Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 1.3.2 Changelog
  • Fix bug in ap_remove_module(), which caused problems for dso's who were the top_module. [Doug MacEachern]
  • Add support for Berkeley-DB/2.x (in addition to Berkeley-DB/1.x) to mod_auth_db to both be friendly to users who wants to use this version and to avoid problems under platforms where only version 2.x is present. [Dan Jacobowitz , Ralf S. Engelschall]
  • When using ap_log_rerror(), make the error message available to the *ERROR_NOTES envariables by default. [Ken Coar]
  • BS2000 platform only: get rid of the nasty BS2000AuthFile. You now must define a BS2000Account name for the server User. This has fewer security implications than the old approach. [Martin Kraemer]
  • Fix SHARED_CORE feature for HPUX platform: We now use extension `.sl' instead of `.so' and `SHLIB_PATH' instead of `LD_LIBRARY_PATH' on this platform to make the braindead HPUX linker happy. Notice, for the module DSOs we don't have to use this, because these are loaded manually (and not via HPUX' dld). [Ralf S. Engelschall] PR#2905, PR#2968
  • Remove 64 thread limit on Win32. [Bill Stoddard ]
  • Remove redundant substitutions in top-level Makefile.tmpl. [Ralf S. Engelschall]
  • Fix APACI's `Group' configuration adjustment - especially for Linux platforms where `nogroup' exists in /etc/group. [Ralf S. Engelschall] Make PrintPath work generically instead of having one version strictly for OS/2. [Jim Jagielski, Brian Havard]
  • Fix the recently introduced C header file checking: We now use the C pre-processor pass only (and no longer the complete compiler pass) to determine whether a C header file exists or not. Because only this way we're safe against inter-header dependencies (which caused horrible portability problems). The only drawback is that we now have a CPP configuration variable which has to be determined first (we do a similar approach as GNU Autoconf does here). When all fails the user still has the possibility to override it manually via APACI or src/Configuration. As a fallback for the header check itself we can directly check the existance of the file under /usr/include, too. [Ralf S. Engelschall] PR#2777
  • PORT: Added RHAPSODY (Mac OS X Server) support. MAP_TMPFILE defined as an alternate mechanism for mmap'd shared memory for RHAPSODY. ap_private_extern defined to hide symbols that conflict with loaded dynamic libraries on the NEXT and RHAPSODY platforms. [Wilfredo Sanchez ]
  • Delete PID file on clean shutdowns. [Charles Randall ] PR#2947
  • Fix mod_auth_*.html documents: NSCA -> NCSA [Youichirou Koga ] PR#2991
  • Fix INSTALL document: www.gnu.ai.mit.edu -> www.gnu.org [Karl Berry ] PR#2994
  • Fix dbmmanage.1 manual page. [Youichirou Koga ] PR#2992 Fix possible buffer overflow situation in suexec.c. [Jeff Stewart ] PR#2790
  • Add some more LIBS for the SCO5 platform which are needed for the already used -lprot. It's actually a bug in SCO5, of course. [Ronald Record ] PR#2533
  • Fix documentation of ProxyPass/ProxyPassReverse according to the trailing slash problem. [Jon Drukman ] PR#2933 Remove `-msym' option from LDFLAGS_SHLIB for the Digital UNIX (OSF/1) platform, because it's only supported under version 4.0 and higher. But because our GuessOS is still unaware of Digital UNIX versions and the -msym is just to optimize the DSO statup time a little bit it's safe and best when we leave it out now. [Ralf S. Engelschall] PR#2969
  • Fix the ap_log_error_old(), ap_log_unixerr() and ap_log_printf() functions: First all three functions no longer fail on strings containing "%" chars and second ap_log_printf() no longer does a double-formatting (instead it directly passes through the message to be formatted to the real internal formatting function). [Ralf S. Engelschall] PR#2941
  • Allow "Include" directives anywhere in the server config files (but not .htaccess files). [Ken Coar] PR#2727
  • The proxy was refusing to serve CONNECT requests except to port 443 (https://) and 563 (snews://). The new AllowCONNECT directive allows the configuration of the ports to which a CONNECT is allowed. [Sameer Parekh, Martin Kraemer]
  • mod_expires will now act on content that is not sent from a file on disk. Previously it would never add an Expires: header to any response that did not come from a file on disk; the only case where it still doesn't (and can't) add one for that type of content is if you are using a modification date based setting. [Marc Slemko, Paul Phillips ]
  • Problems encountered during .htaccess parsing or CGI execution that lead to a "500 Server Error" condition now provide explanatory text (in the *ERROR_NOTES envariable) to ErrorDocument 500 scripts. [Ken Coar] PR#1291
  • Add NameWidth keyword to IndexOptions directive so that the width of the filename column is customisable. [Ken Coar, Dean Gaudet] PR#1949, 2324.
