A new module, mod_log_forensic, was
committed to both the 2.1 development tree and the 1.3 tree by
Ben Laurie over the New Year.
The module writes each request (including headers) to a log file
before request processing begins, including a unique request ID.
After request processing is completed, the unique ID is again
logged to the log file. If a security issue is exploited on a
server running mod_log_forensic, crashing a
child process, the log can then be used to discover exactly what
request was used in the exploit, allowing further
There has been some discussion about a security fix committed
last month; the patch for CAN-2003-0020 ensures that
any unsafe characters are escaped before being written to the
error log. This prevents attackers from being able to create
fake log entries and also prevents the error log being used for
exploits of escape sequence processing bugs in terminal
emulators. However, some users are used to being able to log
multi-line error messages from modules or CGI scripts: such
messages now get the newline character escaped. A compile-time
option has been proposed to disable the error log escaping as
In this section we highlight some of the articles on the web
that are of interest to Apache users.
Rich Bowen shares his dislike for the word 'virtual' in day two of
Day in the Life of #Apache". This article looks at some of the
problems users have dealing with the configuration of virtual
The Mercury News talks to
Brian Behlendorf in their article "Luminary
in open-source movement developed the Apache Web server"
Patching Open Source?" asks Enterprise Linux IT. The answer of course
depends on what the software is, and the article looks
at the differences between support and security updates in closed source
and open source software.
Congratulations to the four lucky winners of our last book
competition. Amongst the winners were Simon Boase (UK), Erik Abele
(Germany), and Michael Zaleski (USA) - your books are in the post.
We were pretty impressed with this O'Reilly book.
Read the Apache Week review of
and look out for
more book competitions and reviews of Apache related books coming soon.