Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 1.3.1 Changelog
  • Disable the incorrect entry for application/msword in the mod_mime_magic "magic" file because it also matches other Office documents. [Ralf S. Engelschall] PR#2608
  • Fix broken RANLIB handling in src/Configure (the entry from src/Configuration.tmpl was ignored) and additionally force RANLIB to /bin/true under HP/UX where ranlib exists but is deprecated. [Ralf S. Engelschall] PR#2627 'apachectl status' failed on some systems. [Steve VanDevender , Lars Eilebrecht] PR#2613
  • Add new flags for ap_unparse_uri_components() to make it generate the scheme://sitepart string only, or to omit the query string. [Martin Kraemer]
  • WIN32: Canonicalize ServerRoot before checking to see if it is a valid directory. The failure to do this caused certain ServerRoot settings (eg. "ServerRoot /apache") to be improperly rejected. [Marc Slemko]
  • Global renaming of C header files to both get rid of conflicts with third party packages and to again reach consistency: 1. conf.h -> ap_config.h 2. conf_auto.h -> ap_config_auto.h \ these are now merged 3. ap_config.h -> ap_config_auto.h / in the config process 4. compat.h -> ap_compat.h 5. apctype.h -> ap_ctype.h Backward compatibility files for conf.h and compat.h were created.
  • mod_mmap_static will no longer take action on requests unless at least one "mmapfile" directive is present in the configuration. This experimental module has to do some black magic to operate inside the current API and thus creates side-effects for other modules under some circumstances. [Ralf S. Engelschall] Add conservative ticks around more egrep arguments in top-level configure to avoid problems under brain-dead platforms like Digital UNIX (OSF1). [Ralf S. Engelschall] PR#2596
  • mod_rewrite created RewriteLock files under the UID of the parent process, thus the child processes had no write access to the files. Now a chown() is done on the file to the uid of the children, if applicable. [Lars Eilebrecht, Ralf S. Engelschall] PR#2341
  • Autogenerate some HAVE_XXXXX_H defines in conf_auto.h (determined via TestCompile) instead of defining them manually in conf.h based on less accurate platform definitions. This way we no longer have to fiddle with OS-type and/or OS-version identifiers to discover whether a system header file exists or not. Instead we now directly check for the existence of those esoteric ones. [Ralf S. Engelschall] PR#2093, PR#2361, PR#2377, PR#2434, PR#2524, PR#2525, PR#2533, PR#2569
  • mod_setenvif (BrowserMatch* and friends) will now match a missing field with "^$". [Ken Coar]
  • Set the RTLD_GLOBAL dlopen mode parameter to allow dynamically loaded modules to load their own modules dynamically. This improves mod_perl and mod_php3 when these modules are loaded dynamically into Apache. [Rasmus Lerdorf]
  • Cache a proxied request in the event that the client cancels the transfer, provided that the configured percentage of the file has already been transferred. It works for HTTP transfers only. The new configuration directive is called CacheForceCompletion. [Glen Parker ] PR#2277
  • Add the "]
  • Fix yet another signal-based race condition involving nested timers. Signals suck. [Dean Gaudet]
  • suexec's error messages have been clarified a little bit. [Ken Coar]
  • Clean up some, but perhaps not all, 8-bit character set problems with config file parsing, and URL parsing. We now define ap_isdigit(), ap_isupper(), ... which cast to an (unsigned char). This should work on most modern unixes. [Dean Gaudet] PR#800, 2282, 2553 (and others)
  • The "handler not found" error was issued in cases where the handler really did exist, but was just declining to serve the request. [John Van Essen ] PR#2529
  • Add Dynamic Shared Object (DSO) support for SCO5 (OpenServer 5.0.x). [Ronald Record ] PR#2533
  • The APACI libexecdir was not extended with an "apache/" subdir if the installation prefix didn't already contain "apache", but it should be because the DSO files are Apache-specific. Now libexecdir is treated the same way sysconfdir, datadir, localstatedir and includedir are already treated. [Charles Levert ] PR#2551
  • The parsing routine was incorrectly treating methods as case-insensitive. [Ken Coar]
  • The ap_bprintf() code neglected to test if there was an error on the connection. ap_bflush() misdiagnosed a failure as a success. [Dean Gaudet]
  • add support for #perl arg interpolation in mod_include [Doug MacEachern]
  • API: Name changes of table_elts to ap_table_elts, is_table_empty to ap_is_table_empty and bgetflag to ap_bgetflag. [Ben Laurie]
  • PORT: Add UnixWare 7 support [Vadim Kostoglodoff ] PR#2463
  • Fix the Guess-DSO-flags-from-Perl stuff in src/Configure: "perl" was used instead of "$PERL" which contains the correctly determined Perl interpreter (important for instance on systems where "perl" and "perl5" exists, like BSDI or FreeBSD, etc). [Ralf S. Engelschall] PR#2505
  • Move the initial suEXEC-related startup message from plain fprintf()/stderr to a delayed ap_log_error()-based one to avoid problems when Apache is started from inetd (instead of standalone). Under this situation startup messages on stderr lead to problems (the line is sent to the client in front of the requested document). [Ralf S. Engelschall] PR#871, PR#1318
  • Add a flag so ap_fnmatch() can be used for case-blind pattern matching. [Ken Coar, Dean Gaudet]
  • WIN32: Don't collapse multiple slashes in PATH_INFO. [Ben Laurie, Bill Stoddard ] PR#2274
  • WIN32 SECURITY: Eliminate trailing "."s in path components. These are ignored by the Windows filesystem, and so can be used to bypass security. [Ben Laurie, Alexei Kosut].