  • Recognize lowercase _and_ uppercase `uname' results under SCO OpenServer. [David Coelho ]
  • As duplicate "HTTP/1.0 200 OK" lines within the header seem to be a common problem of (mis-administrated?) IIS servers, make the apache proxy immune to these errors (and ignore the duplicates, but log the fact to error_log). [Martin Kraemer], after the proposal in PR#2914 The
  • Simplify handling of IndexOptions in mod_autoindex -- and BTW cause the standalone FancyIndexing directive to logically OR into any existing IndexOptions settings rather than wiping them out. [Ken Coar]
  • Changes in ftp proxy: make URL parsing simpler by using the parsed_uri stuff. + Add display of the "current directory" in cases where it's different from the supplied path (e.g., ftp://user@host/ lives in /home/user, not in /, therefore clicking on "../" in the starting directory might send us to /home/). + When ftp login fails, (esp. when a user name was part of the URL already), we now return [401 Unauthorized ] to allow the browser to pop up an authorization dialog. This makes passwords slightly less visible (they don't appear in the regular log files) and implements a functionality that other www proxy servers already offered. [Martin Kraemer]
  • Triggered by the recent "Via:" header changes, the proxy module would dump core for replies with invalid headers (e.g., duplicate "HTTP/1.0 200 OK" lines). These errors are now logged and the core dump is avoided. Also, broken replies are not cached. [Martin Kraemer] PR#2914
  • new `GprofDir' directive when compiled with -DGPROF, where gprof can plop gmon.out profile data for each child [Doug MacEachern] Use the construct ``"$@"'' instead of ``$*'' in the generated config.status script to be immune against arguments with whitespaces. [Yves Arrouye ] PR#2866
  • Replace the inlined information grabbing stuff for the configuration adjustment feature (no --without-confadjust) with calls to a new helper script `buildinfo.sh' which is both more flexible and already proofed to be more robust against platform differences. This mainly fixes the recently occured ``sed: command garbled: ...'' problems. [Ralf S. Engelschall] PR#2776, PR#2848
  • Make ab.c again pass ``gcc -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline'' without complains after we recently added the POST feature. [Ralf S. Engelschall]
  • Renamed is_HTTP_xxx() macros to ap_is_HTTP_xxx() name. They are used inside modules as API functions and we forgot them at the big symbol renaming. [Ralf S. Engelschall]
  • Remove bad reference to non-existing SERVER_VERSION in mod_rewrite.html [Youichirou Koga ] PR#2895
  • Dynamically size the filename column of mod_autoindex output. [Dean Gaudet]
  • Add the ability to do POST requests to the ab benchmarking tool. [Kurt Sussman ] PR#2871
  • Bump up MAX_ENV_FLAGS in mod_rewrite.h from the too conservatice limit of 5 to 10 because there are some users out there who always have 5 to 8 variables in one RewriteRule and had to patch mod_rewrite.h for every release. So 15 should be now more than enough, even for them. (I never needed more than 4 in my RewriteRules ;-) [Ralf S. Engelschall]
  • Make the proxy generate and understand Via: headers [Martin Kraemer]
  • Change the proxy to use tables instead of array_headers for the header lines. [Martin Kraemer]
  • Make sure the config.status file is not overridden when just ``configure --help'' is used. [Ralf S. Engelschall] PR#2844
  • Split MODULE_MAGIC_NUMBER into _MAJOR/_MINOR numbers. This should provide a way to trace API changes that add functionality but do not create a compatibility issue for precompiled modules, etc. See include/ap_mmn.h for more details. [Randy Terbush]
  • Fix suexec installation under `make install root=xxx' situation. [Ralf S. Engelschall]
