Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 1.3.25 Changelog
  • SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335] Code changes required to address and close chunked encoding security issues. To support this, we utilize the ANSI functionality of strtol, and provide ap_strtol for completeness. [Aaron Bannert, Justin Erenkrantz, Jim Jagielski, Brian Pane, William Rowe, Cliff Woolley] PORT: With OpenBSD 3.1 and up, allow modules to work on their ELF-based architectures. [Brad ]
  • Add X-Forwarded-Host and X-Forwarded-Server to X-Forwarded-For to the proxy. [Thomas Eibner ]
  • Fix a problem in mod_proxy: it would not set the number of bytes transferred, so other modules could not access the value from the request_rec->bytes_sent field. [Anthony Howe ] PR#6841
  • Fix a problem in mod_rewrite which would lead to 400 Bad Request responses for rewriting rules which resulted in a local path. Note: This will also reject invalid requests like "HEAD /roaming/martin/IMAP localhost HTTP/1.0" as issued by Netscape-4.x Roaming Profiles (on a DAV-enabled server) [Martin Kraemer]
  • SECURITY: CVE-2003-0083 (cve.mitre.org) Disallow anything but whitespace on the request line after the HTTP/x.y protocol string. That prevents arbitrary user input from ending up in the access_log and error_log. Also, special characters (especially control characters) are escaped in the log file now, to make a clear distinction between client-supplied strings (with special characters) and server-side strings. [Martin Kraemer]
  • Get rid of DEFAULT_XFERLOG as it is not used anywhere. It was preserved by the build system, printed with "httpd -V", but apart from that completely ignored: the default transfer log is to not produce any transfer log. [Martin Kraemer]
  • Fixed sending of binary files under Cygwin. PR 9185. [Cliff Woolley]
  • Added Cygwin directory layout to config.layout file. [Stipe Tolj, ]
  • Added a '-F' flag; which causes the mother/supervisor process to no longer fork down and detach. But instead stays attached to the tty - thus making live for automatic restart and exit checking code easier. [ Contributed by Michael Handler , Jos Backus [ Dirk-Willem van Gulik ]].
  • Make apxs.pl more flexible (file extensions like .so or .dll are no longer hardcoded). [Stipe Tolj ]
  • Add an intelligent error message should no proxy submodules be valid to handle a request. PR 8407 [Graham Leggett]
  • Allow child processes sufficient time for cleanups but making ap_select in reclaim_child_processes more "resistant" to signal interupts. Bugz# 8176 [David Winterbourne , Jim Jagielski]
  • Recognize platform specific root directories (other than leading slash) in mod_rewrite for filename rewrite rules. Bugz# 7492 [William Rowe]
  • For supported versions of Darwin, place dynamically loaded Apache extensions' public symbols into the global symbol table. This allows dynamically loaded PHP extensions. [Marko Karppinen ]
  • Correct proxy to be able to handle the unexpected 100-continue reponses sent during PUT or POST requests. [Graham Leggett]
  • Correct a timeout problem within proxy which would force long or slow POST requests to close after 300 seconds. [Martin Lichtin , Brian Bothwell ]
  • Add support for dechunking chunked responses in proxy. [Graham Leggett]
  • Made AB's use of the Host: header rfc2616 compliant by Taisuke Yamada [Dirl-Willem van Gulik]. Update the Red Hat Layout to match Red Hat Linux version 7. PR BZ-7422 [Joe Orton]
  • Add some popular types to the mime magic file. PR 7730. [Linus Walleij , Justin Erenkrantz]
  • Tighten up the overridden-Server-header bugfix in the proxy, by only overriding if the request is a proxy request. It has been pointed out that the previous fix allows CGIs and modules to override the Server header, which is change to previous behavior. [Graham Leggett, Joshua Slive]
  • Another fix for the multiple-cookie header bug in proxy. With some luck this bug is actually now dead. [Graham Leggett]