Apache Week
   
   Issue 35, 4th October 1996:  

Copyright 1996-2005
Red Hat, Inc.

In this issue


Apache Status

Release: 1.1.1
Beta: None

Bugs fixed in next release:
  • Running Apache with the -v flag exits with a status value of 1. In the next release it will exit with a 0 status.
  • Status module output format has been tidied

Apache is being prepared for a public beta release. While there is currently no date set for the release, the development work has slowed down to allow the internal testing of a stable version.

The following items are under development and may be included in the next release of Apache. See our Apache 1.2 Sneak Preview for other new features in the next release.

FastCGI

The Apache module which implements FastCGI, a faster replacement for CGI, will be included in the next Apache distribution.


Apache Still Leading in Server Survey

The October Netcraft Server Survey shows that the trend of the last couple of months is continuing, with Apache and Microsoft growing, and NCSA and Netscape losing market share. Apache is now used on 38% of servers surveyed.


The two most popular Web servers according to the Netcraft Survey are Apache and NCSA HTTPd. Both servers are widely used, although according to the server survey Apache is used on over twice as many sites as NCSA, and the market share of NCSA is dropping while Apache's is growing. This feature is designed to explain the differences between NCSA HTTPd and Apache, so that users of either server can decide if the other meets their requirements better. We then look in detail at the directives changed between NCSA and Apache, which can be used by existing NCSA users if they decide to convert to Apache. Or it can also act as a guide to converting the other way.

NCSA version 1.3 was the base for Apache development. Initially, Apache was a drop-in replacement for the NCSA HTTPd, however as both have developed there are now some differences between the two servers. Since then, much of Apache's code has been considerably rewritten, in particular to allow the functionality to be extended with modules. This feature explains how the current versions of Apache and NCSA HTTPd differ, what features Apache adds, and those it lacks. This is followed by a detailed list changes between NCSA and Apache. The versions used for the comparison are Apache 1.1.1 and NCSA HTTPd 1.5.2.

Apache Features

Perhaps the most important difference between Apache and NCSA is that Apache is extensible via a programming API. The means that the functionality of Apache can be extended almost arbitrarily, via modules. The list of Apache features given here concentrates on the functions provided by the server in its default configuration, or with the addition of modules distributed as part of Apache. However there are a lot of additional modules which can be added to perform specific tasks. See our feature on additional modules for an idea of the extensibility of Apache. Unless stated otherwise, the features listed in this section are available with the default server configuration. If the module is marked as optional, then it is part of the official Apache distribution, but not compiled in by default. If a module is described as third party then it is not part of the Apache distribution.

Leaving aside the third-party modules, the main features that Apache supports and NCSA does not are:

  • Additional authentication options: anonymous, from a Berkeley DB file, from an mSQL or Postgres95 database
  • All directives can appear in any of the configuration files
  • An experimental proxy-cache (much improved in 1.2)
  • Call a CGI program when file of particular mime type is accessed, with Action directive
  • Configurable logging format (with LogFormat in optional mod_log_config module)
  • Create a user clickstream log (optional mod_cookies module)
  • Customise CGI environment variables (optional mod_env module)
  • Dynamic module loading (optional mod_dld module)
  • Imagemap extensions - internal support (like NCSA 1.5) with additional directives (ImapMenu, ImapBase, ImapDefault)
  • Info module which displays the compiled in modules and current configuration
  • Listen on selected addresses and ports (Listen directive)
  • Pipe any log file to another process, instead of writing to a file
  • Restrict access by URL with <Location> sections, which compliments <Directory>
  • Server pool tuning with MaxSpareServers and MinSpareServers
  • Server-based content negotiation, based either on a file listing the variants, or automatically generated from file extensions
  • Set actions for files with particular extensions (SetHandler and AddHandler directives)
  • Set mime type for all files in directory with ForceType directive
  • Status module to see the status of the child processes and what request they are currently servicing
  • Turn DNS lookups on/off at run time (HostnameLookups directive)
  • USER_NAME environment variable set when SSI execs a CGI, giving owner of SSI file
  • Use CERN format 'metafiles' to add header info to response (optional mod_cern_meta module)
  • <VirtualHost> sections can contain almost any configuration directive, with no need for <SRMOptions> sections
The next release of Apache will add a number of major new features, see our Apache 1.2 Sneak Preview feature.

