In this issue

A proposal to add two new modules to the Apache httpd distribution (mod_macro and mod_define) reopened two age-old debates; what set of modules should be included in httpd, and whether or not a richer macro language should be allowed in configuration files. The latter question gained the usual consensus that external tools such as m4 should be used to preprocess the configuration file, rather than supporting a new programming language inside Apache. On the former question, there appears to be growing support for the idea of a CPAN-like distribution of extension modules, a system also recently adopted by PHP with the PEAR project.

Rich Bowen identified a case where a directory permissions problem could cause Apache 1.3 to return a 403 error code for a GET request, but not log an error message - a situation which can cause significant confusion for many server administrators. The bug, which turned out to have been introduced as a workaround for another problem, has been fixed in the 1.3 tree.

Preparations for a 2.0.46 release are well underway; the stable tree has been tagged twice for testing and is running on the live apache.org server. The new release includes bug fixes for a variety of minor problems. There is a suspicion that a performance hit of a few percent has been introduced since 2.0.45, though the problem remains to be identified. A new 1.3 release, 1.3.28 may also be forthcoming in the next few weeks.

Inspired by our feature, "Vendor patches to Apache", NewsFactor Network talks to Apache Week editor Mark Cox in their story "Patching Apache".

There are hundreds of distributors of the software, and most of them make tiny changes to the code to suit their own needs. Keeping a tight rein on modifications seems like a difficult proposition, but the politics of the open-source community have kept Apache largely intact. Still, some vendors are going their own way with the software and finding that certain improvements do make sense.

In this section we highlight some of the articles on the web that are of interest to Apache users.

"Integrating Tomcat with Apache" shows you how to install Tomcat 4.1.18 and mod_jk from a binary distribution, build mod_jk from source, and configure the Apache's httpd.conf and the Workers files to make them work together. The steps provided can also be applied to the latest release of Tomcat 4, version 4.1.24. It also gives you a few pointers on what to look out for if you encounter errors while testing your installation.

SecurityFocus presents a short step-by-step tutorial on setting up a secure Apache 1.3.27 web server on FreeBSD 4.7. First, it specifies the functionality required and security assumptions made for the web server, then it installs, builds and configures Apache to use only the minimum required modules in a chrooted environment, and ends by writing a start-up script. Some of the items not covered by this set up are SSL web servers, dynamic web pages, and CGI scripts.

In "Deploying Apache Tomcat on FreeBSD", Tony Arcieri walks you through the steps of building a native JDK 1.3 for FreeBSD, installing Apache 2 and Tomcat 4.1.12, and configuring Apache 2 to use mod_webapp as the connector module. He succeeded in proving that it is not difficult to set up a FreeBSD-based Java Application Server.

"Open Source Web Development with LAMP" by James Lee and Brent Ware scores full marks in Alan Eibner's review at Slashdot. Chapter 5 - MySQL of the book is now available online in PDF format.