A vulnerability in the Win32 and OS/2 ports of Apache 1.3 was
last month, involving requests with an extremely long string
of characters in the Request-URI. Such requests could crash
the server causing denial of service, but would not allow
unauthorised access to data. A fix was checked in this week
by William Rowe, who also proposed that 1.3.20 be released
soon. This vulnerability does not affect Apache running on
Talk of a new 1.3 release prompted some testing of the
current code and it was found that a change made since 1.3.19
had portability problems, which were quickly fixed by Jim
Jagielski. Some issues with the updated
ApacheBench utility were also uncovered.
The APR list has seen a large amount of traffic concerning
the "stackable memory system" which has been contributed to
APR by members of the Samba-TNG team. The code
was checked in, though some group members found the volume of
The most CVS activity seen recently came in a flurry of over
30 commits in two days, as Ralf Engelschall imported the
source to version 2.8.3 of mod_ssl into the Apache 2.0 CVS
tree and began the process of porting the code to Apache 2.0
Two Apache Software Foundation projects have been chosen as
finalists in the 2001
JavaWorld Editors' Choice Awards. Tomcat has been
nominated for the "Most Innovative Java Product", and
Xalan-Java has been selected for the "Best Java-XML
Technology". Winners will be announced in June this year.
Back in 1999, the JServ servlet engine won JavaWorld Readers'
Choice Awards "Best Free Product".
E-Soft have updated their
Apache Module report. This report gives a breakdown of
the popular add-on modules for Apache and gives the
percentage of Apache sites the module is found on. What makes
this report even more interesting is that for each module
there is a complete history of penetration rates spanning
nearly three years.
Meanwhile, their April 2001
secure web server survey found that Apache (and
Apache-based servers) still power over 60% of all secure
In this section we highlight some of the articles on the web
that are of interest to Apache users.
Information Security Magazine presents an article on
improving Apache and a
case study on companies that swear by (not at) Apache in
its April issue. It starts off by refuting the mindset that
running Apache guarantees security although it readily admits
that Apache deserves its reputation for being a secure Web
server. Then it provides the steps for installing Apache and
mod_ssl, securing the underlying Linux server,
and testing Web applications for vulnerabilities.
"Setting up Apache with mySQL, Frontpage 2000 Extensions, and
PHP NHF" is a Newbieized Help File (NHF) written
by Dallas Engelken for newbies to get Apache up and running
with Frontpage support in no time at all.
At first glance, it may seem pointless to generate dynamic
PDFs but John Coggeshall discovers that the PDF features of
PHP can be implemented in all sorts of ways to make Web sites
more efficient. Read about it in
"Creating PDF Files in PHP".