NCSA Features

Apache does not implement these features:

  • Kerberos
  • Parsing output of CGI for SSI directives
  • Satisfy directive to allow access based on client hostname or a username and password
  • Authentication against NIS usernames and passwords (although there are third party modules which do this)

Changes

Some features that are available in both NCSA and Apache are implemented differently in the servers. The detailed list of changed directives, below, gives more information. This is a summary of the main changes.

  • .htaccess files restricting by host
    .htaccess files written using the examples on the NCSA site which restrict by host, not by user, may not work with Apache. The examples to restrict by host also include the AuthName and AuthType directives, which are only used in user authentication. The fix is to remove any of these commands from .htaccess files which only restrict by hostname (any AuthUserFile and AuthGroupFile directives should also be removed).
  • DBM User and Group Files
    Apache supports DBM user and group files for authentication if the optional DBM module is used (mod_auth_dbm). This is configured by different directives, unlike NCSA which uses the same directives with a second argument to specify DBM format. (Apache 1.2 will also allow use of the same directive syntax as NCSA)
  • Digest Support
    Digest authentication can be added to Apache with the optional digest module (mod_digest).
  • FastCGI support
    This is available for Apache with an third party module (from the fastCGI site). (It will be an optional module in Apache 1.2).
  • Non-IP Virtual Hosts
    In Apache, these are implemented using the normal <VirtualHost> sections. The name to respond to is given in the <VirtualHost> directive or on a ServerAlias directive. Apache does not implement <Host>.
  • Log Files
    Apache logs to the transfer log in the standard common log format. It does not support the LogOptions directive to build user agent and referrer information into the log file. However, the log format can be completely customised with the optional configurable log module (mod_log_config), and separate agent and referer logs created with optional modules (mod_log_agent and mod_log_referer). In 1.2, the config log module will be the default, and it will support multiple log files each with a customisable format.
  • KeepAlive
    The directives to support keepalive (persistent connections) use a different syntax.
  • Server Pool
    Both Apache and NCSA 'pre-fork' a pool of servers to handle requests. However, in Apache the main (parent) process does not handle any part of the request. In NCSA, the parent process receives each request then hands it to a suitable child. In Apache, a pool of 'spare' servers is maintained, and the number of servers is configurable.
  • XBITHACK
    This is a runtime directive in Apache.

Directive Changes

This section lists all the directives that NCSA supports. For each directive, we say whether that directive exists in Apache, and if it does, whether there is any change in meaning or syntax. Where directives do not exist in Apache, we either give an alternative method of implementing it in Apache, or state that the feature related to that directive is not implemented (if it will be implemented in Apache 1.2, we note it here).

Apache does not distinguish between the three configuration files that NCSA HTTPd uses. That is, in Apache, any directive can appear in any of the configuration files (and in fact it is possible to put all the directives into a single file, if desired). However, this list of directives is split into sections for each of the configuration files, and the directives listed in the same order as given in the NSCA documentation.

Directives valid in NCSA's Server Configuration file (httpd.conf):

  • ServerType: same
  • Port: same
  • User: same
  • Group: same
  • ServerAdmin: same
  • ServerRoot: same
  • ServerName: same
  • StartServers: same (but NCSA does not use the same method for its pool of servers)
  • MaxServers: use MaxClients instead, same syntax and meaning
  • MaxRequestsPerChild: same
  • TimeOut: same, except Apache resets the timeout on sending each time data is written (when sending a file), so this is not an overall timeout.
  • AccessConfig: same
  • ResourceConfig: same
  • TypesConfig: same
  • IdentityCheck: same, except can be set in .htaccess files
  • BindAddress: same syntax. Can however be used with virtual host configurations. See also new Listen directive for more control over addresses bound to
  • <Host>: not valid. Implement non-IP virtual hosting using normal <VirtualHost> section
  • <VirtualHost>: same, except Apache does not support the errorlevel argument (it effectively defaults to 'required'). In 1.2 <virtualhost> will be able to take multiple hosts and ip addresses. <virtualhost> is used to implement non-IP vhosts (see NCSA Host directive). Almost all directives are valid within a <VirtualHost> section, so the NCSA <SRMOptions> section is not needed in Apache.
  • <SRMOptions>: not applicable. Apache does not distinguish between the three config files, so directives are valid in all. You can just remove the <SRMOptions> and </SRMOptions> lines.
  • ErrorLog: same, except Apache can log to a pipe (ErrorLog |program)
  • TransferLog: same. Apache can also log to a pipe (i.e. another process) with "TransferLog |program". Log file is in standard 'common log format'.. No LogOptions Combined format to include user agent or referer information, however if the optional mod_log_config module is used, the log format can be set with LogFormat directive.
  • AgentLog: available if mod_log_agent compiled in. Syntax same, except Apache may log to a pipe, AgentLog |program.
  • RefererLog: available if mod_log_referer compiled in. Syntax same, except Apache may log to a pipe, RefererLog |program.
  • RefererIgnore: available if mod_log_referer compiled in. Syntax same.
  • PidFile: same
  • LogDirGroupWriteOK: not implemented.
  • LogDirOtherWriteOK: not implemented.
  • LogOptions: not valid in Apache. To specify formats, use the mod_log_config module and LogFormat instead. For separate agent and referer logs, use mod_log_agent and mod_log_referer modules.
  • KeepAlive: on Apache, argument is the maximum number of requests per connection. Use a value of 0 to disable keepalives.
  • KeepAliveTimeout: same syntax. If not given, Apache defaults to 15, NCSA 10
  • MaxKeepAliveRequests: not valid. Use KeepAlive instead, except a value of 0 in NCSA means stay alive forever, in Apache it disables keepalives completely
  • AssumeDigestSupport: not valid (but it doesn't do anything in NCSA anyway)
  • Annotation-Server: not valid

