Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.1.1 Changelog
  • mod_proxy_http: Stream content better - always flush buffered data to the client before blocking waiting for new data. PR 19954. [Joe Orton]
  • mod_ssl: Add support for command-line option "-t -DDUMP_CERTS" which will dump the filenames of all configured SSL certificates to stdout. [Joe Orton]
  • mod_disk_cache: Remove a bunch of non-implemented garbage collection and cache size directives that are now available through htcacheclean. [Justin Erenkrantz]
  • Add htcacheclean to support/ for assistance with mod_disk_cache. [Andreas Steinmetz]
  • mod_authnz_ldap: Added the directive "Requires ldap-filter" that allows the module to authorize a user based on a complex LDAP search filter. [Brad Nicholes]
  • mod_usertrack: Run the fixups hook before other modules. PR 29755. [Paul Querna]
  • Allow mod_authnz_ldap authorization functionality to be used without requiring the user to also be authenticated through mod_authnz_ldap. This allows other authentication modules to take advantage of LDAP authorization only [PR 28253] [Jari Ahonen jah progress.com, Brad Nicholes]
  • Log the client IP address when an error occurs disabling nagle on a connection, but log at a severity of debug since this error generally means that the connection was dropped before data was sent. Log the client IP address when reporting errors in the core output filter. [Jeff Trawick]
  • core: Add a warning message if the request line read fails. [Paul Querna]
  • mod_rewrite: Removed the MaxRedirects option in favor of the core LimitInternalRecursion directive. [André Malo]
  • mod_info: Added listing of the Request Hooks and added more build information like 'httpd -V' contains. Changed output to XHTML. [Paul Querna]
  • mod_info: Rewrote config tree walk using a recursive function. Added ?config option. Added printout of config filename and line numbers. [Rici Lake , Paul Querna]
  • mod_proxy: Fix type error that prevents proxy-sendchunks from working. [Justin Erenkrantz]
  • mod_proxy: Fix data corruption by properly setting aside buckets. [Justin Erenkrantz]
  • mod_proxy: If a request has a blank body and has a 0 Content-Length headers, pass that to the proxy. [Justin Erenkrantz]
  • Recognize QSA flag in mod_rewrite again. [Jan Kratochvil ]
  • Restructured mod_auth_ldap to fit the new authentication model. The module is now called authnz_ldap and has been moved out of the modules/experimental area and into modules/aaa with the other auth modules. Both the authn_ldap provider and the authz_ldap handler are contained within the authnz_ldap module. The authz_ldap handler introduces 3 new "requires" values for handling authorization. These handlers are ldap-user, ldap-group and ldap-dn. [Brad Nicholes]
  • Fix some compiler warnings in proxy [Geoffrey Young ]
  • mod_ssl: Add SSL_CLIENT_V_REMAIN variable, representing the number of days until the client cert expires. [Joe Orton]
  • Add test_config hook, run only if httpd is invoked using -t. [Joe Orton]
  • Improve error handling for corrupted pid files. [Jeff Trawick]
  • mod_proxy.c and proxy_util.c: Enable compiling on 2.0-HEAD (for backwards compatibility): Avoids mod_ssl.h (not included in 2.0-HEAD) and use apr_socket_create_ex for 0.9.x [Mladen Turk]
  • Added proxy_ajp.c module for proxy support to ajp:// backends. [Jean Frederic Clere]
  • Fixes the build of proxy on Windows. Since the proxy_module is declared as extern using AP_MODULE_DECLARE_DATA that expands to dllexport, there is a LNK2001 error when building proxy_http. [Mladen Turk]
  • Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap. [Graham Leggett]
  • Remove deprecated/removed APR_STATUS_IS_SUCCESS(). [Justin Erenkrantz]
  • perchild MPM: Fix thread safety problem in the use of longjmp(). [Tsuyoshi SASAMOTO ]
  • Add load balancer support to the scoreboard in preparation for load balancing support in mod_proxy. [Mladen Turk]
