Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 1.2b8 Changelog
  • suexec.c doesn't close the log file, allowing CGIs to continue writing to it. [Marc Slemko]
  • The addition of and directives made the sub_req_lookup_simple() function bogus, so we now handle the special cases directly. [Dean Gaudet]
  • We now try to log where the server is dumping core when a fatal signal is received. [Ken Coar]
  • Improved lingering_close by adding a special timeout, removing the spurious log messages, removing the nonblocking settings (they are not needed with the better timeout), and adding commentary about the NO_LINGCLOSE and USE_SO_LINGER issues. NO_LINGCLOSE is now the default for SunOS4, UnixWare, NeXT, and IRIX. [Roy Fielding]
  • Send error messages about setsockopt failures to the server error log instead of stderr. [Roy Fielding]
  • Fix loopholes in proxy cache expiry vis a vis alarms. [Brian Moore]
  • Stopgap solution for CGI 3-second delay with server-side includes: if processing a subrequest, allocate memory from r->main->pool instead of r->pool so that we can avoid waiting for free_proc_chain to cleanup in the middle of an SSI request. [Dean Gaudet] PR #122
  • Fixed status of response when POST is received for a nonexistent URL (was sending 405, now 404) and when any method is sent with a full-URI that doesn't match the server and the server is not acting as a proxy (was sending 501, now 403). [Roy Fielding]
  • Host port changed to unsigned short. [Ken Coar] PR #276
  • Fix typo in command definition of AuthAuthoritative. [Ken Coar] PR #246
  • Defined USE_SHMGET_SCOREBOARD for shared memory on Linux. [Dean Gaudet]
  • Report extra info from errno with many errors that cause httpd to exit. spawn_child, popenf, and pclosef now have valid errno returns in the event of an error. Correct problems where errno was stomped on before being reported. [Dean Gaudet]
  • In the proxy, if the cache filesystem was full, garbage_coll() was never called, and thus the filesystem would remain full indefinitely. We now also remove incomplete cache files left if the origin server didn't send a Content-Length header and either the client has aborted transfer or bwrite() to client has failed. [Petr Lampa]
  • Fixed the handling of module and script-added header fields. Improved the interface for sending header fields and reduced the duplication of code between sending okay responses and errors. We now always send both headers_out and err_headers_out, and ensure that the server-reserved fields are not being overridden, while not overriding those that are not reserved. [Roy Fielding]
  • Moved transparent content negotiation fields to err_headers_out to reflect above changes. [Petr Lampa]
  • Fixed the determination of whether or not we should make the connection persistent for all of the cases where some other part of the server has already indicated that we should not. Also improved the ordering of the test so that chunked encoding will be set whenever it is desired instead of only when KeepAlive is enabled. Added persistent connection capability for most error responses (those that do not indicate a bad input stream) when accessed by an HTTP/1.1 client. [Roy Fielding]
  • Added missing timeouts for sending header fields, error responses, and the last chunk of chunked encoding, each of which could have resulted in a process being stuck in write forever. Using soft_timeout requires that the sender check for an aborted connection rather than continuing after an EINTR. Timeouts that used to be initiated before send_http_header (and never killed) are now initiated only within or around the routines that actually do the sending, and not allowed to propagate above the caller. [Roy Fielding]
  • mod_auth_anon required an @ or a . in the email address, not both. [Dirk vanGulik]
  • per_dir_defaults weren't set correctly until directory_walk for name-based vhosts. This fixes an obscure bug with the wrong config info being used for vhosts that share the same ip as the server. [Dean Gaudet]
  • Improved generation of modules/Makefile to be more generic for new module directories. [Ken Coar, Chuck Murcko, Roy Fielding]
  • Generate makefile dependency for Configuration based on the actual name given when running the Configure process. [Dean Gaudet]
  • Fixed problem with vhost error log not being set prior to initializing virtual hosts. [Dean Gaudet]
  • Fixed infinite loop when a trailing slash is included after a type map file URL (extra path info). [Petr Lampa]
  • Fixed server status updating of per-connection counters. [Roy Fielding]
  • Add documentation for DNS issues (reliability and security), and try to explain the virtual host matching process. [Dean Gaudet]
  • Try to continue gracefully by disabling the vhost if a DNS lookup fails while parsing the configuration file. [Dean Gaudet]
  • Improved calls to setsockopt. [Roy Fielding]
  • Negotiation changes: Don't output empty content-type in variant list; Output charset in variant list; Return sooner from handle_multi() if no variants found; Add handling of '*' wildcard in Accept-Charset. [Petr Lampa and Paul Sutton]
  • Fixed overlaying of request/sub-request notes and headers in mod_negotiation. [Dean Gaudet]
  • If two variants' charset quality are equal and one is the default charset (iso-8859-1), then prefer the variant that was specifically listed in Accept-Charset instead of the default. [Petr Lampa]
  • Memory allocation problem in push_array() -- it would corrupt memory when nalloc==0. [Kai Risku and Roy Fielding]
  • invoke_handler() doesn't handle mime arguments in content-type [Petr Lampa] PR#160
  • Reduced IdentityCheck timeout to 30 seconds, as per RFC 1413 minimum. [Ken Coar]
  • Fixed problem with ErrorDocument not working for virtual hosts due to one of the performance changes in 1.2b7. [Dean Gaudet]
  • Log an error message if we get a request header that is too long, since it may indicate a buffer overflow attack. [Marc Slemko]
  • Made is_url() allow "[-.+a-zA-Z0-9]+:" as a valid scheme and not reject URLs without a double-slash, as per RFC2068 section 3.2. [Ken Coar] PR #146, #187
  • Added table entry placeholder for new header_parser callback in all of the distributed modules. [Ken Coar] PR #191
  • Allow for cgi files without the .EXE extension on them under OS/2. [Garey Smiley] PR #59
  • Fixed error message when resource is not found and URL contains path info. [Petr Lampa and Dean Gaudet] PR #40
  • Fixed user and server confusion over what should be a virtual host and what is the main server, resulting in access to something other than the name defined in the virtualhost directive (but with the same IP address) failing. [Dean Gaudet]
  • Updated mod_rewrite to version 3.0.2, which: fixes compile error on AIX; improves the redirection stuff to enable the users to generally redirect to http, https, gopher and ftp; added TIME variable for RewriteCond which expands to YYYYMMDDHHMMSS strings and added the special patterns >STRING,
  • bpushfd() no longer notes cleanups for the file descriptors it is handed. Module authors may need to adjust their code for proper cleanup to take place (that is, call note_cleanups_for_fd()). This change fixes problems with file descriptors being erroneously closed when the proxy module was in use. [Ben Laurie]
  • Fix bug in suexec reintroduced by changes in 1.2b7 which allows initgroups() to hose the group information needed for later comparisons. [Randy Terbush]
  • Remove unnecessary call to va_end() in create_argv() which caused a SEGV on some systems.
  • Use proper MAXHOSTNAMELEN symbol for limiting length of server name. [Dean Gaudet]
  • Clear memory allocated for listeners. [Randy Terbush]
  • Improved handling of IP address as a virtualhost address and introduced "_default_" as a synonym for the default vhost config. [Dean Gaudet] PR #212