  • We now attempt to dump core when we get SIGILL. [Jim Jagielski]
  • PORT: remove broken test for MAP_FILE in http_main.c. [Wilfredo Sanchez ]
  • PORT: Change support/apachectl to use "kill -0 $pid" to test if the httpd is running. This should be more portable than figuring out which of three dozen different versions of "ps" are installed. [a cast of dozens]
  • WIN32: If we can't figure out how to execute a file in a script directory, bail out of the request with an error message. [W G Stoddard]
  • WIN32 SECURITY: Eliminate directories consisting of three or more dots; these are treated by Win32 as if they are ".." but are not detected by other machinery within Apache. This is something of a kludge but eliminates a security hole. [Manoj Kasichainula, Ben Laurie]
  • Move ap_escape_quotes() from src/ap to src/main/util.c; it uses pools and thus pollutes libap (until the pool stuff is moved there). [Ken Coar]
  • IndexIgnore should be case-blind on Win32 (and any other case-aware but case-insensitive platforms). New #define for this added to conf.h (CASE_BLIND_FILESYSTEM). [Ken Coar] PR#2455
  • Enable DSO support for OpenBSD in general, not only for 2.x, because it also works for OpenBSD 1.x. [Ralf S. Engelschall]
  • PORT: Fix compilation problem on ARM Linux. [Sam Kington ] PR#2443
  • Let APACI's configure script determine some configuration parameters (Group, Port, ServerAdmin, ServerName) via some intelligent tests to remove some of the classical hurdles for new users when setting up Apache. This is done per default because it is useful for the average user. Package authors can use the --without-confadjust option to disable these configuration adjustments. [Ralf S. Engelschall]
  • Added an EXTRA_DEPS configuration parameter which can be used to add an extra Makefile dependency for the httpd target, for instance to external third-party libraries, etc. [Ralf S. Engelschall]
  • Add .. sections to the core module (with same spirit as .. sections) which can be used to skip or process contained commands dependend of ``-D PARAMETER'' options on the command line. This can be used to achieve logical conditions like instead of physically ones (e.g. ) and thus especially can be used for conditionally loading DSO-based modules via LoadModule, etc. [Ralf S. Engelschall]
  • PORT: clean up a warning in mod_status for OS/2. [Brian Havard]
  • Make table elements const. This may prevent obscure errors. [Ben Laurie]
  • Fix parsing of FTP `SIZE' responses in proxy module: The newline was not truncated which forced following HTTP headers to be data in the HTTP reponse. [Ralf S. Engelschall, Charles Fu ] PR#2412, 2367
  • Portability fix for APACI shadow tree support: Swap order of awk and sed in top-level configure script to avoid sed fails on some platforms (for instance SunOS 4.1.3 and NCR SysV) because of the non-newline-termined output of Awk. [Bill Houle ] PR#2435
  • Improve performance of directory listings (mod_autoindex) by comparing integer keys (last-modified and size) as integers rather than converting them to strings first. Also use a set of explicit byte tests rather than strcmp() to check for parent directory-ness of an entry. Oh, and make sure the parent directory (if displayed) is *always* listed first regardless of the sort key. Overall performance winnage should be good in CPU time, instruction cache, and memory usage, particularly for large directories. [Ken Coar]
  • Add a tiny but useful goody to APACI's configure script: The generation of a config.status script (as GNU Autoconf does) which remembers the used configure command and hence can be used to restore the configuration by just re-running this script or for remembering the configuration between releases. [Ralf S. Engelschall]
