Issue 10, 12th April 1996:

		Newsletter
		Back issues

		Features

		Apache security

		Apache 2.0

		Other features

		About Apache Week
Copyright ©2020 Red Hat, Inc

In this issue

Version

Apache does it right -- Linus

Under Development

Version

Version 1.1 coming soon: a beta test release will be available from April 19th. In the meantime, 1.0.3 is the current stable public release.

Apache does it right -- Linus

The incredibly popular Linux operating system was originally developed Linus Torvalds, who is still very active in developing the software. He recently commented on Apache on the Linux developments list:

Apache seems to do the pre-forking the _right_ way, ie not having just 
one listener that then gives out the requests to the others, but having all 
the servers listen to the port, and then the one that gets there first 
gets to serve it too. No fd passing, no overhead, no stupidity.

In short, it seems everybody should use apache.

                Linus

Under Development

In these week's technical developments: protecting access via URLs as well as files, handling PUT and DELETE requests and a look at HTML parsing languages.

Location

You will know that you can configure directories using the <Directory> directive in the access.conf file. But Apache is now being extended to handle URLs in arbitrary ways - for example, mapping them onto particular cgi files via handlers. So there needs to be a way of configuring based on requested URL, even if it doesn't map onto a file system. This is the job of the new <Location> directive, which is basically identical to <Directory>, except that is (a) is applied only if no <Directory> section matched the file requested (if any), and (b) it is matched against the requested URL, not the file it maps onto (if any). It might sound complex, but it could prove very useful for configuring non-file accesses, such as the status reports and for protecting the proxy cache.

Handling PUT and DELETE

Apache has been updated to handle PUT and DELETE requests, as well as extending the handling of GET and POST. You can specify a script to handle each of these types of requests. These scripts will only get called if nothing else can process the the request. This lets site developers use PUT and DELETE - which is particularily useful for users of Netscape Navigator Gold, which uses PUT to update pages on a site. This mechanism can also handle GET and POST requests (for the GET request, this only happens if the request contains query string arguments).

The directive to set this up is Script, and it is used like this:

Script GET /cgi-bin/handle-search
Script POST /cgi-bin/handle-post
Script PUT /cgi-bin/handle-put
Script DELETE /cgi-bin/handle-delete

These are similar to the CERN server Search, POST-Script, PUT-Script and DELETE-Script directives.

HTML Scripting

An easy (well, hopefully) way to add new capabilities to your server without too much programming is to use some sort of "parsed HTML". This is a souped-up version of server side includes which lets you use variables, conditionals, loops and so on. Like SSI, these scripts get parsed on the server so they work with all browsers. There are several implementations of HTML scripting now available: NeoScript (linked to apache by a module); XSSI (apache module); SSIplus and PHP.

Forcing a handler or mime type

New directives have been added to force all the files in a particular directory to be processed by a given handler, or to be returned with a particular type. To set a handler, use SetHandler, and to set a mime type use ForceType. Note that these directives force the given type or handler to be applied to all files in the section, irrespective of the usually extension mapping rules.

For example, a download directory could use "ForceType applicaton/octet-stream" in a .htaccess file to make the browser save the files, rather than try and display them. Or, all files in a directory could be treated as CGI programs with

<Directory /usr/local/etc/httpd/cgi-bin>
SetHandler cgi-script
</Directory>

OS/2 Bug Fix

A security bug in Apache 1.0.* for OS/2 has been fixed. The bug is OS/2 specific and does not affect Apache on any other platforms. It is recommened that all OS/2 users upgrade to fixed version Apache for OS/2 1.0.3b immediately.

Realix & DG/UX

A user has ported Apache 1.0.3 to MODCOMP's Realix operating system, which is a real-time variant of Motorola's SYSVR3 running on MOTOROLA 88K and Intel. Apache 1.1 will now also compile on DG/UX systems.

It's the FAQ

The Apache project FAQ has been updated to reflect the current state of development.

Commercial: Run ISAPI under Apache

CrossConnect/ISAPI from Celera Software includes a module to let Apache run extensions written in Microsoft's Internet Server API.