Apache Site: www.apache.org
Release: 1.3.1 (Released 22nd July 1998)
Apache 1.3.1 is the current stable release. Users of Apache
1.2.6 and earlier should look at upgrading to this version,
which provides additional features and has been subject to
The bugs listed below now include a link to the entry in the
Apache bug database where the problem is being tracked. These
entries are called "PR"s (Problem Reports). Some bugs do not
correspond to problem reports if they are found by
These bugs have been found in 1.3.1 and will be fixed in the
Because of the major differences between Windows and Unix,
these are separated into bugs which affect Windows systems
only, and other bugs (which may affect Windows as well). Unix
users can ignore the bugs listed in the Windows section.
In an IfModule
directive, placing a space between the ! and the module
name will cause the IfModule section to always be
executed. For example <IfModule
! modname.c> instead of <IfModule !modname.c>. The
same problem occurs with <IfDefine ...>. From the
next release, an error will be given if there is a space
after the !.
IIS servers seem to commonly generate invalid responses. In
particular, they can issue multiple status lines (the
"HTTP/1.0 200 OK"
line) in amongst the response headers. This caused the
proxy to core-dump. Since this is so common, the proxy
module now accepts multiple status lines, logs the error,
and handles the response as if it was valid. PR#2914.
Configure failed to
recognize some versions of SCO OpenServer, since they
return the output of uname in a different case to
other versions of this OS.
Patches for bugs in Apache 1.3.1 will be made available in
the apply_to_1.3.1 subdirectory of the patches
directory on the Apache site. Some new features and other
unofficial patches are available in the 1.3
patches directory. For details of all previously reported
bugs, see the Apache bug database and
bugs pages. Many common configuration questions are
answered in the Apache FAQ.
The ability of the proxy module to proxy FTP requests has
been improved. It now displays the current directory, if it
is different from the directory supplied. Also if the
username and password provided fail, it will prompt for a new
username and password from the browser (by sending a 401
response to the client). This can avoid having passwords in
the log file.
The proxy module will also support the HTTP/1.1 Via: header. This puts a header
into the response, so clients can see if their request went
via a proxy. This can be turned off with the ProxyVia directive.
Also, the proxy module now supports the HTTP/1.1 Max-Forwards: header, to allow
TRACE requests to trace the proxies that a request goes
through (provided the other proxies support Max-Forwards: as well).
If an ErrorDocument is
handling a particular error, it can often find the error
message in the ERROR_NOTES environment variable.
Now if the error was caused by a bad CGI, the ERROR_NOTES will include the
reason, such as "Premature end of script headers".
typically exist under the document root directory, so can be
accessed via clients with the appropriate URL. However the
files may contain information which should not be made
public, such as the loation of corresponding htpasswd files, or rules for
allowing or denying access.
One way to prevent clients seeing .htaccess files is to disable
access to the particular filename. For example:
deny from all
From the next release of Apache, these lines will be included
in the distributed srm.conf file.
ZDNet wrote about how a Microsoft executive is reacting to
free software developments such as Linux and Apache. In
Ballmer: Microsoft taking notice of free rivals Linux,
Apache, the Microsoft president is quoted as saying he is
"worried" about the growth of open-source operating systems,
but that at the end of the day the total cost of a project is
more important than whether the software is free.
This article is followed by a large number of reader
The agenda for the upcoming Apache Conference is now
available, with details of most of the sessions. This is the
first ever conference dedicated to the Apache web server, and
is being run by the Apache Group, with organisation and
sponsorship by various commercial companies. It is aimed at
both Apache developers and Apache users.
The conference will feature four tracks, covering dymanic
content, performance tuning, security and case studies. There
will also be a trade show.
The dynamic content track shows how to use Apache to run
efficient dynamic sites. There are many ways to do this with
Apache, and the track will feature talks on using PHP, Java
(via mod_jserv) and Perl (via mod_perl). There will also be a
talk on writing an Apache module directly in C.
The performance track will show how to tune your Apache
configuration for the best performance. OS experts will also
show how to tune Linux, FreeBSD and Windows NT for best
web-serving. There will also be a talk about the current
state of development of graphical configuration tools for
The security track will introduce the security concepts,
including the new TLS specification for secure transactions
(the successor to SSL). Other sessions will cover securing
Unix systems and potential problems with running secure web
The final track will offer case studies of how a variety of
organisations are using Apache as their web server. The talks
will cover practiical aspects of configuring and using
For more information, see www.apachecon.com.