In this issue

Apache 1.3.4 was released on 11th January 1999. It is available in source form for compiling on Unix (or Windows) and as a pre-compiled installable binary on Windows. Download it from a local download site.

This is a bug fix and minor upgrade release. There are several new features and a couple of important changes. The bugs fixed are listed at the end of this document. Because of these fixes, all users of 1.3.3 and earlier should upgrade to 1.3.4. Users on Windows systems should definitely update because of some important security fixes in 1.3.4.

Important: before compiling or using Apache 1.3.4 you should read the section below on upgrading, since there are some important incompatible changes between 1.3.3 and 1.3.4.

There are several new features in 1.3.4:

• A default language for documents can be set with the DefaultLanguage directive.
• Mappings from file extension to handler can be removed with RemoveHandler
• The negotiation module has been extensively updated to support the latest version of the HTTP/1.1 specification, to fix various bugs and inefficiencies, and to add some support for the transparent content negotiation RFCs.
• All the new HTTP/1.1 methods required for WEBDAV (distributed authoring) have been added, so that they can be used by third-party modules to implement the DAV specifications.
• A default order for fancy directory indexes can be set with IndexDefaultOrder.
• New options have been added to ./configure: --target sets the executable name, --permute-module sets relative module order, --with-layout sets the directory layout and --shadow has been extended to specify the shadow directory name.

There have been a number of important security fixes to Apache on Windows. The most important is that there is much better protection against people trying to access special DOS device names (such as "nul"). In addition, there is better processing of UNC paths, and Makefiles are now provided to allow Apache to be compiled on Windows 95.

Apache 1.3.3 and earlier came with three configuration files in the conf directory: httpd.conf, access.conf and srm.conf. This was for purely historic reasons: any directive can appear in any file, and the configuration files can have any filename (although the configuration file defaults to conf/httpd.conf unless overridden with the -f command line option).

Many people configure Apache using a single file, normally httpd.conf. This can be created by appending the contents of access.conf and srm.conf to httpd.conf, then removing access.conf and srm.conf. Apache 1.3.4 comes with this already done (although the access.conf and srm.conf files will exist containing a comment about why they are now empty).

Because of the various changes between 1.3.3 and 1.3.4, when upgrading you should beware of the following things:

• If you use ./configure to configure and compile Apache, be careful to ensure that you get the directory layout you want. If you previously used --compat, you can omit it. If you previously did not use --compat you must give --with-layout=GNU
• If you have can scripts which run Apache and use any of the arguments -?, -h, -l or -L, then they must be updated to use the new arguments (-h, -l, -L and -R, respectively)
• If you use the -S command line option to show the virtual host configuration and start the server running, you will have to do this is in two steps since -S will now exit without starting the server
• If you use UseCanonicalName inside .htaccess files, you must ensure that the Options override is in force rather than the AuthConfig override.
• If you used multiviews for content negotiation and relied on the fact that Apache read the variants from the disk in the directory order (rather than, say, alphabetically) you should check that the negotiation still works as expected (Apache now sorts the variants into order before using them, so that negotiation is not dependent on the usually arbitrary directory order of the files). This should not normally be a problem.

If you configure Apache with ./configure you will have to change the options you use to set the directory layout. If you do not currently use an option to set the directory layout you will have to use an option in 1.3.4 because the default layout has changed.

There are two layouts for directories: the first is the "Apache" layout. This was used in all versions of Apache before 1.3, and in Apache 1.3 it is still used if you use src/Configure to configure and build Apache. The second layout was introduced by ./configure, and is called the "GNU" layout because it is similar to the standard layout used by GNU tools. This created two layouts within Apache 1.3.*: the Apache layout if src/Configure was used, and the GNU layout if ./configure was used (although ./configure could also be told to use the Apache layout with the --compat option).

Unfortunately this created a lot of confusion, and in particular many people thought that the GNU layout was the preferred directory layout for 1.3, because it was the default in ./configure. It is not: the preferred layout is the "Apache" layout, consistent with src/Configure and Apache 1.2.

In Apache 1.3.4, the Apache layout becomes the default layout for ./configure. If you have been using the --compat option, then you do not need it anymore. However if you did not use the --compat option (that is, you used the GNU directory layout) then you must now use --with-layout=GNU.

