In this issue

Some 500 miles and 19 months after the last conference on the state of the world for Apache, developers and users gathered in Las Vegas to converse again about the world's most popular web server.

For this year's conference over 300 attendees turned up to see the day of tutorials or three days of conference sessions. The conference included 60 presentations, 16 Birds of a Feather sessions, 3 keynotes, and free access to the Comdex exhibition running at the same time across town.

No doubt the highlight for many at this year's ApacheCon was the Closing Session where a number of goodies supplied by the conference vendors were raffled off including books, AMD processors and other wonderful swag. But most important to those in attendance and to the Apache community at large came the announcement that 2003 will see two ApacheCon conferences; the return of ApacheCon Europe which will occur in the spring at a location yet to be determined, and ApacheCon US which will return to Las Vegas in November.

Overall most attendees seemed impressed with the return of ApacheCon. While the production of the event was modest compared to previous conferences the quality of the presenters and the presentations where of the high quality one would expect. Indeed, with so many interesting talks it was easy to find people cutting out of one presentation to hear the end of another. Most importantly, ApacheCon has shown that it is still The Apache Event for Apache developers and users to come together and discuss everyone's favourite web server.

The re-organisation of the Apache 2.0 CVS repositories has begun, aiming to allow work to progress concurrently on a "stable" 2.0 branch, and a "development" branch, which will use the version number 2.1. There has been considerable debate on exactly how to create the two branches (either using CVS's branch mechanism, or to use separate CVS modules); and what development policy to use for the stable branch. Some developers favoured the "review then commit" (RTC) policy, where any changes must be reviewed on the mailing list before being checked in. Others preferred to continue the "commit then review" policy which requires no review before check-in.

A 2.0.44 release (from the "stable" branch) is due soon with the usual horde of bug fixes; mod_cache and the CGI modules receiving particular attention in this release.

Giving a glimpse of things to come on the 2.1 development branch, Brian Pane posted a request for comments on the design of a new MPM which can process multiple connections per thread. This design is a radical departure from all existing Apache processing models, with several different sets of threads co-ordinating to process each request.

In this section we highlight some of the articles on the web that are of interest to Apache users.

If you would like to read reviews other than ours about talks during ApacheCon 2002 Las Vegas, you may be interested to check out Michael J. Radwin's blogs. Please remember to read the comments by Theo and George Schlossnagle on Michael's review on their presentation "Scalable Internet Architectures" as well.

O'Reilly OnJava.com kicks off a new series about the JK modules with "Configuring Tomcat and Apache With JK 1.2". It skims through the section on installing Apache and Tomcat to focus on integrating the two by walking you through the steps of configuring Tomcat's server.xml file and Apache's httpd.conf file. It uses a prebuilt mod_jk binary on a Windows machine but mentions that similar steps also apply to various flavours of Unix system.

"One IP, Many Domains: An Apache Virtual Hosting HOWTO Version 1.0" shows you how to set up non-SSL name-based virtual hosts for Apache 2 on Red Hat Linux 8.0 but does not cover DNS issues. It also demonstrates how to use the Apacheconf GUI to achieve this without having to edit the httpd.conf file manually.

Eric Rescorla did a study of user responses to security flaws from the announcement of the OpenSSL remote buffer overflows of July 2002 all the way through the release of the worm that exploited this vulnerability in September 2002. The paper entitled "Security holes... Who cares?" is definitely worth reading, if only to find out which category of users you fall into.

"Security: Apache" is a basic level article on monitoring attacks on your web server, protecting your files, and the potential security risks of SSI and CGI. It briefly touches on suEXEC and CGIWrap as ways to reduce the security risks involved when allowing users to execute private SSI or CGI scripts.

Aimed at beginners and intermediate users of Apache 2.0 this book covers how to install, build, configure, customise, monitor, and troubleshoot Apache 2.0 on a variety of platforms ranging from Linux, Windows to other Unix flavours.

Overall, this book is a scrumptious appetiser to a full course of Apache 2.0 because it leaves you hungry for more. Its explanation in layman terms, and useful diagrams build the foundation for you to absorb more in-depth information about Apache 2.0 from other sources as suggested in the "Further Reading" section. However, the information it provides is sufficient to enable Apache 1.3 users to migrate to the new version. Web server administrators who are new to Apache may find it useful to read through the whole book and may take more than 24 hours to digest its contents before moving on to a more advanced book. Apache 1.3 users who are in a hurry can just focus on the Hours about Apache architecture (Hour 2), multi-processing modules (Hour 11), filters (Hour 12), migration to Apache 2.0 (Hour 23), and skim through all the rest of the Hours.

"Apache Administrator's Handbook" by Rich Bowen and two contributing authors, Allan Liska and Daniel Lopez, was first printed by Sams Publishing in March 2002. It is intended to be a practical, hands-on guide on how to install, configure, and administer the Apache Web server for Apache Web server administrators and Web dynamic content developers. It stresses that this book is not meant to be a comprehensive Apache manual so it does not provide a detailed listing of all the Apache directives, usage, and syntax. Neither does it cater for Apache modules developers. It covers mainly Apache 1.3 and only touches briefly on Apache 2.0 as Apache 2.0 was still in beta when the book was published.

Compared to other Apache books on the market, this book contains more information about running Apache on Windows. A complete chapter concentrates solely on the details for installing Apache on Microsoft Windows, and lists the differences between Apache on Windows and Unix, namely the multithreaded versus preforked model. There are also short sections about mod_perl on Windows, and security tips for running Apache and CGI scripts on Windows.

If you are migrating to Apache from another web server or thinking of using Apache on Windows, then this is a good book to start with.

For a chance to get your hands a copy of the book "Teach Yourself Apache 2 in 24 hours", answer this simple question:

Where was the ApacheCon in November 2002 held?
A) New York, USA, B) Las Vegas, USA, or C) Grimethorpe, England

Send your answer to freebook@apacheweek.com to reach us no later than December 5th 2002. Your email address will not be used for anything other than to let you know if you won. One winner will be drawn at random from all correct entries submitted. One entry per person, no cash alternative, editors' decision is final.