In this issue

The three main topics of discussion this week on the development lists were Roy Fielding's proposal for a new Apache release procedure, mod_proxy, and SSL support for Apache 2.0.

The proposal for a new release procedure means that the Apache CVS tree would be tagged by the developers every couple of weeks, at a point when the tree has settled and is not undergoing major changes. The code at this tag would then be tested, and depending on the outcome of the testing, publicly distributed as an "alpha", "beta", or "stable" release. The main aim of the new procedure is to produce frequent, high-quality Apache releases. Another advantages is that development can continue whilst the release is in testing, and the tree is not required to be "frozen" as the current policy dictates. Ryan Bloom began implementing the procedure this week by tagging the Apache 2.0 tree.

Despite mod_proxy having a large user-base, its development in Apache has stagnated recently, resulting in calls this week that it should either be removed from the Apache 2.0 tree completely, or moved into a separate repository to allow development to proceed independently of Apache itself. The final decision has not yet been made, although Chuck Murcko was spurred into action and committed some patches to make mod_proxy compile again in the current Apache 2.0 CVS tree.

At ApacheCon Europe last November, a meeting took place between Ben Laurie (the author of Apache-SSL), Ralf Engelschall (the author of mod_ssl), Mark Cox (Red Hat), and Randy Terbush (Covalent). The meeting was held to decide the fate of SSL support for Apache 2.0, aiming to avoid the current situation of parallel module development for Apache 1.3. The discussion continued on the list this week, and although a little technical ground was covered, the problems remain mainly political.

This issue marks the fifth anniversary of Apache Week. Issue one was published on 9th February 1996, although it was only available on the Web until we started an email subscription option with issue 6.

When issue one was published, Apache version 1.0.0 had been out for just over a month. The current stable version was 1.0.2. The first Netcraft Server Survey we reported on, in issue 5 (March 1996) showed that Apache was almost the most popular server: it had 27% compared to NCSA's httpd with 28%. Apache became the most widely used server in the April 1996 survey, reported in issue 9. By happy coincidence, this issue also celebrated the first anniversary of the creation of Apache. In July 1996 Apache 1.1 was released (issue 23)

By January 1997 we were delivering Apache Week to over 3000 address, plus visitors to the Apache Week web site. We covered the long Apache 1.2 beta cycle, which had started on 1st December 1996 with 1.2b1 and continued until Apache 1.2 was released in June 1997 (issue 68). The 1.3 beta cycle started in October 1997 (issue 87) and continued until Apache 1.3.0 was released in June 1998 (issue 118). Whilst 1.3.0 was highly stable on Unix systems, it was much less developed on Windows.

In August 1998 the Netcraft Server Survey showed for the first time that Apache was in use on more than half the world's internet servers, and Ralf Engelschall released the first version of the popular mod_ssl module. In October the first official Apache conference, ApacheCon 98, was held in San Fransisco and was a huge sucess drawing nearly 500 registrations (issue 134). This was the first time most of the Apache developers had met. Two more Apache conferences have been held since then, with the most recent in London providing a unique opportunity to talk to the people behind the software. There were memorable moments too, a keynote by author Douglas Adams, and the first time that Ralf Engelschall (mod_ssl) and Ben Laurie (Apache-SSL) met. [photo, jpeg].

Towards the end of 1998, Apache was recognised by Microsoft as a real and credible threat to their business in their leaked memos (issue 137).

In July 1999 (issue 165) the Apache Software Foundation was formed with the aim to provide a legal framework for Apache and related open-source projects such as the Jakarta and XML projects.

Apache 1.3 remains the stable branch of the Apache software, now at 1.3.17 (released 26th January 2001). Although the new releases are designed mostly for bug fixes there have been a significant number of new features added in the last year.

The Apache group have been working on Apache 2.0 for a long time, with initial plans reported in February 1998 (issue 102). In September 1999 (issue 173) we published a Apache 2.0 preview and stated that a beta version should be available in late 1999 or early 2000. In February 2000 we reported a beta was likely in March 2000. It is now likely that a public beta release will be made available in February 2001, although it may be some time before 2.0 is a full stable release. Previous experience has shown it can take nearly a year after a release before a significant proportion of sites upgrade.

Today Apache-based servers are on use on over 60% of the world's Internet sites, including some of the more famous sites such as Amazon.com. Apache Week is now delivered to over 12,000 addresses, with a similar number of unique visitors each week to the web site. We teamed up with the O'Reilly network just over a year ago, and last summer Apache Week became part of Red Hat when C2Net was aquired. However the content, editorial control, and impartiality have not been changed. The revenues we get from the extra advert banners are being used to fund more in-depth articles, as well as a percentage direct to the Apache Software Foundation.

Apache Week will continue to bring you the latest news about Apache and its development, as it happens. We will also monitor how Apache is being reported in the news, and where appropriate respond with corrections or clarifications.

In this section we highlight some of the articles on the web that are of interest to Apache users.

Linux Gazette provides three different options to redirect a request to another virtual host running on the same webserver. If you want to distinguish yourself from the boys, the solution is to use mod_rewrite under a Virtual Host container. It also shows you how to achieve the same results using a Perl script or the Redirect directive.

Chris Bush explains the basics of Tomcat configuration and includes instructions for integrating Tomcat with Apache in "Linux as an Application Server - The Tomcat Way". A good read for those interested in supporting Java Servlet 2.2 and JSP 1.1 with Apache Web Server.

More on JSP as the Developer Shed kicks off a new series of tutorials with "The JSP Files (part 1)". It explains the history, basics of JSP documents and assumes that your JSP development environment is ready. In case it isn't, you can always refer to the article we mentioned above.

In "Safer CGI Scripting", Charles Walker and Larry Bennett cover methods to fix various CGI scripts vulnerabilities and touch on developing a CGI security strategy. Although the examples are written in Perl and C, they can also be applied to the scripting language of your choice.