Apache Week
    
   Issue 19, 14th June 1996:  
Newsletter
Back issues
Features
Apache security
Apache 2.0
Other features
About Apache Week

Copyright ©2020 Red Hat, Inc

In this issue

Version

1.0.5 is the current stable public release. The beta test version, 1.1b, is now at version 3, with a release version of 1.1 due very soon.

1.1b3 Released

The last beta of Apache 1.1 was released this week. A number of bug fixes and other changes have been made since 1.1b2.

  • The cgi-bin and cgi-src directories have been removed as the Apache group could no longer support them.
  • Multiple Set-Cookie directives now work. As reported in last week's Apache Week, Netscape and other Cookie supporting browsers were unable to handle Apache merging multiple Set-Cookie lines output by CGI programs.
  • The problems with relative imagemaps were fixed and extensively tested. Other internal imagemapp changes were made to allow the any two opposing corners in any order to specify a rectangle area and to fix a potential infinite loop bug.
  • The new "info" module was included. This module outputs details of how Apache has been configured and what modules have been compiled in.
  • Various fixes detailed in last week's Apache Week including the virtual host ServerPatch, the content negotiation wildcard fix and a number of new Mime types.
  • The default configuration file was tidied, rearranging the ordering of the optional modules, and providing clearer explanations as to the functionality of each module.
  • Numerous mod_proxy bugs fixed
  • Anonymous authentication module improvements,
  • New htdigest utility included for use with digest authentication module,
  • MSQL authentication module improvements,
  • Status module now tables based,
  • CGI early-termination bug,
  • Keepalives not working with virtual hosts fixed
  • RefererIgnore problems fixed
  • Core dumps on Linux and elsewhere caused by closing file descriptors twice fixed.
  • Handling of Netscape-SSL style "CONNECT" proxy requests, based on the Netscape SSL Tunneling document
  • Several new features added to the Apache API to aid module developers. rprintf(), rputs(), pstrndup(), table_unset() and get_token()

Bugs in 1.1b3

Several new bugs have been noticed and fixed in preparation for a 1.1 release.

inet_aton Missing
New code in the proxy module added to 1.1b3 fails to compile on a number of platforms that don't have a inet_aton() library function. Fixed for 1.1
Invalid Meta* lines
The configuration file, srm.conf-dist, contained configuration lines for the CERN metafile module. This module is no longer compiled in by default, so the Meta* lines need to be removed. Fixed for 1.1.

Virtual Hosts and Listens
There were a number of bug reports concering the interaction between the Listen directives and the Host: header handling. The Host-header checking code was assuming that all the virtual hosts were on the same port as the main server, which isn't neccessarily true anymore since <VirtualHost host:port> is valid. A patch is being tested.

A second problem occured when the server listens to multiple ports (using the httpd.conf 'Listen <port>' directive). Sending a SIGHUP to the main server did not reclaim all the child processes. This is fixed in 1.1

Other bugs
  • The status module has been patched to provide a difftime() function that was missing on SunOS 4.
  • The internal memory allocation system for Apache does not currently check to make sure that memory was allocated sucessfully.

Under Development

More Merged Header Problems
There have been problems recently with the Netscape browser that will not accept multiple Set-Cookie headers from a CGI program that had been legally merged. The way Apache handles headers may need to be changed in the future as there are headers that should not be merged.

Headers can be classed as those that can be merged (the default), those that must be duplicated (at the moment only the Set-Cookie header due to the Netscape bug) and those that should only be ever output once (such as Expires, Last-Modified and many more).

Log Rotation and SIGHUPs
Currently if you want to have the server rotate its logfiles and start logging somewhere else you send it a HUP. This has the effect of also killing whatever transfers are currently in progress. For most sites this only occurs when they rotate their logs once a week and can be ignored. Sites with large multimedia files are more worried about the problem as users may be part of the way through a huge download.

Currently on receipt of a SIGHUP all the children processes exit immediately. What they could do is finish whatever request they are working on, and then die. But this solution has its own problems; until every request currently in progress has completed no new Web pages can be served. A solution is to make all the logging information sent to a separate process. This would also solve the problem of systems running out of file descriptors when they are set up for a large number of virtual hosts.

Apache already has a mechanism for doing this, using the "|" prefix for the log filename allows logging to be sent to a separate process. A sample program, rotatelogs.c is distributed in the support directory of Apache as an example.

New Postgres95 module
A new version of the Apache module for Postgres95 user authentication was released including documentation and maintenance scripts.