Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.2.18 Changelog
  • Log an error for failures to read a chunk-size, and return 408 instead 413 when this is due to a read timeout. This change also fixes some cases of two error documents being sent in the response for the same scenario. [Eric Covener] PR49167
  • core: Only log a 408 if it is no keepalive timeout. PR 39785 [Ruediger Pluem, Mark Montague ]
  • core: Treat timeout reading request as 408 error, not 400. Log 408 errors in access log as was done in Apache 1.3.x. PR 39785 [Nobutaka Mantani , Stefan Fritsch, Dan Poirier]
  • Core HTTP: disable keepalive when the Client has sent Expect: 100-continue but we respond directly with a non-100 response. Keepalive here led to data from clients continuing being treated as a new request. PR 47087. [Nick Kew]
  • htpasswd: Change the default algorithm for htpasswd to MD5 on all platforms. Crypt with its 8 character limit is not useful anymore; improve out of disk space handling (PR 30877); print a warning if a password is truncated by crypt. [Stefan Fritsch]
  • mod_win32: Added shebang check for '! so that .vbs scripts work as CGI. Win32's cscript interpreter can only use a single quote as comment char. [Guenter Knauf]
  • configure: Fix htpasswd/htdbm libcrypt link errors with some newer linkers. [Stefan Fritsch]
  • MinGW build improvements. PR 49535. [John Vandenberg , Jeff Trawick]
  • mod_ssl, ab: Support OpenSSL compiled without SSLv2 support. [Stefan Fritsch]
  • core: AllowEncodedSlashes new option NoDecode to allow encoded slashes in request URL path info but not decode them. PR 35256, PR 46830. [Dan Poirier]
  • mod_rewrite: Allow to unset environment variables. PR 50746. [Rainer Jung]
  • suEXEC: Add Suexec directive to disable suEXEC without renaming the binary (Suexec Off), or force startup failure if suEXEC is required but not supported (Suexec On). [Jeff Trawick]
  • mod_proxy: Put the worker in error state if the SSL handshake with the backend fails. PR 50332. [Daniel Ruggeri , Ruediger Pluem]
  • prefork: Update MPM state in children during a graceful restart. Allow the HTTP connection handling loop to terminate early during a graceful restart. PR 41743. [Andrew Punch ]
  • mod_ssl: Correctly read full lines in input filter when the line is incomplete during first read. PR 50481. [Ruediger Pluem]
  • mod_autoindex: Merge IndexOptions from server to directory context when the directory has no mod_autoindex directives. PR 47766. [Eric Covener]
  • mod_cache: Make sure that we never allow a 304 Not Modified response that we asked for to leak to the client should the 304 response be uncacheable. PR45341 [Graham Leggett]
  • mod_dav: Send 400 error if malformed Content-Range header is received for a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
  • mod_userdir: Add merging of enable, disable, and filename arguments to UserDir directive, leaving enable/disable of userlists unmerged. PR 44076 [Eric Covener]
  • core: Honor 'AcceptPathInfo OFF' during internal redirects, such as per-directory mod_rewrite substitutions. PR 50349. [Eric Covener]
  • mod_cache: Check the request to determine whether we are allowed to return cached content at all, and respect a "Cache-Control: no-cache" header from a client. Previously, "no-cache" would behave like "max-age=0". [Graham Leggett]
  • mod_mem_cache: Add a debug msg when a streaming response exceeds MCacheMaxStreamingBuffer, since mod_cache will follow up with a scary 'memory allocation failed' debug message. PR 49604. [Eric Covener]
  • proxy_connect: Don't give up in the middle of a CONNECT tunnel when the child process is starting to exit. PR50220. [Eric Covener]