Apache Week
   
   Issue 237, 2nd March 2001:  

Copyright 1996-2005
Red Hat, Inc.

In this issue


Under Development

Apache 1.3.19 was released on Wednesday. 1.3.19 looks set to be the best Apache 1.3 release in a long while: no known problems with mod_rewrite, and a high quality byteranges implementation.

The longest thread this week on new-httpd was started by Greg Stein who discovered that a recent change to mod_dir had stopped Microsoft Web Folders from being able to open a WebDAV folder in Apache 2.0. It emerged that Web Folders is buggy, and removes a trailing '/' character from the folder name, against a recommendation made in the WebDAV specification, RFC 2518. A long discussion ensued around whether Apache should only accept the correct behaviour; eventually it was decided that Apache should follow the IETF adage "be strict in what you send, and lenient in what you accept", and a fix was committed.

The issue of how to support the old Apache 1.3-style "ap_r*" interface in Apache 2.0 has again reared its head. Two implementations have been presented, but since technical discussion failed to decide which to use, Ryan Bloom has asked for the group to take a vote.

Work on the build system continued in APR although some changes ended up being backed out due to portability problems. Cliff Woolley has been given commit priviledges, and has been spending time cleaning up the bucket brigades API.


Apache 1.3.19 Released

Apache 1.3.19 was released on 28th February 2001 and is now the latest version of the Apache server. The previous release was 1.3.14, released on the 26th Jnauary 2001. See what was new in Apache 1.3.17.

Apache 1.3.19 is available in source form for compiling on Unix or Windows, for download from the main Apache site or shortly from any mirror download site.

This is a bug fix and minor upgrade release, with a few new features. Users should upgrade if they have noticed particular bugs mentioned below or would like to use any of the new features.

Due to security issues, any sites using versions prior to Apache 1.3.14 should upgrade as soon as possible.

Security vulnerabilities

  • The default installation can lead mod_negotiation and mod_dir or mod_autoindex to display a directory listing instead of the multiview index.html file if a very long path was created artificially by using many slashes. Now 403 (Forbidden) is returned and the request will be logged as a "Possible DoS attempt"

New features

The main new features in 1.3.19 (compared to 1.3.17) are:

  • Apache will now get the correct IP address if ServerName is not set and Apache cannot find a fully-qualified domain name at startup.
  • A minor speed improvement has been made to mod_proxy by ordering the checks for NoProxy and ProxyBlock
  • New configuration error reporting if UserDir is set to a relative path on Win32 or Netware (which do not support home directories), or a relative path on any platform if that path includes the '*' username substitution

Selected new features that relate to Windows platforms:

  • Apache now ensures the service is stopped before it is removed
  • System shutdown on Windows 2000 now gives modules a limited amount of time to clean up and shut down
  • Testing httpd.conf files (with -t) now holds the console open if the test passes
  • Apache no longer holds open the console on error unless it was invoked from a shortcut with the -w option.
  • mod_user was significantly refactored to assure that the UserDir directive is parsed effectively the same across platforms, fixing a UserDir bug introduced in 1.3.17

Selected new features relating to other platforms:

  • NetWare now recognizes the SERVER/VOLUME:/PATH/FILE filename pattern
  • NetWare mod_tls properly disables nagle for SSL connections, and properly negotiates SSL based on the port
  • Startup and Shutdown issues were addressed on TPF
  • Cleanups to the OpenBSD configuration

Bugs fixed

The following bugs were found in Apache 1.3.17 and have been fixed in Apache 1.3.19

  • Restore functionality broken by the mod_rewrite security fix: The mod_rewrite string arithmetic is corrected for rewrite map
  • Netware had problems with file extensions being truncated
  • Fixes to some Win32 build issues related to include directories
  • A potential bug has been fixed that had the possibility of corrupting a module's string space
  • Relative paths have been corrected on Win32 and NetWare by eliminating trailing slashs in the -d serverroot argument and ServerRoot directive. The server root may now be relative to the location of the Apache.exe file
  • Under certain circumstances, Apache did not supply the right response headers when requiring authentication. PR#7114

Poised to be the largest gathering of Apache users to date, ApacheCon 2001 is being held in Santa Clara, USA in April. Registration at the ApacheCon site is now open and if you register for the conference in the next week you can save up to US$200 off the entry fee.


Featured articles

In this section we highlight some of the articles on the web that are of interest to Apache users.

In Apache Today, "Improving mod_perl Driven Site's Performance Part VI" is haunted by zombie and ghost. Of course Stas is referring to "orphan" processes as he explains in technical terms why it is bad to fork subprocessess from mod_perl.

Check out the new kid in town! It is the debut of Moto, - a new Apache-only server side programming language. Moto pages can be compiled into an Apache module and once you have done that, you can discard Moto as you do not need it to run the module. That is, if your web content is everlasting and you don't mind the GPL license.

John Lim presents his compilation of 22 tips on "Tuning Apache and PHP for Speed on Unix" in PHP Everywhere. The tips can even be applied to Perl and Python too.


Apache Week giveaway

Thanks to the hundreds of you who entered the competition to win the book "mod_perl Pocket Reference", and congratulations to the eight lucky winners; Trix Farrar, Jared Armstong, Arin Komins, and Randy Rowe in the USA, Simon Strack in Australia, Kevin Quick and David Evans-Roberts in England, and Peter Seitz in Germany.

We asked who originally created the Perl scripting language; the correct answer was of course Larry Wall. Six readers believed it was written by Richard Stallman, but the clue was that it isn't called GNU/Perl. Don't worry if you didn't win, we'll have more competitions to win useful Apache goodies soon.

Read the Apache Week review of mod_perl Pocket Reference.


Comments or criticisms? Please email us at editors@apacheweek.com