Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 1.3b7 Changelog
  • Make sure a MIME-type can be forced via a RewriteRule even when no substitution takes place, for instance via the following rule: ``RewriteRule ^myscript$ - [T=application/x-httpd-cgi]'' This was often requested by users in the past to force a single script without a .cgi extension and outside any cgi-bin dirs to be executed as a CGI program. [Ralf S. Engelschall] PR#2254
  • A fix for protocol issues surrounding 400, 408, and 414 responses. [Ed Korthof]
  • Ignore MaxRequestsPerChild on WIN32. [Brian Behlendorf]
  • Fix discrepancy in proxy_ftp.c which was causing failures when trying to connect to certain ftpd's, such as anonftpd. [Rick Ohnemus ]
  • Make mod_rewrite use ap_open_piped_log() for RewriteLog directive's logfile instead of fiddling around itself with child spawning stuff. [Ralf S. Engelschall]
  • Made RefererIgnore case-insensitive.
  • Mod_log_agent, mod_log_referer now use ap_open_piped_log for piped logs. [Brian Behlendorf]
  • Replace use of spawn_child with ap_spawn_child_err_buff, to make everything "safe" under Win32. In: mod_include.c, mod_mime_magic.c [Brian Behlendorf]
  • Improve RFC1413 support. [Bob Beck ]
  • Fix support script `dbmmanage': It was unable to handle some sort of passwords, especially passwords with "0" chars. [Ralf S. Engelschall] PR#2242
  • WIN32: Clicking on "Last Modified" in a fancy index caused a crash. Fixed. [Ben Laurie] PR#2238
  • WIN32: CGIs could cause a hang (because of a deadlock in the standard C library), so CGI handling has been changed to use Win32 native handles instead of C file descriptors. [Ben Laurie and Bill Stoddard ] PR#1129, 1607
  • The proxy cache would store an incorrect content-length in the cached file copy after a cache update. That resulted in repeated fetching of the original copy instead of using the cached copy. [Ernst Kloppenburg ] PR#2094
  • The Makefiles assumed that DSO files are build via $(LD). This is broken for two reasons: First we never defined at least LD=ld somewhere to make sure this works (it was silently assumed that most Make provide a built-in LD definition - ARGL!) and second using the generic LD variable is not the truth. Instead a special variable named LD_SHLIB is reasonable because although "ld" is usually the default, the command for building DSO files can be "libtool" or even "cc" on some systems. [Ralf S. Engelschall]
  • Replace the AddVersionPlatform directive with ServerTokens which provides for more control over the format of the Server: header line. SERVER_SUBVERSION is no longer supported; all module should use the ap_add_version_component() API function instead. [Jim Jagielski]
  • Support for the NCR MP/RAS 3.0 [John Withers ]
  • The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was not retrieved in src/Configure and thus was not useable. [Ralf S. Engelschall] Various Makefile consistency cleanups: - make OSDIR also automatically be relative to src/ like INCDIR - SUBDIRS is now generated in src/Makefile only and not in Makefile.config because it is a local define for this location. - remove BROKEN_BPRINTF_FLAGS because is it no longer used inside any Makefile but make sure that at least the "-K inline" is kept in CFLAGS for SCO 5. - update the "depend" targets in Makefile.tmpl files to use $(OSDIR), too. - updated the dependencies theirself - removed not existing SHLIB variable from "clean" targets - replaced SHLIB_OBJS/SHLIBS_OBJ consistently with OBJS_PIC because OBJS already exists and OBJS_PIC are also just plain objects and have not directly to do with "shared" things. The only difference is that they contain PIC. So OBJS_PIC is the more canonical name. - Updated the Makefile-dependency lines for OBJS_PIC - Removed the Makefile-dependency line in Configure to avoid double definitions - replaced ugly xx-so.o/xx.so-o hack with a clean and consistent usage of xxx.lo as GNU libtool does with its PIC objects - reduce local complexity in modules Makefile.tmpl by moving the last existing target "depend" to the generation section in Configure, too. - removed the historical $(SPACER) which was used in the past together with BROKEN_BPRINTF_FLAGS to avoid zig-zags in the build process. This is no longer needed. - force the build and run of the gen_xxx programs under main/ as the first step before building the objects because it looks cleaner [Ralf S. Engelschall]
  • WIN32: Make Win32 work again after the /dev/null DoS fix. [Ben Laurie]
  • WIN32: Check for buffer overflows in ap_os_canonical_filename. [Ben Laurie]
  • WIN32: Don't force ISAPI headers to finish with \n. [Jim Patterson , Ben Laurie] PR#2060
