQUEST (use REDIRECT_URL instead). Apache can put ErrorDocument in .htaccess.

Directives valid in NCSA's Access configuration file (access.conf, or .htaccess files where allowed):

  • <Directory>: same
  • Options: same, except Apache also supports MultiViews option (for server-side content negotiation)
  • AllowOverride: same, except Apache does not use Redirect (use FileInfo instead to control Redirects in .htaccess file)
  • AuthName: same, except in Apache any realm name containing spaces must be enclosed in double quotes
  • AuthType: same (basic only) digest supported by optional mod_digest
  • AuthUserFile: same, except Apache does not support the second argument (standard, dbm or nis). Use AuthDBMUserFile instead for DBM format (1.2 will implement second arg to AuthUserFile). There are third party modules which implement NIS authentication.
  • AuthGroupFile: same differences as AuthUserFile.
  • AuthDigestFile same, if optional mod_digest compiled in
  • <Limit>: same. Note that in Apache, the directives valid inside <Limit> can also appear outisde, in which case they apply to all methods
  • order: same
  • deny: same (but see allow for note about partial comparisons)
  • allow: same, except Apache applies comparisons against full components only, eg bar.edu matchs x.bar.edu, but does not match x.foobar.edu.
  • require: same
  • referer: not valid in Apache. To restrict by referer, or any other request header, use third party module mod_rewrite (to be distributed in Apache 1.2)
  • satisfy: same
  • OnDeny: not valid. Can be implemented by specifying an ErrorDocument 401

Other changes:

  • The XBITHACK functionality is configurable at runtime with XBitHack directive
  • All configuration directives can be used in any of the config file
  • Apache does not set the SERVER_ROOT, REMOTE_GROUP or ANNOTATION_SERVER CGI variables

Comments or criticisms? Please email us at editors@apacheweek.com