Apache Week
Issue 291, 12thApril2002:

Copyright 2020 Red Hat, Inc

In this issue

Apache 2.0 released

The first release of Apache 2.0 happened last week. Read our special feature all about the history of development on Apache 2.0, the release schedules, and some features to help you use this new release

There have been a number of press articles in the last week about this release. Firstly CNN.com take a look at the new version and quote Dan Kusnetzky of research company IDC:

"From what I'm hearing, the performance improvements are significant".
Although they later seem to get confused about multitasking:
"With the prior version of Apache, the server typically wasn't able to do several tasks at once."

The CNN story is also at InfoWorld. Other stories are available from CNet, internet.com, ZDNet, and vnunet.com. Finally, read some comments from the public in a Slashdot article.

Under development

Traffic on the developer list trebled over the last week as the 2.0.34 release was abandoned in favour of 2.0.35, after fixes for problems with mod_autoindex and in content-type handling were checked in. In a move which came as a surprise to some, a vote was then cast on making 2.0.35 the recommended stable Apache httpd server, and was quickly passed.

The usual routine of testing the code on the live server at apache.org before making the public release announcement was skipped for 2.0.35. Once live testing did begin, problems were quickly found with segfaults caused by GET requests including a Range header, and APR's mmap handling.

The default MPM in 2.0 for Unix systems is currently prefork, which implements the processing model used in 1.3. Of the two thread-based processing modules in 2.0, worker and perchild, worker is generally considered to be more stable; but a serious problem found was found in testing this week where the worker MPM becomes unresponsive under high load. Several solutions have been proposed, and performance guru Brian Pane checked-in a new experimental MPM based on worker, but using a "leader/follower" design. The current worker MPM uses a dedicated thread to listen for new connections, which are then passed off to other threads for processing. In the new leader MPM, the job of listening for connections rotates between threads, with an idle thread being awakened each time the current listener thread accepts a new connection.

Featured articles

In this section we highlight some of the articles on the web that are of interest to Apache users.

This security checklist for the Apache web server is prepared by InterSect Alliance and aims to guide experienced system administrators in configuring their web server and underlying platform to be as secure as required by their existing security plan. Some of the areas it covers are Apache's configuration, user identification and authentication, encryption, access control, and auditing.

The Developer Shed concludes its two-part "Error Handling In PHP" article by showing you real-world examples of how to write custom handlers to handle errors triggered by your own code. It also demonstrates how to roll back the error handler, log errors to a file or as an email message, and use PHP's output-buffering functions.

"Fingerprinting Port80 Attacks: Part Two" takes a further look into web server attack signatures. Other than providing additional common and advanced patterns, it includes a few examples on cross site scripting and headers exploitation, and touches on error codes and logging too. As before, it is not meant to be an exhaustive list of port 80 exploits but hopefully it will help you identify more attack patterns in your logs, and add more rules to your Intrusion Detection Systems (IDS). For those who missed the first installment, you may refer to it here.

"Apache SOAP type mapping, Part 2" continues where it left off by teaching you how to write your own serialisation and deserialisation when there isn't one to your liking in the Apache SOAP toolkit. An example application which implements schema-constrained SOAP is also presented.

O'Reilly Open Source Convention 2002

San Diego, California plays host to this key conference between July 22nd and 26th, and brings together the leaders of all the critical open source technologies - including Apache - to give you an inside look at how to configure, optimise, code, and manage them.

This years event looks pretty exciting for Apache users as it includes a whole conference dedicated to PHP (including a look at PHP 4.1 and Beyond), a track on Apache 2.0, and a key presentation "Open Source and Java: Lessons from the Apache Experience"

Register now, or find out more at at the conference web site. Read our in depth account of the 2001 Convention.

Apache Week giveaway

Last week we reviewed the "mod_perl Developer's Cookbook". If reading the sample chapters available at its companion website has whetted your appetite, you may be interested to read this additional excerpt - "Chapter 4: Communicating with the Apache Server" provided by WebReference.com.

We have three copies of the "mod_perl Developer's Cookbook" to give away to lucky readers, thanks to the authors. For a chance to get your hands on a copy of this book, answer this simple question:

Which ingredient are you most likely to find in Chili Con Carne?
A) Beef B) Vodka C) Chocolate

Send your answer (A, B, or C) to moo@apacheweek.com to reach us no later than 16th April 2002. Your e-mail address will not be used for anything other than to let you know if you won. Three winners will be drawn at random from all correct entries submitted, we disqualify people who make more than one entry, no cash alternative, void where prohibited, editors' decision is final.

This issue brought to you by: Mark J Cox, Joe Orton, Min Min Tsan