A configuration issue for users migrating from Apache 1.3 to 2.0
which even took the founder of the PHP project by surprise was the
change to PATH_INFO handling. In 1.3,
PATH_INFO is enabled by default, so a PHP script
/script.php will be invoked if a request is made to the
location /script.php/foo/bar, passing a
PATH_INFO of /foo/bar to the script. The
AcceptPathInfo directive was added in 2.0,
which currently must be explicitly enabled for PHP scripts, otherwise a 404
response will be returned. The developers discussed ways to allow the
PHP module to internally enable PATH_INFO support,
removing the need for AcceptPathInfo to be
configured in this case.
Another 1.3 to 2.0 migration issue arose this week and proved
somewhat controversial: the port number placed in the default
httpd.conf of a new Apache installation. In Apache 1.3,
the port number will be 80 if Apache is built by the root
user, and 8080 otherwise. This behaviour was dropped in 2.0, and the
default httpd.conf always uses port 80. For both
versions, the --with-port=num option can be passed
to ./configure, to override the logic and pick a specific
Three weeks ago we covered the
details of the Chunked encoding vulnerability. This vulnerability allows
a remote attacker to run arbitrary code on your server depending on your
This week, Robin Miller at Newsforge
that many Apache servers running FrontPage extensions may still be exposed
to this vulnerability because a FrontPage version that works with the
patched versions of Apache has yet to be released.
Users of Apache 1.2 through 1.3.23 who are for whatever reason not
able to upgrade to the latest release can still
protect themselves against this vulnerability by applying
a source code patch.
In this section we highlight some of the articles on the web that are of
interest to Apache users.
eWeek examines the question of where and how much open-source
software such as the Apache Web server should be deployed in the
enterprise. Before taking the plunge, IT managers should at least
"Open Source Gets IT Scrutiny"
looks at how two enterprises namely Visa International Inc. and
Edmunds.com Inc. evaluate open-source applications.
Linux Magazine reviews 9 useful Unix tools in
"9 Power Tools Are Enough".
This list includes
which enables you to easily compile Apache with third-party modules.
"Why Application Servers Crash and How to Avoid It"
uses queuing theory to analyse various circumstances that caused
web sites to crash. It also provides some guidelines for implementing
a robust web application system.
We received just under 600 entries to our recent competition,
although 2 of those were spam which goes to show how
quickly email address harvesting robots get to work on a site. The right
answer was of course "Gobbles".
Congratulations to the two lucky winners chosen at random;
Jyhming Tsai (New York) and Michael Moe (Missouri) - your books
are in the post.
Read the Apache Week
review of Professional Apache 2.0 and look out for
more book competitions and reviews coming soon