  • mod_nw_ssl: Added the directive NWSSLUpgradeable to mod_nw_ssl to allow a non-secure connection to be upgraded to secure connections [Brad Nicholes]
  • core: Add Options= syntax to AllowOverride to specify which options may be overridden in .htaccess files. PR 29310. [Tom Alsberg , Paul Querna]
  • ab: Handle long URLs with an error instead of an buffer overflow. PR 28204. [Erik Weide , Paul Querna]
  • mod_so, core: Add new command line options to print all loaded modules. '-t -D DUMP_MODULES' and '-M' will show all static and shared modules as loaded from the configuration file. [Paul Querna]
  • mod_autoindex: Add ShowForbidden to IndexOptions to list files that are not shown because the subrequest returned 401 or 403. PR 10575. [Paul Querna]
  • mod_headers: implement "Early" processing option in post_read_request to enable Header and RequestHeader directives to be used to set up testcases for pre-fixups request phases [Nick Kew]
  • mod_proxy: multiple bugfixes, principally support cookies in ProxyPassReverse, and don't canonicalise URL passed to backend. Documentation correspondingly updated. [Nick Kew ]
  • mod_deflate: support gzip flags in inflate_out_filter [Nick Kew ]
  • Drop the ErrorHeader directive which turned out to be a misnomer. Instead there's a new optional flag for the Header directive ('always'), which keeps the former ErrorHeader functionality. [André Malo]
  • mod_deflate: Don't deflate responses with zero length e.g. proxied 304's [Allan Edwards]
  • now recognizes the module identifier in addition to the file name. PR 29003. [Edward Rudd , André Malo]
  • mod_ssl: Add "SSLHonorCipherOrder" directive to enable the OpenSSL 0.9.7 flag which uses the server's cipher order rather than the client's. PR 28665. [Jim Schneider ]
  • mod_ssl: Drop support for the CompatEnvVars argument to SSLOptions, which was never actually implemented in 2.0. [Joe Orton]
  • Fix bug in mod_deflate that unconditionally sent deflate'd output even when Accept-Encoding is not present. [Justin Erenkrantz]
  • Pass environment variables through to piped loggers and start them via the shell, resolving regressions since 1.3. PR 28815 [Ken Coar, Jeff Trawick]
  • External rewrite map responses are no longer limited to 2048 bytes. [André Malo]
  • Proxy server was deleting cookies that Apache had already assigned if the origin server had set any cookies. PR 27023. [Jim Jagielski]
  • Removed old and unmaintained ap_add_named_module API and changed the following APIs to return an error instead of hard exiting: ap_add_module, ap_add_loaded_module, ap_setup_prelinked_modules, and ap_process_resource_config. [André Malo]
  • mod_headers: Allow %% in header values to represent a literal %. [André Malo]
  • mod_headers: Allow env clauses also for 'echo' and 'unset' actions. [André Malo]
  • mod_headers: Allow 'echo' also for ErrorHeaders. [André Malo]
  • mod_deflate: New option for DEFLATE output file (force-gzip), new output filter 'INFLATE' for uncompressing responses. [Nick Kew , Ian Holsman]
  • Added new module mod_version, which provides version dependent configuration containers. [André Malo]
  • mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o format is used. PR 27787. [André Malo]
  • Allow Digest providers to return AUTH_DENIED to propagate a 401 status and terminate the provider chain prior to checking the password. [Geoffrey Young]
  • mod_cgid: Don't allow Scriptsock to be specified inside VirtualHost; Don't place script socket inside default server root instead of actual server root. PR 27886. [Jeff Trawick]
  • mod_proxy: Fix handling of non-200 success status codes when "ProxyErrorOverride On" is configured. PR 20183. [Marcus Janson , Joe Orton]
  • Threaded MPMs for Unix and Win32: Add support for ThreadStackSize directive (previously NetWare-only) to override default thread stack size for threads which handle client connections. Required for some third-party modules on platforms with small default thread stack size. [Jeff Trawick]
