In this issue

There was discussion this week on the development list about allowing encoded slash characters in URIs. Traditionally, Apache has rejected any requests which include a URI-encoded slash character, %2F, since otherwise these may be passed through to CGI scripts (via the PATH_INFO environment variable) in their un-escaped form. This is done to prevent possible security vulnerabilities in CGI scripts which don't perform sanity checking on input variables. Ken Coar is working on a patch to add a configuration directive which conditionally enables processing of requests to URIs which include encoded slash characters.

In other news; an improved download page has been deployed which allows users to easily choose and download the Apache source releases from a particular mirror site. After considerable debate and voting, the proposals to begin branching the Apache 2.0 tree for separate "stable" and "development" series look set to be implemented soon.

It's only a couple of weeks until ApacheCon. ApacheCon is being held in Las Vegas, USA from the 19th-21th November 2002, with an optional day of tutorials available on November 18th. The last ApacheCon was over 18 months ago, and the conference program is full of new and interesting talks.

Apache Week will be on hand as always to report on the event, and for the all-you-can-eat hotel buffets. Find out more at the conference web site, or read our account of ApacheCon 2001 Santa Clara.

GovExec.com report on the Red Hat sponsored open source security summit in the story Defense, cybersecurity officials praise 'open source' software. During a presentation at the summit, Marcus Sachs, a director of the White House cyber-security office talked briefly about the Apache web server.

"...nearly one-third of all government Web sites use Apache, the leading open-source server software. The number of military Web sites using it is 22 percent, second to Microsoft's server software, but military use of Apache is growing rapidly"

In this section we highlight some of the articles on the web that are of interest to Apache users.

"Apache 2: Improvements Are Obvious, But Upgrade Choices Aren't" revisits the benefits of using Apache 2.0 over Apache 1.3 and unravels the mystery of the slow adoption rate of Apache 2.0. If you are having difficulty deciding whether to upgrade or not, this article may bring you a little closer to your decision.

O'Reilly Mac DevCenter shows you how to build your very own Apache web server with mod_perl on Mac OS X. It lists the reasons for replacing the default Apache that comes with Mac OS X with a self-built version and then provides a step-by-step guide on configuring, compiling, installing, and testing mod_perl and Apache.

"mod_rewrite: A Beginner's Guide to URL Rewriting" uses a few simple but practical examples to explain the basics of using mod_rewrite. It demonstrates how to enable mod_rewrite in your Apache web server, and set the RewriteRule, RewriteCond, and RewriteMap directives to accomplish tasks such as ensuring that your URLs are user-friendly, and disallowing links to your images from external websites.

In the August 2002 issue of Linux Magazine, the article entitled "Long Processes Through CGI" offers a solution for running long tasks without users getting bored or Apache dropping the connection. It walks you through a sample Perl script which forks a process to execute the long task and redirects the client to a new URL which points to the results of the task. If the results are incomplete, a meta-refresh tag is added as a header to ask the client to poll the same URL after a predefined number of seconds.

Apache Week is a weekly publication, but over the last few months we've missed out the occasional issue. We've done this when there is little or no news as feedback from readers has shown that this is preferable to us sending out a tiny issue with no content. With ApacheCon and many staff holidays we expect to miss out a few more issues in the coming months. However should there be important announcements, security notifications, or new releases, we will be sure to cover them.