After extensive testing, the Apache 2.0.32 tarball released last
week was upgraded from being an alpha to a beta release.
A total of one hundred and thirty changes have been recorded since the
last beta release in November 2001, of which according to our
calculations: 34 are bug fixes, 27 are portability fixes, and 17 are
stability fixes; 10 new features are added, and 5 performance
improvements (notably in mod_ssl and
mod_include) have been made. The features added are:
- a ProxyTimeout directive
- FTP directory listing improvements for mod_proxy,
as covered in previous
- a ProxyPreserveHost directive for passing the Host: header
through unchanged from the client
- the worker MPM can use an unserialised accept() when a single listening
port is configured
- the ProxyPass directive may be passed a "!" rather than a
URL to disable the reverse proxy for a particular location
- the experimental mod_cache module can cache sub-requests
- the FileETag directive was added as covered in
- a ForceLanguagePriority directive added to
mod_negotiation, to prevent possible error responses with some
uses of Multiviews.
- the mod_auth_dbm and the accompanying
htdbm tool now support many different database
formats (depending on which database libraries are installed)
- the mod_deflate module has been added,
adding experimental support for compressing content on-the-fly to
browsers which accept compressed content
A discussion took place this week concerning how to
determine exactly which browsers it is appropriate for
mod_deflate to send compressed content to: the
current module only allows text/html content to be
compressed; but some people using specific clients found it useful to
compress all content regardless of content-type.
SearchWebManagement.com has an archived webcast from Michael Scheidell
on Migrating from IIS. The talk looks at who should consider migrating and
the implications for application development, developer tools, downtime, costs,
and performance. Michael talks about using Apache as one migration path, but
also covers some of the commercial alternatives.
Various sites this week have been reporting on a battle between the
Apache Software Foundation and Sun over Java licensing.
vnu.net report "Apache on
warpath over Java licence" based on comments in the official
JSPA position statement. Opinions can also be found
The Apache XML Project have released the first stable
version of their XML Security project,
implementing Canonical XML and XML Signature.
XMLhack reports that
source distributions as well as binary distributions
with Java example code are available.
In this section we highlight some of the articles on the web that are of
interest to Apache users.
"Apache: Handling Traffic"
takes a high-level look at the various software and hardware solutions
for providing a high-availability website. The methods discussed, from
upgrading existing hardware to implementing load-balancing with
fail-over mechanisms, can be applied to any Web server on any platform.
It also touches on the pros and cons of replicating the content
of a Web site across multiple local hard drives versus using
"Network Attached Storage" (NAS).
Paul Lindner introduces Apache::TaintRequest in
"Preventing Cross-site Scripting Attacks"
and begins with an explanation of how this type of attack works.
To solve this problem, we must always perform input validation, or
ensure that input data is escaped before being displayed.
He then shows us how to use this new mod_perl
module to automate the tedious task of typing the same code
over and over again to escape HTML data.
"Build and run your own business Web server, part 1"
Carla Schroder examines the various options in hosting a website.
of this series of business articles guides us through the basic steps
of setting up Apache on Linux to host our own website. As the
author put it, this second article is webmaster preschool so
it only covers simple administration tasks.