In this issue
The new beta, 1.3b6, was released on Monday 20th
April. It is available as both source (for Unix), and a
single-file installer for Windows. On both Unix and Windows
the installation of this beta could overwrite configuration
files and files under the htdocs directory, so be careful to
either backup you current configuration or install to a new
directory. Available from local download
Apache Site: www.apache.org
Release: 1.2.6 (Released 24th March 1998)
Beta: 1.3b6 (Released 20th April 1998) (local download
Apache 1.2.6 is the current stable release. Users of Apache
1.2.5 and earlier should upgrade to this version since it
fixes a number of bugs and potential security problems.
Bugs in 1.3b6
Bugs found in 1.3b6
These bugs have been found in 1.3 and will be fixed in the
next beta (1.3b6)
Because of the major differences between Windows and Unix,
these are separated into bugs which affect Windows systems
only, and other bugs (which may affect Windows as well). Unix
users can ignore the bugs listed in the Windows section.
The proxy and speling modules do not load on Windows 95. PR#1462.
Configuration files are overwritten by the installer. PR#2118.
Not all the timefmt
tokens are supported in SSI directives. PR#2061.
Some debug messages may be printed when Apache starts, even
if the LogLevel is
set to a higher level.
The new make install
target may overwrite existing installed files within the
It will overwrite any existing mime.types file in the
installation target configuration directory (normally
conf within the
server root). PR#2084.
The argument to CoreDumpDirectory can now be
relative to the server root.
Use of both --compat
and --prefix with the
new configure can
conflict, with the prefix being ignored. PR#2128.
Patches for bugs in Apache 1.2.6 may be made available in the
apply_to_1.2.6 subdirectory of the patches
directory on the Apache site (this directory may not exist if
no patches are available). Some new features and other
unofficial patches are available in the 1.2
patches directory (these may not apply cleanly to 1.2.6).
For details of all previously reported bugs, see the Apache
bugs pages. Many common configuration questions are
answered in the Apache FAQ.
Development has slowed down to prepare for the release of
Apache 1.3. During the beta release cycle Apache is in a
"feature freeze" where no major new features will be added.
Virtual Host Configuration Help
A new command line argument has been added for the next
release which will make Apache display the virtual host
settings it has read from the configuration file. This may be
useful when debugging problems configurating virtual hosts.
The new option is -S.
Unknown Handlers Will be Logged
Files with particular extensions are mapped onto internal
"handler" names with the AddHandler directive. This handler
name is used to select which module will send the response
back to the client. However if no module is available for a
particular handler string, the default "core" module will
send the file to the client. This might be a problem, and
from the next release this will be logged as a warning.
For example, SSI's are normally enabled with a line like:
AddHandler server-parsed shtml
The mod_include module
is responsible for sending files mapped to the
"server-parsed" handler. However if Apache is compiled
without mod_include, or
if this module is designed to be loaded dynamically but that
fails, the files will be sent back by the default handler,
resulting in the client seeing the embedded SSI directives.
From the next beta, this situation would result in this new
warning: "handler "server-parsed" not
found, using default handler for:
Adding Server Version Information to Responses
On every response, Apache includes its name and version
number. All servers do this, and it is often used by surveys
to analyse which web servers are in use (for example, Netcraft's server
survey). Some larger modules also add their name and
version number to server version, for example, mod_perl and
mod_php. This is done when Apache is compiled. However now
that dynamic modules are required on Windows, and becoming
more widely used on Unix, the Apache module API will be
extended to let modules add their information when they are
loaded, without having to recompile Apache.
There has also been some discussion about adding information
about the operating system, for example, identifying Windows,
Unix or OS/2 systems. This would enable surveys to find out
how the use of Apache on these three types of operating
systems varies. In the past the inclusion of OS specific
information on the server response has been considered a
possible security problem, however there are other methods to
determine if a remote system is (say) Windows or Unix based.
So it is possible that a future release of Apache will allow
the inclusion of the OS type on the server version, as a
Even More Dynamic Module Support
Dynamic loading of modules will by supported on OpenBSD
systems from the next beta release.
Performance Computing contains an article about
The Apache HTTP Server. This article treats Apache
seriously, and gives a farirly realistic assessment of its
strengths and (particularly for Windows) weaknesses. It does
however describe Apache code as being under the GPL license,
where as in fact Apache is under a license much closer to the
less restrictive FreeBSD license. For example, the Apache
license allows for commercial use of the code in products
which are not themselves available as source-code, subject to
an "advertising" clause.