Directives valid in NCSA's Resouce Configuration file (srm.conf):

  • DocumentRoot: same
  • UserDir: same, except apache can also use a full-path with * to represent username (e.g. UserDir /home/*/public_html). Also Apache can redirect to a full URL.
  • AccessFileName: same
  • Redirect same (but the order that Alias and Redirects are applied may be different). Apache can only redirect to a full URL, not a relative URL.
  • RedirectPermanent: not implemented
  • RedirectTemp: use Redirect instead
  • Alias: same
  • ScriptAlias : same
  • AddType same, except Apache can have multiple extensions listed
  • AddEncoding same, except Apache can have multiple extensions listed
  • DefaultType: same
  • DirectoryIndex: same (Apache can use multiple names, as can HTTPd 1.5). Apache can list names as URLs relative to the server root.
  • FancyIndexing: same, but IndexOptions preferred
  • DefaultIcon: same
  • ReadmeName: same
  • HeaderName: same
  • AddDescription: same
  • AddIcon: same
  • AddIconByType: same
  • AddIconByEncoding: same
  • IndexIgnore: same
  • IndexOptions: same
  • ErrorDocument: same, except Apache can also output a static string with ErrorDocument "string, or redirect to a full URL. Apache passes on more REDIRECT_xxx env variables (all variables existing at time of the redirect are renamed REDIRECT_variable). But it does not pass on the error message in QUERY_STRING, or REDIRECT_REQUEST (use REDIRECT_URL instead). Apache can put ErrorDocument in .htaccess.

Directives valid in NCSA's Access configuration file (access.conf, or .htaccess files where allowed):

  • <Directory>: same
  • Options: same, except Apache also supports MultiViews option (for server-side content negotiation)
  • AllowOverride: same, except Apache does not use Redirect (use FileInfo instead to control Redirects in .htaccess file)
  • AuthName: same
  • AuthType: same (basic only) digest supported by optional mod_digest
  • AuthUserFile: same, except Apache does not support the second argument (standard, dbm or nis). Use AuthDBMUserFile instead for DBM format (1.2 will implement second arg to AuthUserFile). There are third party modules which implement NIS authentication.
  • AuthGroupFile: same differences as AuthUserFile.
  • AuthDigestFile same, if optional mod_digest compiled in
  • <Limit>: same. Note that in Apache, the directives valid inside <Limit> can also appear outisde, in which case they apply to all methods
  • order: same
  • deny: same (but see allow for note about partial comparisons)
  • allow: same, except Apache applies comparisons against full components only, eg bar.edu matchs x.bar.edu, but does not match x.foobar.edu.
  • require: same
  • referer: not valid in Apache. To restrict by referer, or any other request header, use third party module mod_rewrite (to be distributed in Apache 1.2)
  • satisfy: not valid.
  • OnDeny: not valid. Can be implemented by specifying an ErrorDocument 401
Other changes:
  • The XBITHACK functionality is configurable at runtime with XBitHack directive
  • All configuration directives can be used in any of the config file
  • Apache does not set the SERVER_ROOT, REMOTE_GROUP or ANNOTATION_SERVER CGI variables

Comments or criticisms? Please email us at editors@apacheweek.com