Discussion on the development list became tense this week as the
2.0.25 release appeared to be going the way of 2.0.24, which would
make it the seventh tarball not getting through testing since the
last public release. Recent problems have been with the
mod_mime and mod_include modules. There was some
debate as to whether the new release strategy was working; Roy
Fielding, who proposed the strategy, pointed out that:
"the reason 2.0 doesn't have a good beta release is because
it simply has not been ready for beta release -- the big fixes we have
been making lately have vastly improved it over what it was two months
Since its conception in July, the Apache HTTP Test project has been
playing an increasingly important part in the progression of the 2.0
The test project comprises a pair of programs: Flood, a
profile-driven load tester, and Perl Framework, a
regression testing kit. Flood can be used for stress testing HTTP and SSL
servers, and uses an XML
based configuration language. The Perl code is based on the mod_perl test harness, and has
over 1500 tests at time of writing.
Jim Jagielski has been working on back-porting the
AcceptMutex directive from 2.0 to 1.3. This directive
allows run-time configuration of the mutex
type used for accept serialization, currently a compile-time only
setting in 1.3. Since different types of mutex have different
performance characteristics on different platforms, this directive
will allow administrators to tune their Apache server more easily.
RUS-CERT has discovered a vulnerability that affects several third-party
Apache authentication modules that use SQL databases to store
authentication information. An external attacker can make use of this
vulnerability to obtain arbitrary data from your server.
modules known to be affected include:
If you are using one of these modules, or any other module to authenticate against a SQL database read
the full advisory and update your module.
According to this document,
IBM have incorporated Apache 2.0 into their
iSeries web server product line. One of the team at IBM commented
to the development list that although the product internally used an
alpha version of Apache, 2.0.18,
their product is "not 'beta' but fully supported." and that they
are "working on getting stuff back into the original code base."
In this section we highlight some of the articles on the web that are of
interest to Apache users.
O'Reilly ONLamp.com brings you the latest information about filters
for Apache 2.0 in Ryan Bloom's column. This article is just an
introduction to the subject, covering some of the basic concepts of
filtered I/O which is the ability for one module to modify the output of
an earlier module, listing three standard filters included in the basic
Apache distribution, and explaining what filter types are. According to
Ryan, developers have improved the interface over the past few releases so
that the complex task of writing filters becomes easier.
It's an overall thumbs up to the "Apache Desktop Reference" from Sys
Admin magazine in this short book
review by Elizabeth Zinkann. You'll need to scroll all the way down to
read it. She describes it as a superbly written, well-organized, humorous,
informative, insightful, extraordinary, essential, and indispensable guide
to the Apache Web Server. What's more you can read the whole book
In the wake of the Code Red worm, Joe "Zonker" Brockmeier warns Unix and
Linux administrators running the Apache Web Server not to let their guard
down in this tongue-in-cheek but apt piece entitled "Thinking
about Security". I'm sure many of you will find his advice on how to
stop your boss from embarrassing himself useful.