  • When opening "configuration" files (like httpd.conf, htaccess and htpasswd), Apache will not allow them to be non-/dev/null device files. This closes a DoS hole. At the same time, we use ap_pfopen to open these files to handle timeouts. [Jim Jagielski, Martin Kraemer]
  • Apache will now log the reason its httpd children exit if they exit due to an unexpected signal. (It requires a new porting define, SYS_SIGLIST, which if defined should point to a list of text descriptions of the signals available. See PORTING.) [Dean Gaudet]
  • WIN32: chdir() doesn't make sense in a multithreaded environment like WIN32. Before, Win32 CGI's could have had sporadic failures if a chdir call from one thread was made between another chdir call and a spawn in another thread. So, for now don't chdir for CGI scripts in WIN32. The current CGI "spec" is unclear as to whether it's necessary. Long-term fix is to either serialize the chdir/spawn combo or use WIN32 native calls to spawn a process. This temp fix was necessary to remove this as a showstopper for 1.3's release. [Brian Behlendorf]
  • Cleanup the suEXEC support in APACI and make it more safe: 1. Add big fat hint in INSTALL about risks and to read the htdocs/manual/suexec.html document before using the suexec-related configure options. 2. Make sure the user has at least provided one --suexec-xxxx option (specifies suEXEC parameters) in addition to --enable-suexec option. If only --enable-suexec is given APACI stops with a hint to INSTALL and htdocs/manual/suexec.html documents. 3. Provide two additional --suexec-xxxx options to make the suEXEC configuration complete (especially for package maintainers who else had to patch the source tree) by providing ways to configure minimal UID/GID and safe PATH, too. [Ralf S. Engelschall]
  • Cleanup of the `configure --shadow' process: - make sure the configure script creates its temporary files in the shadow tree to avoid conflicts with parallel configure runs - removed unnecessary option "-r" from "rm" call for Makefiles - make sure the configure scripts creates the shadow-wrapper Makefile only when no shadow trees already exists - make sure "make distclean" removes the shadow-wrapper Makefile but only when no more shadow trees exists - overhauled mkshadow.sh script: now its more IFS-safe and approx. twice as fast (in the past it needed 70sec, now it runs just 38sec) - make sure CVS does not complain about the created files Makefille. and directories src. [Ralf S. Engelschall]
  • Added the ap_add_version_component() API routine and the AddVersionPlatform core directive. The first allows modules to declare themselves in the Server response header field value, augmenting the SERVER_SUBVERSION define in the Configuration file with run-time settings (more useful in a loadable-module environment). AddVersionPlatform inserts a comment such as "(UNIX)" or "(Win32)" into the server version string. [Ken Coar] PR#2056
  • Minor stability tweaks to avoid core dumps in ap_snprintf. [Martin Kraemer]
  • Emit the "Accept-Range" header for the default handler. [Brian Behlendorf] PR#1464
  • Add a note to httpd.conf-dist that apache will on some systems fail to start when the Group # is set to a negative or large positive value. [Martin Kraemer]
  • Make sure the module execution order is correct even when some modules are loaded under runtime (`LoadModule') via the DSO mechanism: 1. The list of loaded modules is now a dynamically allocated one and not the original statically list from modules.c 2. The loaded modules are now correctly setup by LoadModule for later use by the AddModule command. 3. When the DSO mechanism for modules is used APACI's `install' target now enables all created `LoadModule' lines per default because this is both already expected by the user _and_ needed to avoid confusion with the next point and reduces the Makefile.tmpl complexity 4. When the DSO mechanism for modules is used, APACI's `install' target now additionally makes sure the module list is reconstructed via a complete `ClearModuleList+AddModule...' entry. 5. The support tool `apxs' now also makes sure an AddModule command is added in addition to the LoadModule command. 6. The modules.c generation was extended to now contain two comments to make sure no one is confused by the confusing terminology of loading/linking (we use load=link+load & link=activate instead of the obvious load=activate & link=link :-( ) This way now there is no longer a difference under execution time between statically and dynamically linked modules. [Ralf S. Engelschall]
  • Fix the generated mod_xxx.c from "apxs -g -f xxx" after the Big Symbol Renaming. [Ralf S. Engelschall]