  • minor mod_auth_basic and mod_auth_digest sync. mod_auth_basic now populates r->user with the (possibly unauthenticated) user, and mod_auth_digest returns 500 when a provider returns AUTH_GENERAL_ERROR. [Geoffrey Young]
  • The whole codebase was relicensed and is now available under the Apache License, Version 2.0 (http://www.apache.org/licenses). [Apache Software Foundation]
  • Delete some make-generated files in the server directory during "make clean" processing. PR 26552. [Jeff Trawick]
  • Add core version query function (ap_get_server_revision) and accompanying ap_version_t structure (minor MMN bump). [André Malo]
  • mod_rewrite: EOLs sent by external rewritemaps are now consumed as whole. That way, on systems with more than one EOL character rewritemap programs no longer need to switch stdout to binary mode. PR 25635. [André Malo]
  • mod_rewrite: Introduce the ability to force a content handler via the [handler=...] flag. [André Malo]
  • mod_rewrite: Introduce the RewriteCond -x check, which returns true if the pattern is a file with execution permissions. [André Malo]
  • mod_rewrite: Allow proxying and RewriteRules in directory context for subrequests. PR 14648, 15114. [André Malo]
  • mod_rewrite: Allow setting of any valid HTTP response code. PR 25917. [André Malo]
  • mod_rewrite: Cookie creation now works locale independent. [André Malo]
  • mod_ssl: Add support for distributed session cache using 'distcache'. [Geoff Thorpe ]
  • mod_dav: Disallow requests with an unescaped hash character in the Request-URI. PR 21779. [Amit Athavale ]
  • mod_proxy with ProxyErrorOverride On in a reverse-proxy configuration attaches a body to the 302 response and a wrong Content-Length header. PR: 22951 [Ermanno Scaglione scaglione ..at.. starnetone.de]
  • Bring ErrorHeader concept forward from 1.3, so that response header fields can be set for return even on errors or external redirects. [Ken Coar]
  • Fix and parsing to require a closing '>' in the initial container. PR 25414. [Geoffrey Young ]
  • Clean up httpd -V output: Instead of displaying the MPM source directory, display the MPM name and some MPM properties. [Geoffrey Young ]
  • mod_ssl/mod_status: Re-enable support for output of SSL session cache information in server-status page. [Joe Orton]
  • mod_ssl: Remove the shmht session cache, shmcb should be used instead. [Joe Orton]
  • mod_logio: Account for some bytes handed to the network layer prior to dropped connections. [Jeff Trawick]
  • mod_autoindex: new directive IndexStyleSheet [Tyler Riddle , Paul Querna ]
  • Fix uninitialized gprof directory name in prefork MPM. PR 24450. [Chris Knight ]
  • Log an error when requests for URIs which fail to map to a valid filesystem name are rejected with 403. [Jeff Trawick]
  • Switch to APR 1.0 API.
  • Major overhaul of mod_include's filter parser. The new parser code is expected to be more robust and should catch all of the edge cases that were not handled by the previous one. This includes a binary incompatible change of mod_include's external API. [André Malo]
  • mod_rewrite: Allow forced mimetypes [T=...] to get expanded. PR 14223. [André Malo]
  • mod_rewrite: Fix LA-U and LA-F lookups in directory context. Previously the current rewrite state was just used as lookup path, which lead to strange and often useless results. Related to PR 8493. [André Malo]
  • Change Listen directive to bind to all addresses when a hostname is not specified. [Justin Erenkrantz]
  • Correct failure with Listen directives on machines with IPv6 enabled. [Colm MacCárthaigh , Justin Erenkrantz]
  • Fix a link failure in mod_ssl when the OpenSSL libraries contain the ENGINE functions but the engine header files are missing. [Cliff Woolley]
  • mod_rewrite: RewriteRules in server context using the force type feature [T=...] no longer disable MultiViews. [André Malo]
  • mod_rewrite: Allow piped rewrite logs to be relative to ServerRoot. [André Malo]
