Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 1.3.30 Changelog
  • Fix memory corruption problem with ap_custom_response() function. The core per-dir config would later point to request pool data that would be reused for different purposes on different requests. [Will Lowe, Jeff Trawick]
  • Reinit socket to allow mod_proxy to continue to try connections when invalid IPs are accessed. PR 27542. [Alexander Prohorenko ] SECURITY: CVE-2004-0174 (cve.mitre.org) Fix starvation issue on listening sockets where a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. Enabled for some platforms known to have the issue (accept() blocking after select() returns readable). Define NONBLOCK_WHEN_MULTI_LISTEN if needed for your platform and not already defined. [Jeff Trawick, Brad Nicholes, Joe Orton]
  • SECURITY: CVE-2003-0993 (cve.mitre.org) Fix parsing of Allow/Deny rules using IP addresses without a netmask; issue is only known to affect big-endian 64-bit platforms; on affected platforms such rules would never produce matches. PR 23850. [Henning Brauer ]
  • Fix mod_include's expression parser to recognize strings correctly even if they start with an escaped token. [Andr? Malo]
  • The whole codebase was relicensed and is now available under the Apache License, Version 2.0 (http://www.apache.org/licenses). [Apache Software Foundation]
  • Add mod_whatkilledus and mod_backtrace (experimental) for reporting diagnostic information after a child process crash. See source code for documentation. [Jeff Trawick, with help from mod_log_forensic]
  • mod_usertrack no longer inspects the Cookie2 header for the cookie name. PR 11475. [Chris Darrochi ]
  • mod_usertrack no longer overwrites other cookies. PR 26002. [Scott Moore ]
  • Add fatal exception hook for running diagnostic code after a crash. [Jeff Trawick]
  • Make REMOTE_PORT variable available in mod_rewrite. PR 25772. [Andr? Malo]
  • Forensic logging shouldn't log internal redirects. [Ivan Ristic ]
  • Some syntax errors in mod_mime_magic's magic file can result in a 500 error, which previously was unlogged. Now we log the error. PR 8329. [Jeff Trawick]
  • Linux 2.4+: If Apache is started as root and you code CoreDumpDirectory, coredumps are enabled via the prctl() syscall. Backport of a 2.x feature by Greg Ames. [Jeff Trawick]
  • Fix bug causing core dump when using CookieTracking without specifying a CookieName directly. Bugz# 24483. [Manni Wood , Jim Jagielski (backport)]
  • Fix RewriteBase directive to not add double slashes. [Andr? Malo]
  • mod_rewrite: In external rewrite maps lookup keys containing a newline now cause a lookup failure. PR 14453. [Cedric Gavage , Andr? Malo]
  • Forensic logging module added (mod_log_forensic). [Ben Laurie]
  • SECURITY: CVE-2003-0020 (cve.mitre.org) Escape arbitrary data before writing into the errorlog. Unescaped errorlogs are still possible using the compile time switch "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, Andr? Malo]
  • '%X' is now accepted as an alias for '%c' in the LogFormat directive. This allows you to configure logging to still log the connection status even with mod_ssl (which changes what '%c' means). [Jim Jagielski]
  • UseCanonicalName off was ignoring the client provided port information. [Jim Jagielski]