  • Add a comment to mod_example.c showing the format of a FLAG command handler. [Ken Coar]
  • Standardized the time format in mod_status to match that of other places in the code (e.g. DATE_GMT). PR#1551
  • Fix handling of %Z in timefmt strings for those platforms with no time zone information in their tm struct. [Paul Eggert ] PR#754
  • Makes mod_rewrite, mod_log_config, mod_status and the ServerSignature feature compatible with 'UseCanonicalName off' by changing r->server->server_hostname to ap_get_server_name(). And I changed some functions which use r->server->port to use ap_get_server_port() instead, because if there's no Port directive in the config r->server->port is 0. [Lars Eilebrecht]
  • get/set_module_config are trivial enough to be better off inline. Worth 1.5% performance boost. [Dean Gaudet]
  • Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c when ensuring 'x' is at least 30-chars big. [Jim Jagielski, Brian Behlendorf]
  • [BS2000 security] BS2000 needs an extra authentication to initialize the task environment to the unprivileged User id. Otherwise CGI scripts would have a way to gain super user access. [Martin Kraemer]
  • Fix debug log messages for BS2000/OSD: instead of logging the whole absolute path, only log base name of logging source as is done in unix. [Martin Kraemer]
  • Ronald Tschalaer's Accept-Encoding patch - preserve the "x-" in the encoding type from the Accept-Encoding header (if it's there) and use it in the response, as that's probably what it'll be expecting. []
  • Fix to mod_alias: translate_alias_redir is dealing with a URI, not a filename, so the check for drive letters for win32 and emx is not necessary. [Dean Gaudet]
  • WIN32: Allow .cmd as an executable extension. [Kari Likovuori ] PR#2146
  • Make Apache header files, and some variables, C++ friendly. [Michael Anderson's ]
  • Child processes can now "signal" (by exiting with a status of APEXIT_CHILDFATAL) the parent process to abort and shutdown the server if the error in the child process was fatal enough. [Jim Jagielski]
  • mod_autoindex's find_itme() was sensitive to MIME type case. [Jim Jagielski] PR#2112
  • Make sure the referer_log and agent_log entries in the default httpd.conf file are also adjusted for the actual relative installation paths. [Ralf S. Engelschall] PR#2175
  • WIN32: Extensive overhaul of the way UNCs are handled. [Ben Laurie]
  • WIN32: Make roots of filesystems (e.g. c:/) work. [Ben Laurie] PR#1558
  • PORT: Various porting changes to support AIX 3.2, 4.1.5, 4.2 and 4.3. Additionally the checks for finding the vendor DSO library were moved from mod_so.c to Configure because first it needs $PLAT etc. and second mod_so already uses an abstraction layer and does not fiddle with the vendor functions itself. [Jens-Uwe Mager, Ralf S. Engelschall]
  • PORT: Some optimization defines for NetBSD [Jaromir Dolecek ] PR#2165
  • PORT: Dynamic Shared Object (DSO) support for NetBSD. [Jaromir Dolecek , Ralf S. Engelschall] PR#2158
  • Add Dynamic Shared Object (DSO) support for AIX (at least 4.2 but older AIX variants should work fine, too. Even AIX 3.x should work). This is accomplished by using the free DSO emulation code from Jens-Uwe Mager which we put into a os/unix/os-dso-aix.c file. [Ralf S. Engelschall] PORT: Fix compiler warnings under AIX >= 4.2 where the manual pages imply that we should use NET_SIZE_T == int but the include files force size_t. [Ralf S. Engelschall]
  • Fix two bugs in select() handling in http_main.c. [Roy Fielding]
  • Suppress "error(0)" messages for ap_log_error() when the APLOG_NOERRNO is unset (as it is in situations like timeouts) where it is unclear whether errno is set or not. [Martin Kraemer]
  • Just having APACI's localstatedir is too general and not enough for most of the systems. 1.3b6 again required manual APACI patches by package maintainers from Red Hat and FreeBSD because for their filesystem layout a little bit more flexibility in configuring the paths is needed. Hence we provide three additional configure options (--runtimedir, --logfiledir, --proxycachedir) which now can be used for more granular adjustments if --localstatedir is not enough to fit the particular needs. As a nice side-effect this reduces some subdir fiddling in configure+Makefile.tmpl. [Ralf S. Engelschall]
  • Make the install root for "make install" in APACI's Makefile overrideable by package authors. This way we are even more friendly to package maintainers (especially Debian and Red Hat) who build for the real prefix via "configure --prefix=/" but use a different local prefix via "make root=/tmp/apache install" for rolling the package without bristling the target location on their system. [Ralf S. Engelschall]