  • Extend the output of the -V switch to include the paths of all compiled-in configuration files, if they were overridden at compile time, for least astonishment of the user. [Martin Kraemer]
  • When READing a request in ExtendedStatus mode, the "old" vhost, request and client information is not displayed. [Jim Jagielski]
  • STATUS is no longer available. Full status information now run-time configurable using the ExtendedStatus directive. [Jim Jagielski]
  • SECURITY: CVE-1999-1199 (cve.mitre.org) Eliminate O(n^2) space DoS attacks (and other O(n^2) cpu time attacks) in header parsing. Add ap_overlap_tables(), a function which can be used to perform bulk update operations on tables in a more efficient manner. [Dean Gaudet]
  • SECURITY: Added compile-time and configurable limits for various aspects of reading a client request to avoid some simple denial of service attacks, including limits on maximum request-line size (LimitRequestLine), number of header fields (LimitRequestFields), and size of any one header field (LimitRequestFieldsize). Also added a configurable directive LimitRequestBody for limiting the size of the request message body. [Roy Fielding]
  • Make status module aware of DNS and logging states, even if STATUS not defined. [Jim Jagielski]
  • Fix a problem with the new OS/2 mutexes. [Brian Havard]
  • Enhance mod_speling so that CheckSpelling can be used in containers and .htaccess files. [Ken Coar]
  • API: new ap_custom_response() function for hooking into the ErrorDocument mechanism at runtime [Doug MacEachern]
  • API: new ap_uuencode() function [Doug MacEachern]
  • API: scan_script_header_err_core() now "public" and renamed ap_scan_script_header_err_core() [Doug MacEachern]
  • The 'status' module will now show the process pid's and their state even without full STATUS accounting. [Jim Jagielski]
  • Restore the client IP address to the error log messages, this was lost during the transition from 1.2 to 1.3. Add a new function ap_log_rerror() which takes a request_rec * and formats it appropriately. [Dean Gaudet] PR#2661
  • Cure ap_cfg_getline() of its nasty habit of compressing internal whitespace in input lines -- including within quoted strings. [Ken Coar] but leading and trailing whitespace should continue to be stripped [Martin Kraemer]
  • Cleanup of the PrintPath/PrintPathOS2 helper functions. Avoid the ugly use of an env. variable and use command-line args for alternate $PATH. Make more like advanced 'type's as well. [Jim Jagielski]
  • The IRIXN32 Rule was being ignored. Configure now correctly adds -n32 only if IRIXN32 says to. [Jim Jagielski, Alain St-Denis ] PR#2736
  • Clean up a warning in mod_proxy. [Ralf S. Engelschall]
  • Renamed __EMX__ (internal define of the gcc port under OS/2) to OS2 following the same idea as "MSVC vs WIN32". Additionally the src/os/emx/ directory was renamed to src/os/os2/ for consistency. [Brian Havard, Ralf S. Engelschall]
  • Add new Rule SHARED_CHAIN which can be used to enable linking of DSO files (here modules) against other DSO files (here shared libraries). This is done by determining a subset of LIBS which can be safely used for linking the DSOs, i.e. PIC libs and shared libs. Currently the rule is disabled for all platforms to avoid problems with this (experimental) rule. But we provide it now for those people how ran into problems and want to came out by forcing linking against DSOs. [Ralf S. Engelschall] PR#2587
  • Fix suEXEC start message: Has to be of `notice' level to really get printed together with the standard startup message because the `notice' level is handled special inside ap_log_error() for startup messages. [Ralf S. Engelschall] PR#2761 PR#2761 PR#2765
  • Add correct `model' MIME types from RFC2077 to mime.types file. [Ralf S. Engelschall] PR#2732
