In this issue

Apache Site: www.apache.org
Release: 1.2.5 (Released 5^th January 1998) (local download sites)
Beta: 1.3b5 (Released 19^th February 1998) (local download sites)

Apache 1.2.5 is the current stable release. Users of Apache 1.2.4 and earlier should upgrade to this version since it fixes a number of bugs and potential security problems. A new version, 1.2.6, is expected soon.

The bugs listed below now include a link to the entry in the Apache bug database where the problem is being tracked. These entries are called "PR"s (Problem Reports). Some bugs do not correspond to problem reports if they are found by developers.

These bugs have been found in 1.3 and will be fixed in the next beta (1.3b6)

Because of the major differences between Windows and Unix, these are separated into bugs which affect Windows systems only, and other bugs (which may affect Windows as well). Unix users can ignore the bugs listed in the Windows section.

Windows-specific Bugs

• Scripts starting with #! may not work in 1.3b5 unless the interpreter filename includes the file extension. To work-around this problem before 1.3b6 comes out, replace lines like #!c:/bin/perl with #!c:/bin/perl.exe.
• Any trailing slashs on the "path info" component of a URI is not put into the PATH_INFO variable. For example, with a request for /cgi-bin/mycgi/path/, the mycgi script will receive a PATH_INFO containing /path instead of /path/. PR#1786.

Other Bugs

• In mod_rewrite, the expansions $N, %N, %{NAME} and ${map:key} were not all being expanded at all places where strings are created.
• In imagemap definitions, poly sections did not include the border in the region, while rect did. PR#1771.
• On recent Solaris systems, Apache uses "mutex" calls as an efficient way of locking between processes. However there have been problems with some modules, such as when using SSI's or mod_php. This seems to be caused by bug's in the Solaris mutex code. So from the next beta, Solaris will use the "old" method of locking, using a temporary file.

Patches for bugs in Apache 1.2.5 may be made available in the apply_to_1.2.5 directory on the Apache site (this directory may not exist if no patches are available). Some new features and other unofficial patches are available in the 1.2 patches directory (these may not apply cleanly to 1.2.5). For details of all previously reported bugs, see the Apache bug database and known bugs pages. Many common configuration questions are answered in the Apache FAQ.

Development has slowed down to prepare for the release of Apache 1.3. During the beta release cycle Apache is in a "feature freeze" where no major new features will be added.

From the next beta, configuration file lines ending with a backslash will be treated as a continuation line, and the next line will be appended. For example

  Alias /stuff     \
     http://www.stuff_here.com/

will be treated as a single line containing the Alias directive. This will make it easier to layout complex directives (such a mod_rewrite rules) in an understandable way. To really end a line with a backslash, use two backslashes (\\).

When Apache's Configure is run, it finds out the operating system it is running on and checks for various libraries and facilities. When modules are compiled they may need to obtain this information from the Apache configuration, otherwise they will have to check these things for themselves. Even if a module checks for itself, it may get a slightly different configuration from Apache, which could cause problems. Currently under development is a way for modules files to know the Apache configuration, probably by a C header file written out by Configure.

Some of the functions which the Apache core makes available to modules can cause clashes with libraries used by modules. Many of the functions have fairly generic names, such as palloc, get_token and copy_array. A new compile-time directive is being added for the next beta which will "hide" all these functions by renaming them to start with AP_. Modules can still access the functions exactly as before, but they should use names like AP_palloc and so on.

To ensure backward compatibility with current modules, this hiding is not enabled by default. However if adding an external library causes a name collision, it can be enabled by setting Rule=HIDE in the Configuration file.

At present in Apache there are several parts of the code that work extensively with URIs, including virtual host matching code, request line parsing (HTTP1/1 requests can include a full URI), mod_proxy and mod_rewrite. This code is being cleaned-up and placed into the Apache core as a set of API functions which modules can use to parse URIs. This will also involve some changes to elements of the request_rec structure, which may affect modules.

The token %a has been added to the LogFormat and CustomLog format. It logs the IP address of the client.

Apache's share increased again this month in the March Netcraft Web Server Survey. The share of the other major developers (Microsoft, Netscape, NCSA and O'Reilly) fell slightly. Apache is now used on 975,289 sites, and together with its derivatives makes up 51.36% of the surveyed addresses.

A module has been announced which embeds a Tcl interpreter into Apache. It is available from http://www.sateh.com/mod_tcl. This is not part of the Apache project.

Open Market, Inc, has obtained three patents covering real-time credit card transactions, electronic shopping carts and session information (such as cookies). This is reported on ZDNet, and further information is available from Open Market.

These patents cover very broad areas, and seem in general to cover many things which have been widely implemented by other people. For example the session identifier patent covers a "means for appending the session identifier as part of a path name in a uniform resource locator", which sound exactly like the PATH_INFO part of a URL. This patent was filed in June 1995.

Patents are intended to allow companies to protect their investment in developing new technologies and products. It is a shame that the US Patent Office lets companies such as Open Market get away with patenting technology which has already been openly developed and implemented. By patenting general purpose and widely implemented technology they seem to be attempting to boost their revenues, since Open Market have not yet made a profit from sales of their own products according to the ZDNet article.

LAN Times online covers Apache's current market position in " Apache still the Web's unsung hero". The only significant problem with Apache, they report, is the lack of vendor support. For example, an analyst thinks that Apache is not good enough for most companies because "nobody can come out to the site and fix a problem on four hour's notice" (which seems to imply that all other server vendors offer such a service with their shipped products). But an Apache user is quoted as thinking that some analysts are underestimating Apache: "It might not be out on that company's main Internet site, but it's probably used in more large companies than you'd think."

PC Magazine online reviews log analysis tools in The Results Are In. Apache is mentioned in passing, in a list of possible log formats: "Apache extended; Lotus Domino; Microsoft IIS, IIS Extended, and IIS Virtual; NCSA Combined and Extended; Netscape Combined and Proxy; and O'Reilly Website Combined, to name a few.". There is no such thing as an Apache extended format, although Apache can log in any of the listed formats if desired. The article continues "In addition, all servers generate log files in basic CERN/NCSA Common Log File format, a proprietary format that captures a broad range of data.". The Common Log Format (CLF) is not proprietary.