In this issue
Apache Site: www.apache.org
Release: 1.3.9 (Released 20th August 1999)
Apache 1.3.9 is the current stable release. Users of Apache
1.3.6 and earlier on Unix systems should upgrade to this
version. Users of Apache on Windows can now upgrade to Apache
1.3.9 avoiding the previous problems with Apache 1.3.6. Read
to 1.3.9 for information about changes between 1.3.6 and
Most bugs listed below include a link to the entry in the
Apache bug database where the problem is being tracked. These
entries are called "PR"s (Problem Reports). Some bugs do not
correspond to problem reports if they are found by
Bugs in 1.3.9
A large number of patches have been made to the 1.3.9 code
over the last couple of weeks in preparation for a 1.3.10
release within the next month.
A security problem can occur for sites using mass
name-based virtual hosting (using the new
mod_vhost_alias module or with special
mod_rewrite rules). Sites making use of this
functionality should upgrade to Apache 1.3.10 as soon as
The UseCanonicalName directive did not work in
1.3.10 release planned
The next release of Apache will be version 1.3.10. A schedule
has been put in place to aim for a public release around the
14th of January 2000. This date is subject to change if
problems are found during the code freeze next week. Apache
1.3.10 fixes a number of minor bugs present in Apache 1.3.9
and also adds a few minor features.
Patches for bugs in Apache 1.3.9 will be made available in
the apply_to_1.3.9 subdirectory of the patches
directory on the Apache site. Some new features and other
unofficial patches are available in the 1.3
patches directory. For details of all previously reported
bugs, see the Apache bug
database and known
bugs pages. Many common configuration questions are
answered in the Apache FAQ.
Updates for 1.3.10
A number of small feature additions have been made which will
appear in Apache 1.3.10 when it is released.
Obtaining a list of compiled-in modules using the
-l flag will now include the status of suexec
even though suexec isn't a real module.
A file layout for the BSDI distribution of Apache has been
The directory indexing module, mod_autoindex
has been updated so that the automatic header and readme
files can be server parsed and correctly use the standard
The Apache group have been working on Apache 2.0 for over a
year. In September we published a Apache 2.0
preview and stated that a beta version should be
available in late 1999 or early 2000. It is now likely that a
public beta release will be made available within the next
few months, although it will still be some time before 2.0 is
a full stable relase. Previous experience has shown it can
take nearly a year after a release before a large proportion
of sites upgrade.
This situation causes a dilema for programmers working on
Apache. New features should only be added into Apache 2.0;
but with such a long lead time this has caused frustration.
Some minor feature additions have been added to Apache 1.3
but there are a number of larger patches that have not yet
been accepted. In particular patches for 1.3 exist to support
IPv6, a mechanism to allow modules to hook into Apache called
EAPI, and performance patches from SGI. It is not currently
known if any of these will be included in a future release of
1.3, or if they will have to wait until 2.0.
EAPI is one solution for modules that need to take more
control of Apache than the current Apache API allows. EAPI
allows modules to hook into Apache with a loose coupling so
DSO support is unaffected. Many modules can make use of such
a mechanism. The first was the third-party SSL module,
mod_ssl, which uses EAPI to integrate into
Apache cleanly. With so many sites already patching in EAPI
to their 1.3 servers it would be sensible to include EAPI in
a future 1.3 release, but this would make it incompatible
with Apache 2.0 which already contains a different hook
In issue 166 (July 1999)
we reported that patches designed to improve the performance
of Apache when measured by the SPECweb96 benchmark had been
submitted. These patches are optimised for the SGI Irix
platform where they gave up to a ten-fold increase in speed.
It has been decided that these patches will not be included
in Apache 1.3 but they may be included in Apache 2.0. Users
of Apache 1.3 who are interested in trying out the
improvements can download the patches direct from
The second official Apache conference, ApacheCon 2000, takes
place March 8th-10th 2000 in Orlando, Florida. Apache Week is
a sponsor of ApacheCon 2000 and will keep you updated on
conference news between now and March.
You can now register on-line for ApacheCon 2000 using a
credit card and a secure web browser. By registering for the
conference early, ApacheCon are offering a discount of US$225
off the full conference price.
Keynote speakers selected
Keynote speakers have been selected for ApacheCon this week
and include: Brian Behlendorf, president of the Apache
Software Foundation, George Paolini, from Sun Microsystems,
and Alfred Z. Spector, Senior Technical Strategist from IBM.
More details of their talks are
Each month we report on the new figures from the Netcraft and E-Soft surveys of public
web sites. The December 1999 surveys show little change in
the market share, with Netcraft finding Apache-based servers
at 59% of the market and E-Soft reporting 55%. There is also
little change in the secure server space, with E-Soft finding
Apache-based servers accounting for over 66% of the market.
The E-Soft survey also contains a look at the most popular
Apache modules currently in use, finding that PHP is now installed on nearly
a quarter of all Apache servers, with Perl on just over 6%.
They also find that only two-thirds of Apache sites are
running a 1.3 release.