Apache 1.1 implements a lot of new
features, and some changes to existing features. This is
a short summary. For more details, see the Apache Week
special Guide to 1.1.
Apache 1.1 implements persistent connections using
Keep-Alives. It can handle virtual hosts without using
additional IP addresses. The main server can listen to
specified IP addresses and/or ports, and it can listen to
more than one at once.
New modules provide details of the current configuration and
the server's running status. Other new modules implement a
means of passing environment variables to CGI programs,
permitting 'anonymous' access to authenticated areas, and the
use of more secure 'digest' authentication.
Internally, Apache now implements 'handlers' as a means of
identifying processing to be applied to requests, which was
previously done by using special 'magic' mime-types. CGI
programs can now be called for particular extensions (mime
types) or for a given request method (e.g. to implement a PUT
An initial proxy cache module is included, but the code
hasn't been as fully tested as other parts of the server, so
might still be a little unstable. The imagemap module has
been overhauled, providing new directives and functionality.
It is now possible to turn off resolving hostnames at run
time, and to use ErrorDocument and Redirect in .htaccess
Apache 1.1 is mostly a drop-in replacement for older
versions. However there are some small changes over 1.0.*,
which are listed here.
Upgrading to 1.1 is mostly a case of download the new server
(either binary or source followed by compilation) and
replacing the old binary. Then the new features can be tried
and used. The following is a list of changes to existing
functions that might affect a site.
The <Limit> directive now applies only to methods
explicitly listed. Previously it applied to all methods.
Any sites relying on this unexpected effect might need to
update their configurations. For example, the directive
<Limit POST> used to limit GETs as well. If
the intention is to limit GETs, it will need updating to
<Limit GET POST>.
In an effort to make .htpasswd files more secure, the
AuthUserFile directive should now be given a full path
file. Previously a filename could be given, should was
assume to reside in the current directory. Since this is
below the document root, it meant that the .htpasswd file
itself could be retrieved by anyone.
XBitHack behavour now only applies to files on type
text/html. Previously files on any type would be parsed for
includes, including binary files. This prevents this
happening, but might affect unusual sites which use
includes in files other than text/html.
The imagemap cgi-bin program is no longer distributed. The
built-in imagemap module should be used instead.
The record of child processes (the scoreboard) is
no longer stored in a file on most systems. On systems
which implement shared memory, the scoreboard is now kept
in memory, which should result in better performance. This
means that the httpd_monitor program has nothing to
monitor, and should not be used. Some systems cannot use
shared memory, so these will continue to use a scoreboard
Despite the beta testing, a couple of bugs managed to crawl
into the release. With software as complex as the Apache
server, this should not be a big surpise, and no doubt others
will be found. Expect a bug fix release in the near future.
Redirect in .htaccess problems
Using the Redirect directive in .htaccess files
does not work properly. Using Redirect in the server
configuration files works fine, so this will only affect
people making use of the new ability to put Redirects into
.htaccess files. Because of the bug, this should not be
Cookies log format
The user tracking module, mod_cookies, can output
incorrect log lines.
In Issue 20 we
reported on a possible problem with Keep-Alives. We got the
problem back-to-front. It should have read
... "This seems to be due to keepalives,
where the server closes the connection and the client does
not notice" ...