This table summarises the meaning of the directory layout arguments in each version:

Layout option	Meaning in 1.3.3	Meaning in 1.3.4
None	GNU layout	Apache layout
--compat	Apache layout	Apache layout (but not needed since this is the default)
--with-layout=GNU	Not valid	GNU layout
--with-layout=Apache	Not valid	Apache layout (but not needed since this is the default)

Various command line arguments have changed in meaning. This affects the -h, -l and -L options. This table shows the meanings of these arguments in both versions of Apache.

Option	Meaning in 1.3.3	Meaning in 1.3.4
-?	List command line options	List command line options (but use -h instead)
-h	List modules	List command line options
-l	List all directives	List modules
-L	Specify location of the core loadable module if built with SHARED_CORE	List all directives
-R	Not used	Specify location of the core loadable module if built with SHARED_CORE

So if you were using -?, change to using -h. Similarly, change from -h to -l, from -l to -L and from -L to -R.

Also, the -S option now exits after showing the virtual host configuration, rather than continuing and starting the server.

These are the main bugs in 1.3.3 that have been fixed in 1.3.4:

Windows-specific Bugs

• On Unix, the file /dev/null can use used to signify a non-existing file, as in ResourceConfig /dev/null. On Windows, the file nul serves a similar purpose and can be referenced in any directory. However Apache would treat it like a real file, and since it does not actually exist, would log an error. In the next version it will be possible to use directives like ResourceConfig nul. PR#2708.
• If a script cannot be run because the interpreter specified on the initial #! line did not start correctly, log the interpreter filename and the reason it did not work.
• Doing a nmake clean did not clean the files created for mod_rewrite. PR#3100.
• More problems with the way that paths starting with drive letters and UNC designations where handled. PR#2555, PR#2915, PR#3064, PR#3232.

Other Bugs

• In some circumstances, mod_autoindex's index output could be misaligned.
• The proxy module could cause a segmentation fault if there is a problem sending a response which is non-cachable. A patch is available. PR#2950.
• If an ErrorDocument is set in a .htaccess file for 500 errors, and a 500 error occurs because of the contents of a .htaccess file in a subdirectory, the ErrorDocument will be ignored. PR#2409.
• Apache would not notice the syntax error if the closing > character was missing from a opening <Directory ...> section. PR#3279.
• Certain error conditions (such as when a handler name was defined but no handler was available with that name) would result in the wrong error status.
• Using content negotiation (mod_negotiation), Apache will return the unencoded version of a resource even if an encoded version exists and the client can accept the encoded version (encodings are things like compression with gzip or compress). PR#3447.
• If mod_negotiation is negotiating between a set of variants, some of which have a particular attribute (such as an "encoding") of the same type and others of which have no value for that attribute, Apache does not create a proper Vary header in the response. Note that Apache does create a proper Vary header when the variants have different values for the attribute.
• ./configure could get confused when trying to configure a modules whose name is part of another module's name (for example, modules named fastcgi and cgi). PR#3380.
• mod_perl was not properly disabling <!--#perl sub=... --> when IncludesNoExec option was set. PR#3502.
• Some dynamically loaded modules were not initialised properly. This caused problems with mod_perl where the perl-script handler was not found.
• As reported previously, a bug in the AIX C compiler makes Apache given a "Expected </Files> but saw </Files>" error (or the same error for the other container directives). Patches are now available from IBM to fix the compiler, from http://service.software.ibm.com/support/rs6000. PR#2312.
• The Apache -S option shows the virtual host configuration, but unlike the -t option it then continued and ran Apache. This has now been changed to exit after displaying the configuration.
• In a log format, the %v and %p log options log the information from the request, rather than the official ServerName and Port.
• The proxy module was not allowing the (valid) syntax http://host:/path. PR#3530.
• The directives UseCanonicalName and ContentDigest are now allowed in .htaccess files if the Options option is in effect, rather than the AuthConfig option.
• In a directory index, the SuppressColumnSorting option could be overridden by specifying the sort option on the URL query string.

Apache Site: www.apache.org
Release: 1.3.4 (Released 11^th January 1999) (local download sites)
Beta: None

Apache 1.3.4 is the current stable release. Users of Apache 1.3.3 and earlier should look at upgrading to this version. Read Guide to 1.3.4 for information about changes between 1.3.3 and 1.3.4 and between 1.2 and 1.3.4.