In this issue
The first release of Apache 2.0 happened last week.
Read our special feature all about
the history of development on Apache 2.0, the release
schedules, and some features to help you use
this new release
There have been a number of press articles in the last week about
this release. Firstly
take a look at the new version and quote Dan Kusnetzky of research company
"From what I'm hearing, the performance improvements are significant".
Although they later seem to get confused about multitasking:
"With the prior version of Apache, the server typically wasn't able to
do several tasks at once."
The CNN story is also at
Other stories are available from
Finally, read some comments from the public in a
Traffic on the developer list trebled over the last week as the
2.0.34 release was abandoned in favour of 2.0.35, after fixes for
problems with mod_autoindex and in content-type
handling were checked in. In a move which came as a surprise to some,
a vote was then cast on making 2.0.35 the recommended stable Apache
httpd server, and was quickly passed.
The usual routine of testing the code on the live server at
apache.org before making the public release announcement was skipped
for 2.0.35. Once live testing did begin, problems were quickly
found with segfaults caused by GET requests including a
Range header, and APR's mmap handling.
The default MPM in 2.0 for Unix systems is currently
prefork, which implements the processing model used in 1.3. Of
the two thread-based processing modules in 2.0, worker and perchild,
worker is generally considered to be more stable; but a serious
problem found was found in testing this week where the worker
MPM becomes unresponsive under high load. Several solutions have been
proposed, and performance guru Brian Pane checked-in a new
experimental MPM based on worker, but using a "leader/follower"
design. The current worker MPM uses a dedicated thread to
listen for new connections, which are then passed off to other threads
for processing. In the new leader MPM, the job of listening
for connections rotates between threads, with an idle thread being
awakened each time the current listener thread accepts a new
In this section we highlight some of the articles on the web that are of
interest to Apache users.
security checklist for the Apache web server
is prepared by InterSect Alliance and aims to guide experienced system
administrators in configuring their web server and underlying platform
to be as secure as required by their existing security plan. Some of the
areas it covers are Apache's configuration, user identification and
authentication, encryption, access control, and auditing.
The Developer Shed concludes its two-part
"Error Handling In PHP"
article by showing you real-world examples of how to write custom
handlers to handle errors triggered by your own code. It also
demonstrates how to roll back the error handler, log errors to a file
or as an email message, and use PHP's output-buffering functions.
"Fingerprinting Port80 Attacks: Part Two"
takes a further look into web server attack signatures. Other than
providing additional common and advanced patterns, it includes a
few examples on cross site scripting and headers exploitation, and
touches on error codes and logging too. As before, it is not meant to
be an exhaustive list of port 80 exploits but hopefully it will help you
identify more attack patterns in your logs, and add more rules to
your Intrusion Detection Systems (IDS). For those who missed the
first installment, you may refer to it
"Apache SOAP type mapping, Part 2"
continues where it left off by teaching you how to write your own serialisation
and deserialisation when there isn't one to your liking in the Apache SOAP
toolkit. An example application which implements schema-constrained
SOAP is also presented.
San Diego, California plays host to this key conference
between July 22nd and 26th, and brings together the leaders
of all the critical open source technologies - including
Apache - to give you an inside look at how to configure,
optimise, code, and manage them.
This years event looks pretty exciting for Apache users
as it includes a whole conference dedicated to PHP (including
a look at PHP 4.1 and Beyond), a track on Apache 2.0,
and a key presentation
"Open Source and Java: Lessons from the Apache Experience"
Register now, or find out more at at the conference web
site. Read our in depth account of the
the "mod_perl Developer's Cookbook". If reading the
available at its companion website has whetted your appetite, you
may be interested to read this additional excerpt -
"Chapter 4: Communicating with the Apache Server"
provided by WebReference.com.
We have three copies of the "mod_perl Developer's Cookbook"
to give away to lucky readers, thanks to the authors.
For a chance to get your hands on a copy of this book, answer
this simple question:
Which ingredient are you most likely to find in
Chili Con Carne?
Send your answer (A, B, or C) to firstname.lastname@example.org to
reach us no later than 16th April 2002.
Your e-mail address
will not be used for anything other than to let you know if
you won. Three winners will be drawn at random
from all correct entries
submitted, we disqualify people who make more than one entry,
no cash alternative, void where prohibited,
editors' decision is final.