Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.0.32 Changelog
  • mod_negotiation: ForceLanguagePriority now uses 'Prefer' as the default if the directive is not specified. This mirrors older behavior without changes to the httpd.conf. [William Rowe]
  • Win32: solve the win32 service problems in 2.0.31-alpha, by fixing the service, mpm and logging code, and bugs in apr_file_open_stderr and apr_file_dup2 functions. Win2K/XP services have no handles associated for stdin/out/err, which caused unpredictable behavior in the prior release. [William Rowe, Bill Stoddard]
  • Win32: simplify the Application Event Log messages, since there isn't likely to be 'more information in the error log' before an error log has been opened. [William Rowe]
  • Win32: substantial cleanup to the mpm_winnt code for legibility and to follow the program flow of other MPMs. [Ryan Bloom, William Rowe]
  • Win32: apache -k shutdown now behaves like apache -k stop. [Bill Stoddard]
  • Fix prefork to not kill the parent if a child hits a resource shortage on accept(). [Greg Ames]
  • Fix seg faults that occur when what should be the httpd request line starts with \r\n followed by garbage. [Greg Ames]
  • Allow statically linked support binaries with the new --enable-static-support flag, and enable this behavior in the binbuild script. Also add a new --enable-static-htdbm flag. [Aaron Bannert]
  • Allow mod_autoindex to serve symlinks if permitted and attempt to do only one stat() call when generating the directory listings. [Justin Erenkrantz]
  • Fix resolve_symlink to save the original symlink name if known. [Justin Erenkrantz]
  • Be a bit more sane with regard to CanonicalNames. If the user has specified they want to use the CanonicalName, but they have not configured a port with the ServerName, then use the same port that the original request used. [Ryan Bloom and Ken Coar]
  • In core_input_filter, check for an empty brigade after APR_BRIGADE_NORMALIZE(). Otherwise, we can get segfaults if a client says it will post some data but we get FIN before any data arrives. [Jeff Trawick]
  • Not being able to bind to the socket is a fatal error. We should print an error to the console, and return a non-zero status code. With these changes, all of the Unix MPMs do that correctly. [Ryan Bloom]
  • suexec: Allow HTTPS and SSL_* environment variables to be passed through to CGI scripts. PR 9163 [Brian Reid , Zvi Har'El ]
  • Make sure that we use the expat from our source tree so that there aren't any surprises on the target machine. [Jeff Trawick]
  • mod_cgid: Add retry logic for when the daemon can't fork fast enough to keep up with new requests. Start using HTTP_SERVER_UNAVAILABLE instead of HTTP_INTERNAL_SERVER_ERROR when we can't talk to the daemon. [Jeff Trawick]
  • apxs: LTFLAGS envvar can override default libtool options. Try "LTFLAGS=' ' apxs -c mod_foo.c" to see what libtool does under the covers. [Jeff Trawick]
  • The Location: response header field, used for external redirect, *must* be an absoluteURI. The Redirect directive tested for that, but RedirectMatch didn't -- it would allow almost anything through. Now it will try to turn an abs_path into an absoluteURI, but it will correctly varf like Redirect if the final redirection target isn't an absoluteURI. [Ken Coar]