In this issue

Apache Site: www.apache.org
Release: 1.2.5 (Released 5^th January 1998) (local download sites)
Beta: 1.3b5 (Released 19^th February 1998) (local download sites)

Apache 1.2.5 is the current stable release. Users of Apache 1.2.4 and earlier should upgrade to this version since it fixes a number of bugs and potential security problems. A new version, 1.2.6, is expected soon.

The bugs listed below now include a link to the entry in the Apache bug database where the problem is being tracked. These entries are called "PR"s (Problem Reports). Some bugs do not correspond to problem reports if they are found by developers.

These bugs have been found in 1.3 and will be fixed in the next beta (1.3b6)

• UserDir with multiple arguments does not work. A patch is available. PR#1850.
• mod_rewrite may not work correctly. A patch is available. PR#1847.
• Sending an INT or QUIT signal to Apache running with this -X flag does not work.
• CGI programs and SSI's can access the Proxy-Authorization header. It should be hidden, like Authorization, to prevent access to usernames and passwords.
• If no Port setting is given, Apache 1.3b5 will default to 0 instead of 80.
• Add support for FreeBSD 3, update FreeBSD configuration to use the OS-supplied regular expression library.
• Hostname comparison on NoCache and NoProxy directives was being done case-sensitive.
• BrowserMatch did not work if the regular expression given contained spaces and was not double-quoted. This bug occurred since mod_setenvif replaced mod_browser.

Patches for bugs in Apache 1.2.5 may be made available in the apply_to_1.2.5 directory on the Apache site (this directory may not exist if no patches are available). Some new features and other unofficial patches are available in the 1.2 patches directory (these may not apply cleanly to 1.2.5). For details of all previously reported bugs, see the Apache bug database and known bugs pages. Many common configuration questions are answered in the Apache FAQ.

Development has slowed down to prepare for the release of Apache 1.3. During the beta release cycle Apache is in a "feature freeze" where no major new features will be added.

The next beta of Apache will feature a couple of changes that allow it to be used as a reverse proxy. This is where it is placed "in front" of the real origin server, typically to load balance between multiple machines. The end user makes requests to the reverse proxy, which then obtains the response from one or more origin servers. The end user is never aware that the machine they are accessing does not actually generate the responses.

The first change is a new ProxyPassReverse directive in the mod_proxy module. This can be configured to make Apache intercept Location headers in the response from the origin server that refer back to the origin server and rewrite them to refer to the Apache reverse-proxy instead.

The second change is to mod_rewrite. This adds two new map types for the RewriteMap directive. This first new map type is rnd, which is the same as the txt type except that the result can consist of multiple parts separated by | characters, and mod_rewrite will pick a part at random. This can be used to randomly assign requests across several origin servers. The second RewriteMap change is a new map type of int which accesses an internal (to Apache) conversion function. Currently two are defined: toupper and tolower, which perform the requested case conversion on the item being rewritten.

The case-converson rewrite rules can also used to support virtual hosting using rewrite rules instead of <VirtualHost> sections. The case conversions are required to ensure that the requested hostname is mapped to a defined case, for when it is inserted into the rewritten URL (i.e. the same case as the directory names used to hold the virtual host content files). Using rewrite rules rather than <VirtualHost> sections also requires the use of the recently-added UseCanonicalName directive.

One of the known bugs in Apache NT is that it has a compiled-in reference to \Apache as the directory for the server root files. This can be overridden with the -d command line flag when Apache is started, but this is inconvenient when starting Apache as a service, and impossible to use when Apache is started at boot time or via the net start apache command. From the next beta release Apache will get the server root location from the registry, unless overridden by the -d flag on the command line.

The binary installer for Apache 1.3b6 or later will initialise the registry with the value of server root based on the directory where Apache is being installed. The server root value in the registry can later be changed at any time by running Apache with the -i flag (which on NT also installs Apache as a service; on 95 it just sets the registry value).

CNet has reviewed several NT web servers including Apache 1.3b3 in Running on NT: 5 web servers compared. They also performed some static-page and CGI load tests, where Apache had the poorest performance of all the tested servers, and was unstable during the CGI tests. This is not a great surprise, since Apache on NT has not been tuned for performance, and there are known bugs in related to running CGI. Despite the performance of the current beta, they comment that "we expect it to constantly improve until it becomes competitive with the commercial NT Web servers".

Fox News mentions Apache in passing in Netscape For Sale, where they comment that IIS is more inviting than Apache or Netscape as an NT server because it is free.