In this issue

There was further discussion of the MPMs in 2.0 this week, as the perchild MPM was moved into the "experimental" directory to reflect the expected stability from the module. A second new experimental thread-based MPM, threadpool was added by Brian Pane, with a design similar to the leader/follower MPM which was committed last week. Brian also benchmarked four of the MPMs available for Unix systems: finding that leader/follower gave the best performance for a server listening on a single port, and worker the best performance for a server listening on two ports.

The following changes have been committed to the Apache 2.0 CVS tree since the 2.0.35 release:

• hooks added to mod_dav allowing a repository provider module to implement the DASL (WebDAV search) specification
• fix to allow using mod_proxy and mod_ssl as a reverse SSL to HTTP proxy (BZ#8174)
• fix for an infinite loop in mod_ssl which could be triggered by using Netscape Navigator
• fix a performance problem under high load in the Windows NT MPM
• fix a possible deadlock in the Netware MPM
• addition of new experimental "leader/follower" and "threadpool" MPMs due to performance problems in the worker MPM under high load (see last week's issue)
• performance and reliability fixes in the worker MPM
• added new MIME types image/vnd.djvu and application/xhtml+xml (BZ#7795, BZ#7969)
• fix for segfaults seen when generating "invalid byterange" responses (code 416)
• HTTP compliance fixes: read trailing headers of chunked input bodies, and allow an empty Host: header (BZ#7441)
• documentation updates (BZ#8037, BZ#7832)
• many small build and configure fixes (BZ#7840, BZ#7818, BZ#7802, BZ#7841)
• fixes to mod_proxy (PR#10010)
• portability fixes for AIX (BZ#7957), Solaris (BZ#7876), Mac OS X (BZ#7970), and Windows (BZ#7910)

eWeek benchmark Apache 2.0 in their article Apache 2.0 Beats IIS at Its Own Game. Although they find little performance difference on Unix between Apache 2.0 and Apache 1.3, the results on Windows against IIS 5.0 are more significant.

Apache kept pace with IIS during the entire test, which means that sites that move from IIS to Apache 2.0 on Windows won't have to worry about taking a performance hit.

Two commercial packages based on Apache made the news this week. Firstly, New Architect magazine review Covalent Enterprise Ready Server and find it to be a complete management system for handling configuration, monitoring, and log file management of a distributed network of servers. Meanwhile, Red Hat launched their Stronghold Enterprise web server for Linux and Unix platforms based on open source technologies including Apache, AxKit, Tomcat, and OpenSSL.

In this section we highlight some of the articles on the web that are of interest to Apache users.

After many close encounters with spambots, Neil Gunton decides to share with us his secrets of having successfully eliminated spambots from trawling his web site in "Stopping Spambots: A Spambot Trap". In a friendly conversational style, he provides us with the full scripts and step-by-step instructions on how to set a trap for spambots, and then block the IP address of the bot that falls into the trap by using Apache, mod_perl, Perl, MySQL and ipchains rules. He also discusses the pros and cons of his Spambot Trap system.

Here's an article that is almost too good to be true - "Writing Self-Documenting PHP Code". It shows you how PHPDoc can be used to automatically generate API documentation for your PHP classes from the comments within your code. Of course your comments need to conform to a specific format, but it'll save you the tedious task of writing the API manual yourself later on.

The second installment of the AxKit series examines the pipeline processing model further. It then implements a simple XSP taglib in a pipeline with XSLT to create dynamic pages. As in the first installment, the article uses a nice diagram to illustrate the concept of a pipeline.

"Apache and SSL" by Paul Weinstein first gives a brief introduction about the SSL (Secure Sockets Layer), and TLS (Transport Layer Security) protocols. Then it explores how the SSL handshake is performed to establish an SSL session, and ends by looking at how Apache implements SSL.

We received just under 500 entries to our recent competition, although 4 of those were spam which goes to show how quickly email address harvesting robots get to work on a site. Congratulations to the three lucky winners chosen at random; Robin Berjon (France), Nigel Boor (UK), and Ralf Hildebrandt (Germany).

Thanks also for the many comments that were sent in, mostly revolving around the most likely ingredients that would be in the chef making the chili. Read the Apache Week review of the mod_perl Cookbook.