In this issue
Some 500 miles and 19 months after the last conference on the
state of the world for Apache, developers and users gathered in Las
Vegas to converse again about the world's most popular web server.
For this year's conference over 300 attendees turned up to see the day
of tutorials or three days of conference sessions. The conference
included 60 presentations, 16 Birds of
a Feather sessions, 3 keynotes, and free access to the Comdex exhibition running
at the same time across town.
No doubt the highlight for many at this year's ApacheCon
was the Closing Session where a number of goodies
supplied by the conference vendors were raffled off including books,
AMD processors and other wonderful swag. But most important to those
in attendance and to the Apache community at large came the
announcement that 2003 will see two ApacheCon conferences; the return
of ApacheCon Europe which will occur in the spring at a location yet to be
determined, and ApacheCon US which will return to Las Vegas in
Overall most attendees seemed impressed with the return of
ApacheCon. While the production of the event was modest compared to
previous conferences the quality of the presenters and the
presentations where of the high quality one would expect. Indeed,
with so many interesting talks it was easy to find people cutting out
of one presentation to hear the end of another. Most importantly,
ApacheCon has shown that it is still The Apache Event for Apache
developers and users to come together and discuss everyone's favourite
Read our full review of ApacheCon 2002
The re-organisation of the Apache 2.0 CVS repositories has begun,
aiming to allow work to progress concurrently on a "stable" 2.0
branch, and a "development" branch, which will use the version number
2.1. There has been considerable debate on exactly how to create the
two branches (either using CVS's branch mechanism, or to use
separate CVS modules); and what development policy to use
for the stable branch. Some developers favoured the "review then
commit" (RTC) policy, where any changes must be reviewed on the
mailing list before being checked in. Others preferred to continue
the "commit then review" policy which requires no review before
A 2.0.44 release (from the "stable" branch) is due soon with the
usual horde of bug fixes; mod_cache and the CGI
modules receiving particular attention in this release.
Giving a glimpse of things to come on the 2.1 development branch,
Brian Pane posted a request for comments on the design of a new
MPM which can process multiple connections per thread. This design is
a radical departure from all existing Apache processing models, with several
different sets of threads co-ordinating to process each request.
In this section we highlight some of the articles on the web that are of
interest to Apache users.
If you would like to read reviews other than ours about talks during
ApacheCon 2002 Las Vegas, you may be interested to
Michael J. Radwin's blogs.
Please remember to read the
by Theo and George Schlossnagle on Michael's review on their
presentation "Scalable Internet Architectures" as well.
O'Reilly OnJava.com kicks off a new series about the JK modules with
"Configuring Tomcat and Apache With JK 1.2".
It skims through the section on installing Apache and Tomcat to focus
on integrating the two by walking you through the steps of
configuring Tomcat's server.xml file and Apache's
httpd.conf file. It uses a prebuilt
mod_jk binary on a Windows machine but
mentions that similar steps also apply to various flavours of Unix
"One IP, Many Domains: An Apache Virtual Hosting HOWTO Version 1.0"
shows you how to set up non-SSL name-based virtual hosts for Apache 2
on Red Hat Linux 8.0 but does not cover DNS issues. It also demonstrates
how to use the Apacheconf GUI to achieve this without having to edit
the httpd.conf file manually.
Eric Rescorla did a study of user responses to security flaws from the
announcement of the OpenSSL remote buffer overflows of July 2002 all
the way through the release of the worm that exploited this
vulnerability in September 2002. The paper entitled
"Security holes... Who cares?"
is definitely worth reading, if only to find out which category of users
you fall into.
is a basic level article on monitoring attacks on your web server,
protecting your files, and the potential security risks of SSI and CGI.
It briefly touches on suEXEC and
CGIWrap as ways to reduce the security risks
involved when allowing users to execute private SSI or CGI scripts.
Teach Yourself Apache 2 in 24 hours
Aimed at beginners and intermediate users of Apache 2.0 this book
covers how to install, build, configure, customise, monitor, and
troubleshoot Apache 2.0 on a variety of platforms ranging from Linux,
Windows to other Unix flavours.
Overall, this book is a scrumptious appetiser to a full course of Apache
2.0 because it leaves you hungry for more. Its explanation in layman
terms, and useful diagrams build the foundation for you to absorb more
in-depth information about Apache 2.0 from other sources as suggested
in the "Further Reading" section. However, the information it provides
is sufficient to enable Apache 1.3 users to migrate to the new version.
Web server administrators who are new to Apache may find it useful to
read through the whole book and may take more than 24 hours to digest
its contents before moving on to a more advanced book. Apache 1.3 users
who are in a hurry can just focus on the Hours about Apache architecture
(Hour 2), multi-processing modules (Hour 11), filters (Hour 12), migration
to Apache 2.0 (Hour 23), and skim through all the rest of the Hours.
Read our full review
Apache Administrator's Handbook
"Apache Administrator's Handbook" by Rich Bowen and two
contributing authors, Allan Liska and Daniel Lopez, was first printed
by Sams Publishing in March 2002. It is intended to be a practical,
hands-on guide on how to install, configure, and administer the Apache
Web server for Apache Web server administrators and Web dynamic
content developers. It stresses that this book is not meant to be a
comprehensive Apache manual so it does not provide a detailed listing
of all the Apache directives, usage, and syntax. Neither does it cater
for Apache modules developers. It covers mainly Apache 1.3 and only
touches briefly on Apache 2.0 as Apache 2.0 was still in beta when the
book was published.
Compared to other Apache books on the market, this book contains
more information about running Apache on Windows. A complete chapter
concentrates solely on the details for installing Apache on Microsoft
Windows, and lists the differences between Apache on Windows and Unix,
namely the multithreaded versus preforked model. There are also short
sections about mod_perl on Windows, and security
tips for running Apache and CGI scripts on Windows.
If you are migrating to Apache from another web server or thinking
of using Apache on Windows, then this is a good book to start
Read our full review
For a chance to get your hands a copy of the book "Teach Yourself Apache 2 in 24 hours", answer this
Where was the ApacheCon in November 2002 held?
A) New York, USA, B) Las Vegas, USA, or C)
Send your answer to firstname.lastname@example.org
to reach us no later than December 5th 2002.
Your email address will not be used for
anything other than to let you know if you won. One winner
will be drawn at random from all correct entries submitted.
One entry per person, no cash alternative, editors' decision