Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.0.27 Changelog
  • Introduce an Apache mod_ssl initial configuration template (ssl.conf, generated from ssl-std.conf). [Ralf S. Engelschall]
  • Fixed a memory leak in the getline parsing code that could be triggered by arbitrarily large header lines. Requests from the core input filter for single lines are now limited to HUGE_STRING_LEN (8192 bytes). [Aaron Bannert]
  • Fix a truncation bug in how we print the port on the Via: header. The routine that prints the Via: header now takes a length for the port string. [Zvi Har'El ]
  • Some syntax errors in mod_mime_magic's magic file can result in a 500 error, which previously was unlogged. Now we log the error. [Jeff Trawick]
  • Add the support/checkgid helper app, which checks the run-time validity of group identifiers usable in the Group directive. [Ken Coar]
  • Various --enable-so options have been fixed: --enable-so is treated as "static"; explicit --enable-so=shared issues an error; and explicit --enable-so fails with error on systems without APR_HAS_DSO. [Aaron Bannert]
  • Fix a segfault in the core input filter when the client socket gets disconnected unexpectedly. [Cliff Woolley]
  • Fix the reporting for child processes that die. This removes all of the non-portable W* macros from Apache. [Jeff Trawick and Ryan Bloom]
  • Win32: Track and display "Parent Server Generation:" in mod_status output. The generation will be bumped at server graceful restart, when the child process exits by hitting MaxRequestsPerChild or if the child process exits abnormally. [Bill Stoddard]
  • Win32: Fix problem where MaxRequestsPerChild directive was not being picked up in favor of the default. Enable the parent to start up a new child process immediately upon the old child starting shutdown. [Bill Stoddard]
  • Fix some bungling of the remote port in rfc1413.c so that IdentityCheck retrieves the proper user id instead of failing and thus always returning "nobody." [Dick Streefland ]
  • Introduced thread saftey for mod_rewrite's internal cache. [Brian Pane ]
  • Simplified mod_env's directives to behave as most directives are expected, in that UnsetEnv will not unset a SetEnv and PassEnv directive following that UnsetEnv within the same container. Also provides a runtime startup warning if a PassEnv configured environment value is undefined. [William Rowe]
  • The worker MPM is now completely ported to APR's new lock API. It uses native APR types for thread mutexes, cross-process mutexes, and condition variables. [Aaron Bannert]
  • Sync up documentation to remove all references to the now deprecated Port directive. [Justin Erenkrantz]
  • Moved all ldap modules from the core to httpd-ldap sub-project [Ryan Bloom]
  • Exit when we can't listen on any of the configured ports. This is the same behavior as 1.3, and it avoids having the MPMs to deal with bogus ap_listen_rec structures. [Jeff Trawick]
  • Cleanup the proxy code that creates a request to the origin server. This change adds an optional hook, which allows modules to gain control while the request is created if the proxy module is loaded. The purpose of this hook is to allow modules to add input and/or output filters to the request to the origin. While I was at it, I made the core use this hook, so that proxy request creation uses some of the code from the core. This can still be greatly improved, but this is a good start. [Ryan Bloom]