Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.0.25 Changelog
  • Move the installed /manual directory out of the /htdocs/ tree, so that it can be kept more independently from the remaining document root. The "Alias /manual ..." already allowed for easy projection into existing private document trees. [Martin Kraemer]
  • Add specified user attributes to the environment when using mod_auth_ldap. This allows you to use mod_include to embed specified user attributes in a page like so: Hello , how are you? [Graham Leggett]
  • Fix a performance problem with the worker MPM. We now create transaction pools once, and re-use them for each connection. [Aaron Bannert ]
  • Modfied mod_mime to prevent mod_negotation from serving a multiview of a 'handler' or 'filter', so that any filename extension that does not contribute to the negotiated metadata can't be served without an explicit request. E.g., if the .Z extension is associated with an unzip filter, the user request somefile.Z.html, mod_negotiation won't serve it. It can serve somefile.Z.html when somefile.Z is requested, since the .Z extension is explictly requested, if the .html extension is associated with ContentType text/html. [William Rowe]
  • Introduce the AddInputFilter filter[;filter...] ext [ext...] and corresponding AddOutputFilter syntax, to insert one or more filters by mod_mime filename extension processing. [William Rowe]
  • Fix a growing connection pool in core_output_filter() for keepalive requests. [Jeff Trawick]
  • Moved split_and_pass_pretag_buckets back to being a macro at Ryans's request. Removed the return from it by setting and returning a return code instead. Updated the code to check the return code from the macro and do the right thing. [Paul J. Reder]
  • Fix a segfault when a numeric value was received for Host:. [Jeff Trawick]
  • Add a function ap_remove_input_filter. This is to match up with ap_remove_output_filter. [Ryan Bloom]
  • Clean up location_walk, so that this step performs a minimum amount of redundant effort (it must be run twice, but it will no longer reparse all blocks when the request uri hadn't changed.) [William Rowe]
  • Eliminate proxy: (and all other 'special') processing from the ap_directory_walk() phase. Modules that want to use special walk logic should refer to the mod_proxy map_to_location example, with it's proxy_walk and proxysection implementation. This makes either directory_walk flavor much more legible, since that phase only runs against real blocks. [William Rowe]
  • SECURITY: Fix a security problem in mod_include which would allow an SSI document to be passed to the client unparsed. [Cliff Woolley, Brian Pane]
  • Introduce the map_to_storage hook, which allows modules to bypass the directory_walk and file_walk for non-file requests. TRACE shortcut moved to http_protocol.c as APR_HOOK_MIDDLE, and the directory_walk/file_walk happen as APR_HOOK_VERY_LAST in core.c. [William Rowe]
  • Add the ability for mod_include to add the INCLUDES filter if the file is configured for the server-parsed handler. This makes the configuration for .shtml files much easier to understand, and allows mod_include to honor Apache 1.3 config files. Based on Doug MacEachern's patch to PHP to do the same thing. [Ryan Bloom]
  • force OpenSSL to ignore process local-caching and to always get/set/delete sessions using mod_ssl's callbacks [Madhusudan Mathihalli , Geoff Thorpe ]
  • Make the worker MPM shutdown and restart cleanly. This also cleans up some race conditions, and gets the worker using pools more cleanly. [Aaron Bannert ]
  • Implement CRYPTO_set_locking_callback() in terms of apr_lock for mod_ssl [Madhusudan Mathihalli ]
  • Fix for mod_include. Ryan's patch to check error codes put a return in the wrong place. Also, the include handler return code wasn't being checked. I don't like macros with returns, so I converted SPLIT_AND_PASS_PRETAG_BUCKETS into a function. [Paul J. Reder ]
  • fix segv in mod_mime if no AddTypes are configured [John Sterling ]
  • Enable ssl client authentication at SSL_accept time [Madhusudan Mathihalli ]
  • Fix a segfault in mod_include when the original request has no associated filename (e.g., we're filtering the error document for a bad URI). [Jeff Trawick]
  • Fix a storage leak (a strdup() call) in mod_mime_magic. [Jeff Trawick]
  • The prefork and OS/2 MPMs are overwriting the pid file when a second copy of httpd is started and shuts down due to socket conflict. Moving the call to ap_log_pid solves the problem.
  • Changed the late-1.3 log_config substitution %c to %X, to log the status of the closed connection, as it conflicts with the far more common, historical ssl logging directive %...{var}c. [William Rowe]
  • Added the common error/ tree to the build/install targets (similar to the common icons/ tree) for the multi-language error messages that Lars committed earlier. [William Rowe]
  • Added a multi process, multi threaded OS/2 MPM mpmt_os2. [Brian Havard]
  • Added a default commented-out mod_ldap and mod_auth_ldap configuration to httpd-std.conf and httpd-win.conf [Graham Leggett]
  • Added documentation for mod_ldap and mod_auth_ldap. [Graham Leggett]
  • Enabled negative caching on attribute comparisons in the LDAP cache. Fixed a problem where the default cache TTL was set in milliseconds not microseconds causing the cache to time out almost immediately. [Graham Leggett]
  • Fixed all the #if APR_HAS_SHARED_MEMORY checks within the LDAP module code to follow APR. [Graham Leggett]
  • Fixed LDAP cleanup on graceful restarts. LDAP connections are now cleaned up when the connection pool pool is cleaned up. [Graham Leggett]
  • Fix a minor issue with Jeff Trawick's mod_include patch. Without this patch, the code will just allocate more bytes in get_combined_directive than are needed. [Paul Reder]
  • Added the LDAP authentication module mod_auth_ldap. [Dave Carrigan , Graham Leggett]
  • Added the LDAP cache and connection pooling module mod_ldap. [Dave Carrigan , Graham Leggett]
  • Fix --enable-modules=all breakage with mod_auth_db and mod_auth_digest by allowing a module to disable itself if its prerequisites are not met. [Justin Erenkrantz]