  • Add httpd -t (test) option for running configuration syntax tests only. If something is broken it complains and exits with a return code non-equal to 0. This can be used manually by the user to check the Apache configuration after editing and is also automatically used by apachectl on (graceful) restart command to make sure Apache doesn't die on restarts because of a configuration which is now broken since the last (re)start. This way `apachectl restart' can be used inside cronjobs without having to expect Apache to be falling down. Additionally the httpd -t can be run via `apachectl configtest'. [Ralf S. Engelschall] PR#2393 Minor display fix for "install" target of top-level Makefile: the displayed installation command was incorrect although the executed command was correct. Now they are in sync. [Ralf S. Engelschall] PR#2402
  • Correct initialization of variable `allowed_globals' in http_main.c [Justin Bradford ] PR#2400
  • Apache would incorrectly downcase the entire Content-Type passed from CGIs. This affected server-push scripts and such which use multipart/x-mixed-replace;boundary=ThisRandomString. [Dean Gaudet] PR#2394
  • PORT: QNX update to properly guess 32-bit systems. [Sean Boudreau ] PR#2390
  • Make sure the DSO emulation code for HPUX finds the proprietary shl_xxx() functions which are in libdld under HPUX 9/10. [Ralf S. Engelschall] PR#2378
  • Make sure the "install" target of the top-level Makefile doesn't break because of a return code of 1 from an "if" (for instance under braindead Ultrix the result code of an "if" construct is 1 if the "then" clause didn't match). [Ralf S. Engelschall]
  • Add an additional "dummy" target to the "$(LIB)" target in generated modules/xxx/Makefile's to avoid problems with SVR4 Make under "full-DSO" situation (no libxxx.a built, only mod_xxx.so's) where LIB and OBJS are empty. [Ralf S. Engelschall, Dean Gaudet, Martin Kraemer]
  • Replace two bad sprintf() calls with ap_snprintf() variants in mod_rewrite. [Ralf S. Engelschall]
  • Fix missing usage description for MetaFiles directive. [David MacKenzie ] PR#2384
  • mod_log_config wouldn't let vhosts use log formats defined in the main server. [Christof Damian ] PR#2090
  • mod_usertrack was corrupting the client hostname. As part of the fix, the cookie values were slightly extended to include the fully qualified hostname of the client. [Dean Gaudet] PR#2190, 2229, 2366
  • Fix a typo in pool debugging code. [Alvaro Martinez Echevarria]
  • mod_unique_id did not work on alpha linux (in general on any architecture that has 64-bit time_t). [Alvaro Martinez Echevarria]
  • PORT: Make SCO 5 (and probably 3) compile again. [Ben Laurie]
  • PORT: NCR MPRAS systems have the same bug with SIGHUP restart that Solaris systems experience. So define WORKAROUND_SOLARIS_BUG. [Klaus Weber ] PR#1973
  • Change "Options None" to "Options FollowSymLinks" in the section of the default access.conf-dist (and -win even though it doesn't matter there). This has better performance, and more intuitive semantics. [Dean Gaudet]
  • PORT: Updated support for UTS 2.1.2. [Dave Dykstra ] PR#2320
  • Fix symbol export list (src/support/httpd.exp) after recent API changes in the child spawning area. [Jens-Uwe Mager ]
  • Workaround for configure script and old `test' commands which do not support the -x flag (for instance under platforms like Ultrix). This is solved by another helper script findprg.sh which searches for Perl and Awk like PrintPath but _via different names_. [Ralf S. Engelschall]
  • Remove the system() call from htpasswd.c, which eliminates a system dependancy. ["M.D.Parker" ] PR#2332
  • PORT: Fix compilation failures on NEXTSTEP. [Rex Dieter ] PR#2293, 2316
  • PORT: F_NDELAY is a typo, should have been FNDELAY. There's also O_NDELAY on various systems. [Dave Dykstra ] PR#2313
  • PORT: helpers/GuessOS updates for various versions for NCR SVR4. [juerg schreiner , Bill Houle ] PR#2310
  • Fix recently introduced Win32 child spawning code in mod_rewrite.c which was broken because of invalid ap_pstrcat() -> strcat() transformation. [Ralf S. Engelschall]
  • Proxy Cache Fixes: account for directory sizes, fork off garbage collection to continue in background, use predefined types (off_t, size_t, time_t), log the current cache usage percentage at LogLevel debug [Martin Kraemer, based on discussion between Dean Gaudet & Dirk vanGulik]