In this issue
1.0.5 is the current stable public release. The beta test
version, 1.1b, is now at version 3, with a release version of
1.1 due very soon.
The last beta of Apache 1.1 was released this week. A number
of bug fixes and other changes have been made since 1.1b2.
The cgi-bin and cgi-src
directories have been removed as the Apache group could no
longer support them.
Multiple Set-Cookie directives now work. As
reported in last week's Apache Week,
Netscape and other Cookie supporting browsers were unable
to handle Apache merging multiple Set-Cookie lines output
by CGI programs.
The problems with relative imagemaps were fixed and
extensively tested. Other internal imagemapp changes were
made to allow the any two opposing corners in any order to
specify a rectangle area and to fix a potential infinite
The new "info" module was included. This module outputs
details of how Apache has been configured and what modules
have been compiled in.
Various fixes detailed in last week's
Apache Week including the virtual host ServerPatch, the
content negotiation wildcard fix and a number of new Mime
The default configuration file was tidied, rearranging the
ordering of the optional modules, and providing clearer
explanations as to the functionality of each module.
Numerous mod_proxy bugs fixed
Anonymous authentication module improvements,
New htdigest utility included for use with digest
MSQL authentication module improvements,
Status module now tables based,
CGI early-termination bug,
Keepalives not working with virtual hosts fixed
RefererIgnore problems fixed
Core dumps on Linux and elsewhere caused by closing file
descriptors twice fixed.
Handling of Netscape-SSL style "CONNECT" proxy requests,
based on the
Netscape SSL Tunneling document
Several new features added to the Apache API to aid module
developers. rprintf(), rputs(), pstrndup(), table_unset()
Several new bugs have been noticed and fixed in preparation
for a 1.1 release.
New code in the proxy module added to 1.1b3 fails to
compile on a number of platforms that don't have a
inet_aton() library function. Fixed for 1.1
Invalid Meta* lines
The configuration file, srm.conf-dist,
contained configuration lines for the CERN metafile module.
This module is no longer compiled in by default, so the
Meta* lines need to be removed. Fixed for 1.1.
Virtual Hosts and Listens
There were a number of bug reports concering the
interaction between the Listen directives and the Host:
header handling. The Host-header checking code was assuming
that all the virtual hosts were on the same port as the
main server, which isn't neccessarily true anymore since
<VirtualHost host:port> is valid. A patch is being
A second problem occured when the server listens to
multiple ports (using the httpd.conf 'Listen
<port>' directive). Sending a SIGHUP to the main
server did not reclaim all the child processes. This is
fixed in 1.1
The status module has been patched to provide a
difftime() function that was missing on SunOS 4.
The internal memory allocation system for Apache does
not currently check to make sure that memory was
More Merged Header Problems
There have been problems recently with the Netscape browser
that will not accept multiple Set-Cookie headers from a CGI
program that had been legally merged. The way Apache
handles headers may need to be changed in the future as
there are headers that should not be merged.
Headers can be classed as those that can be merged (the
default), those that must be duplicated (at the moment
only the Set-Cookie header due to the Netscape bug) and
those that should only be ever output once (such as
Expires, Last-Modified and many more).
Log Rotation and SIGHUPs
Currently if you want to have the server rotate its
logfiles and start logging somewhere else you send it a
HUP. This has the effect of also killing whatever transfers
are currently in progress. For most sites this only occurs
when they rotate their logs once a week and can be ignored.
Sites with large multimedia files are more worried about
the problem as users may be part of the way through a huge
Currently on receipt of a SIGHUP all the children
processes exit immediately. What they could do is finish
whatever request they are working on, and then die. But
this solution has its own problems; until every request
currently in progress has completed no new Web pages can
be served. A solution is to make all the logging
information sent to a separate process. This would also
solve the problem of systems running out of file
descriptors when they are set up for a large number of
Apache already has a mechanism for doing this, using the
"|" prefix for the log filename allows logging to be sent
to a separate process. A sample program,
rotatelogs.c is distributed in the
support directory of Apache as an example.
New Postgres95 module
A new version of the
Apache module for Postgres95 user authentication was
released including documentation and maintenance scripts.