In this issue

Apache 1.3.23 was released on 24^th January 2002 and is now the latest version of the Apache server. The previous release was 1.3.22, released on the 12th October 2001. See what was new in Apache 1.3.22.

Apache 1.3.23 is available in source form for compiling on Unix or Windows, for download from the main Apache site or from any mirror download site.

This is a bug fix and minor upgrade release, with a few new features. Users should upgrade if they will be affected by the particular bugs mentioned below, or would like to use any of the new features.

Due to security issues, any sites using versions prior to Apache 1.3.22 should upgrade to at least Apache 1.3.22. Read more about security issues that affect Apache 1.3.

The main new features in 1.3.23 (compared to 1.3.22) are:

• HTTP/1.1 support has been added to mod_proxy after being backported from the Apache 2.0 updates started last April. The updates include support for Cache-Control, content negotiation using Vary, persistent connection handling, and much more.
• A new directive, FileETag allows the format of the ETag to be controlled via runtime directives. Find out more about this new feature.
• Addition of a 'filter callback' function to enable modules to intercept the output byte stream for dynamic page caching

The following bugs were found in Apache 1.3.22 and have been fixed in Apache 1.3.23:

• Fix incorrect Content-Length header in 416, "Range Not Satisfiable" responses
• Revert mod_negotiation handling of path_info and query_args to the 1.3.20 behavior. PR#8628, PR#8582, PR#8538
• Prevent an Apache module from being loaded or added twice due to duplicate LoadModule or AddModule directives
• Add run-time validation of the Group directive, to catch invalid but syntactically correct values.

The following bugs relate to specific platforms:

• Versions of FreeBSD from August 2000 include a feature called "accept filters" which delay the return from accept() until a condition has been met. Apache will now use the "httpready" accept filter rather than "dataready" on FreeBSD after 4.1.1-RELEASE where it works correctly. More details of accept filters are available.
• Some fixes for Netware including link problems with mod_vhost_alias, file locking updates to get mod_auth_dbm to work, and a problem when accessing an empty directory which has option indexes specified producing an access forbidden message
• On HPUX 11, an ENOBUFS, No buffer space available error occurs when an accept() cannot complete. This error is now ignored so that child processes don't get incorrectly terminated
• Win32 platforms would incorrectly always return forbidden in response to a OPTIONS * request
• Unixware 7.0 and later did not have a default locking mechanism defined. This bug was introduced in apache 1.3.4
• A number of fixes for Cygwin including a better default mutex as well as better proxy and DBM support
• A bug on Win32 could cause Apache to stop responding to requests for a period of time if the MaxRequestsPerChild directive was set to anything other than 0. MaxRequestsPerChild of 0 is the recommended setting
• Win32 will now output an error message if the server hits the ThreadsPerChild limit. This is useful for administrators to detect when their server is running out of threads to handle requests

The release of 1.3.23 generated large amounts of traffic this week as some last minute fixes were made, and the decision was made to revert some changes which would have broken binary module compatibility on Windows. Since binary compatibility was maintained (on all platforms), any modules compiled against any 1.3 releases since 1.3.5 should continue to work with 1.3.23.

In other news, a proposal was made to tag the 2.0 tree for another new release (2.0.31), but several serious bugs remain to be fixed. Justin Erenkrantz committed large changes to clean up the filter API.

In this section we highlight some of the articles on the web that are of interest to Apache users.

IBM DB2 Developer Domain provides a tutorial (free registration required) about Web application development using various database programming interfaces with DB2 for Linux and Apache. It uses Linux (kernel 2.4), Apache 1.3.19, PHP 4.0.4p1, Perl 5.x.x, Python 1.5, and DB2 Enterprise Edition for Linux V7.1. The steps on how to install the Apache Web Server and PHP are based on an article entitled "Dynamic Duo" by Glen Johnson.

"Building A PHP-Based Mail Client (part 3)" wraps up this case study by enhancing the mail client to enable users to compose, forward or reply to a message. Readers are reminded that this application is just a prototype and is not meant for a production environment.

Another testimonial on how Apache saved a company USD50,000 during a time when every organisation has to tighten its purse strings. There are some other tips too on being resourceful in lean times.