  • mod_authz_groupfile: Strip trailing spaces of group names. This hopefully saves some hours of searching for typos. PR 12863. [André Malo]
  • mod_actions: Propagate the handler name to the action script via the REDIRECT_HANDLER environment variable. [André Malo]
  • mod_actions: Introduce the "virtual" modifier to the Action directive, which allows the use of handlers for virtual locations. PR 8431. [André Malo]
  • mod_speling: Recognize AcceptPathInfo setting for the particular location. Default is to reject path information. PR 21059. [André Malo]
  • mod_ext_filter: Add the ability to filter request bodies. [Philipp Reisner ]
  • Fix some broken log messages in WinNT MPM. [Juan Rivera ]
  • prefork MPM: Use the right permissions for the directory created for gprof support. [Jim Carlson ]
  • Fix a compile failure with recent OpenSSL and picky compilers (e.g., OpenSSL 0.9.7a and xlc_r on AIX). [Jeff Trawick]
  • OpenSSL headers should be included as "openssl/ssl.h", and not rely on the INCLUDE path to be defined properly. PR 11310. [Geoff Thorpe ]
  • Modify APACHE_CHECK_SSL_TOOLKIT to detect SSL-C. [Madhusudan Mathihalli]
  • Replace the APACHE_CHECK_SSL_TOOLKIT method with a cleaner one, using autoconf tools (AC_CHECK_HEADER, AC_CHECK_LIB etc). [Geoff Thorpe ]
  • change directive name from 'compressionlevel' to 'deflatecompressionlevel' [Ian Holsman, André Malo]
  • mod_negotiation: quality values are now parsed independent from the current locale. level values are now really parsed as integers. PR 17564. [André Malo]
  • Extend mod_negotiation to evaluate the environment variables no-gzip and gzip-only-text/html the same way as mod_deflate does. [André Malo]
  • mod_rewrite: Fix some problems reporting errors with mapping programs (RewriteMap prg:/something). [Jeff Trawick]
  • Return 413 if chunk-ext-header is too long rather than reading from the truncated line. PR 15857. [Justin Erenkrantz]
  • Allow restart of httpd to occur even with syntax errors in the config file. PR 16813. [Justin Erenkrantz]
  • Use APR_LAYOUT instead of APACHE_LAYOUT in configure. PR 15679. [Justin Erenkrantz]
  • Remove files on 'make distclean' that should be. PR 15592. [Justin Erenkrantz]
  • Allow apachectl to perform status with links and elinks as well. [Justin Erenkrantz]
  • mod_log_config change optional hook to return previous handler [Ian Holsman]
  • Forward port of mod_actions' ability to handle arbitrary methods with the Script directive. [André Malo]
  • Let suexec send a message to stderr, if it failed or its policy was violated. This message appears in the error log and allows for easier debugging. PR 5381, 7638, 8255, 10773. [André Malo]
  • Modify buildconf to copy all required files into httpd's tree. [Thom May ]
  • Allow mod_dav to do weak entity comparison functions. [Justin Erenkrantz]
  • Move RFC 1413 ident requests from core to new module mod_ident. [André Malo]
  • Add mod_authz_owner - a forward port of "Require file-owner" and "Require file-group", which was already present in version 1.3.21. [André Malo]
  • Add mod_dav_lock - a generic subset of the DAV locking implementation. [Justin Erenkrantz]
  • Replace some of the mutex locking in the worker MPM with atomic operations for higher concurrency. [Brian Pane]
  • Allow 'make depend' to work with non-GCC compilers. [Justin Erenkrantz]
  • If an httpd.conf has commented out AddModule directives, apxs -i -a will add an un-commented AddModule directive for the new module, which breaks the config. PR: 11212 [Joe Orton]
  • Fix mod_proxy handling of filtered input bodies. [Justin Erenkrantz]
  • Move the check of the Expect request header field after the hook for ap_post_read_request, since that is the only opportunity for modules to handle Expect extensions. [Justin Erenkrantz]
  • Rewrite of aaa modules to an authn/authz model. [Dirk-Willem van Gulik, Justin Erenkrantz]
  • [Apache 2.1.0-dev includes those bug fixes and changes with the Apache 2.0.xx tree as documented, and except as noted, below.]