In this issue

Release: 1.1.3 (Released 14th January 1997)
Beta: 1.2b8 (Released 8th April 1997)

Bugs reported in 1.2b8:

• On some systems, some children may hang-up waiting for an accept system call to return. The parent thinks the blocked children are OK so does not start any more, possibly leading to the server failing to respond to new requests for a time. This problem only affects systems which do not define USE_FLOCK_SERIALIZED_ACCEPT or USE_FCNTL_SERIALIZED_ACCEPT in conf.h (this includes SunOS 4, FreeBSD, BSDI and some others). If your system does not define these and you think you have this problem, try to #define one of these symbols (try the "FLOCK" one first, and if that does not compile or work, use the "FNCTL" version). A full fix for this should be available after the 1.2 release.
• CGI scripts do not receive a SIGPIPE when the client disconnects, on some operating systems. This will be looked at in more detail after the 1.2 release.
• If an ErrorDocument is used to define a plain text string as the error response, Apache still sends a content type of text/html (which can cause problems if the string includes HTML characters such as < or &).
• suEXEC can cause core dump if the given Group is not defined on the system.

Bugs fixed in next release:

• mod_auth_db used the incorrectly spelled directive AuthDBAuthoratative. This has been corrected to AuthDBAuthoritative.
• If a SSI file cannot be found Apache returns a 404 Not Found status, but does not log it in the error_log (normal HTML files which are not found are logged).
• Requests with invalid methods or URIs are not logged.
• The send timeout may be ignored in some circumstances.
• Various proxy module fixes
• Under suEXEC, an SSI could only exec files in the current directory, to prevent security problems. This has been restricted to allow files in sub-directories of the current directory to be executed (but not in any directory above the current directory).

Patches to some Apache 1.2b8 bugs are available in the 1.2b8 patches directory on the Apache site. At time of writing, there are three patches for the optional proxy modules. They fix compile problems on SunOS 4, FTP sites with spaces in filenames, and remote sites with multiple IP addresses.

For details of all previously reported bugs, see the Apache bug database.

Apache is currently in a 'beta release' cycle. This is where it is made available prior to full release for testing by anyone interested. Normally during the beta cycle no new major features will be added. The full release of Apache 1.2 is expected in April.

A long time ago, a new feature was added to Apache called "graceful restarts". This was intended to fix the problem that when you send a HUP signal to Apache it drops all connections currently in progress. In constrast, a graceful restart is intended to let current transfers continue to completion. Unfortunately the original implementation had a few problems, and was not stable on all systems. However it has now been reimplemented and should work properly on almost all systems.

Implementing graceful restarts is not easy, because while you want existing transfers to continue, you also need to re-read the configuration files and start some new children immediately, so that requests can continue to be accepted. It also has to deal with interrupts (signals) arriving inside system calls (such as read and write) and continue without loosing data.

This new method of doing graceful restarts does not work on systems which use a file to store the scoreboard information. Most systems use shared memory to score the scoreboard, however some, including Linux and SVR4, still use a scoreboard file. Incidently many of these systems can use shared memory (see last week's issue) and should be configured this way if possible.

If your system does use shared memory, then you can get 1.2b9 and later to do a graceful restart by sending the parent process a USR1 signal (a normal restart can still be done by sending a HUP signal). If you use mod_status to view the scoreboard you will see old children which are still handling a request marked with "G".

The Configuration file is used to say what modules are compiled into Apache. It also determines the order in which modules are invoked - this is important in various places. For example, modules which rewrite the requested URL (such as mod_alias, mod_userdir, mod_proxy and mod_rewrite) can have different effects if called in a different order.

The actual order modules are called is the reverse of their order in Configuration. That is, the modules are called starting at the last one defined in thei file, working up to the top one (which must always be the core module).

The current order of the default modules is designed to emulate the NCSA server behaviour. For example, the userdir module is listed before the alias module, so the alias module gets to rewrite URLs first, if it wants. However there are now other modules which can rewrite the URL - in particular the proxy module and the rewrite module. The current order of these modules is

  userdir
  alias
  rewrite
  proxy

(remember, modules are called in the reverse, bottom-up order). So the proxy module will get the first look at the requested URI, and if it refers to a remote site, it will rewrite it into its internal form (starting proxy:).

The new order will be

  userdir
  proxy
  alias
  rewrite

This gives the rewrite and alias modules a chance to handle requests that would previously have been done by the proxy module.

As reported in issue 60, most versions of Netscape Navigator will display a "broken image" icon if the number of bytes in the response header is exactly 256 or 257. Since Navigator is widely used, Apache will include a workaround for this problem. If it has output 256 or 257 bytes in the header, it will add an extra "padding" header of a few bytes.