  • Workaround sed limitations in APACI's configure script by now substituting in chunks of 50 commands (because for instance HPUX's vendor sed has a limit of max. 98 commands) [Ralf S. Engelschall] PR#2136
  • Adding SOCKS5 support and fixing existing SOCKS4 support. [Ralf S. Engelschall] PR#2140
  • Manually fix some symbols which were not renamed to prefix ap_ in the BIG RENAMING process because they are defined as pre-processor macros instead of real functions: bputc, bgetc, piped_log_write_fd, piped_log_read_fd [Ralf S. Engelschall]
  • Workaround braindead AWK's when generating ap_config.h: The split() and substr() functions cannot be nested under vendor AWK from Solaris 2.6. [Ralf S. Engelschall] PR#2139
  • Various bugfixes and cleanups for the APACI configure script: o fix IFS handling for _nested_ situation o fix Perl interpreter search: take first one found instead of last one o fix DSO consistency check o print error messages to stderr instead of stdout o add install-quiet for --shadow situation to Makefile stub o reduce complexity by avoiding sed-hacks for rule and module list loops [Ralf S. Engelschall]
  • Fix DEBUG_CGI situation in mod_cgi.c [David MacKenzie] PR#2114
  • Make sure the input field separator (IFS) shell variable is explicitly initialized correctly before _every_ `for' loop and also restored after the loops. [Ralf S. Engelschall]
  • Make sure that "make install" doesn't overwrite the `mime.types' and `magic' files from an existing Apache installation. Because people often customize these for own MIME and content types. [Ralf S. Engelschall]
  • PORT: Dynamic Shared Object (DSO) support for OpenBSD 2.x [Peter Galbavy, Ralf S. Engelschall] PR#2109
  • Fix the path to the ScoreBoardFile in the install-config target, too. [Ralf S. Engelschall] PR#2105
  • Let "configure" clear out the users parameters (provided as shell variables) to avoid side-effects in "src/Configure" when the user exported them (which is not needed, but some users do it). [Ralf S. Engelschall] PR#2101
  • Provide backward compatibility from some old src/Configuration.tmpl parameter names to the canonical Autoconf-style shell variable names. For instance CFLAGS vs. EXTRA_CFLAGS. The EXTRA_xxx variants are accepted now but a hint message is displayed. [Ralf S. Engelschall] Make sure that "make install" doesn't overwrite the DocumentRoot and CGI scripts from an existing Apache installation. [Ralf S. Engelschall, Jim Jagielski] PR#2084
  • Make `configure --compat' more "compatible" by first let the libexecdir default to EPREFIX/libexec instead of EPREFIX/bin and second by making sure the "avoid-bristling-suffix" /apache is not appended to sysconfdir, datadir, localstatedir and includedir when --compat is used. [Ralf S. Engelschall, Lars Eilebrecht]
  • NeXT required strdup() in support/logresolve.c [Francisco Tomei ] PR#2082
  • AIX required sys/select.h in support/ab.c [Jens Schleusener ] PR#2081
  • Fix the path to the MimeMagicFile in the install-config target, too. [Ralf S. Engelschall] PR#2089
  • PORT: Added HP-UX 11 patches [Jeff Earickson ]
  • If you start apache with the -S command line option it will dump out the parsed vhost settings. This is useful for folks trying to figure out what is wrong with their vhost configuration. (Other dumps may be added in the future.) [Dean Gaudet]
  • Add %pA, %pI, and %pp codes to ap_vformatter (and hence ap_bprintf, ap_snprintf, and ap_psprintf). See include/ap.h for docs. [Dean Gaudet]
  • Because /usr/local/apache is the default prefix the ``configure --compat'' option no longer has to set prefix, again. This way the --compat option honors a leading --prefix option. [Lars Eilebrecht]
  • PORT: Cast the first argument of dlopen() in ap_os_dso_load() to `char *' under OSF1 and FreeBSD 2.x where it is defined this way to avoid "discard const" warnings. [Ralf S. Engelschall]
  • If a specific handler is set for a file yet the request still ends up being handled by the default handler, log an error message before handling it. This catches things such as trying to use SSIs without mod_include enabled. [Marc Slemko]
  • Fix error logging for the startup case where ap_log_error() still uses stderr as the target. Now the default log level is honored here, too. [Ralf S. Engelschall] PORT: Make sure some AWK's don't fail in src/Configure with "string too long" errors when generating the MODULES entry for src/Makefile [Ben Hyde, Ralf S. Engelschall]
  • Make sure src/Configure doesn't complain about the old directory /usr/local/etc/httpd/ when APACI is used. [Lars Eilebrecht]