  • Fixed examples in mod_rewrite.html document. [Youichirou Koga , Ralf S. Engelschall] PR#2756
  • Allow ap_read_request errors to propagate through the normal request handling loop so that the connection can be properly closed with lingering_close, thus avoiding a potential TCP reset that would cause the client to miss the HTTP error response. [Roy Fielding]
  • One more portability fix for APACI shadow tree support: Swap order of awk and sed in top-level configure script to avoid sed fails on some platforms (for instance SunOS 4.1.3 and NCR SysV) because of the non-newline-termined output of Awk. [Ralf S. Engelschall] PR#2729
  • PORT: NEC EWS4800 support. [MATSUURA Takanori ]
  • Fix a segfault in the proxy on OS/2. [Brian Havard]
  • Fix Win32 part of ap_spawn_child() by providing a reasonable child_info structure instead of just NULL. This fixes at least the RewriteMap programs under Win32. [Marco De Michele ] PR#2483
  • Add workaround to top-level `configure' script for brain dead `echo' commands which interpet escape sequences per default. [Ralf S. Engelschall] PR#2654
  • Make sure that the path to the Perl interpreter is correctly adjusted under `make install' also for the printenv CGI script. [Ralf S. Engelschall] PR#2595 Update the mod_rewrite.html document to correctly reflect the situation of the `proxy' (`[P]') feature. [Ralf S. Engelschall] PR#2679
  • Fix `install-includes' sub-target of `install' target in top-level Makefile.tmpl: The umask+cp approach didn't work as expected (especially for users which extracted the distribution under 'umask 077'), so replace it by an explicit cp+chmod approach. [Richard Lloyd, Curt Sampson, Ralf S. Engelschall] PR#2656 PR#2626 Fix `distclean' and `clean' targets in src/Makefile.tmpl to have same behavior and to cleanup correctly even under enabled SHARED_CORE rule. [Ralf S. Engelschall]
  • Use a more straight forward and thus less problematic Sed command in src/helper/mkdir.sh script. [Ralf S. Engelschall]
  • Make sure the `configure' scripts doesn't fail when trying to guess the domainname of the machine and there are multiple `domainname' and `search' entries in /etc/resolv.conf. [Ralf S. Engelschall] PR#2710
  • Add note about the SHARED_CORE requirement on some platforms also to the INSTALL file because a lot of users don't read htdocs/manual/dso.html first. [Ralf S. Engelschall] PR#2701
  • Fix document "hyperlink" for dso.html in src/Configuration.tmpl [Knut A.Syed ] PR#2674
  • Modify mod_rewrite to update the Vary response field if the URL rewriting engine does any manipulations or decisions based upon request fields. [Ken Coar] PR#1644
  • Document the special APACI behavior for installation paths where ``/apache'' is appended to paths under some (well defined, of course) situations to prevent pollution of system locations with Apache files. [Ralf S. Engelschall] PR#2660
  • Fixed problem with buffered response message not being sent for the read_request error conditions of URI-too-long (414) and malformed header fields (400). [Roy Fielding] PR#2646
  • Add support for the Max-Forwards: header line required by RFC2068 for the TRACE method. This allows apache to TRACE along a chain of proxies up to a predetermined depth. [Martin Kraemer]
  • Fix SHARED_CORE rule: The CFLAGS_SHLIB variable is no longer doubled (compilers complained) and the .so.V.R.P filename extension was adjusted to correctly reflect the 1.3.2 version. [Ralf S. Engelschall] PR#2644
  • SECURITY: Plug "..." and other canonicalization holes under OS/2. [Brian Havard] PORT: implement serialized accepts for OS/2. [Brian Havard]
  • mod_include had problems with the fsize and flastmod directives under WIN32. Fix also avoids the minor security hole of using ".." paths for fsize and flastmod. [Manoj Kasichainula ] PR#2355
  • Fixed some Makefile dependency problems. [Dean Gaudet]