Apache HTTP Server
Overview of New Features in Apache 1.3
New features with this release, as extensions of the Apache
functionality. Because the core code has changed so significantly,
there are certain liberties that earlier versions of Apache (and
the NCSA daemon) took that recent Apache versions are pickier about
- please check the
compatibility notes if you have any problems.
If you're upgrading from Apache 1.2, you may wish to read the upgrade notes.
Enhancements: Core | Performance | Configuration | Modules | API | Misc
- Dynamic Shared Object (DSO)
support
- Apache modules may now be loaded at runtime; this means that
modules can be loaded into the server process space only when
necessary, thus overall memory usage by Apache will be
significantly reduced. DSO currently is supported on FreeBSD,
OpenBSD, NetBSD, Linux, Solaris, SunOS, Digital UNIX, IRIX, HP/UX,
UnixWare, NetWare, AIX, ReliantUnix and generic SVR4
platforms.
- Support for Windows
NT/95
- Apache now supports the Windows NT and Windows 2000 operating
systems. While Apache may run on Windows 95, 98, or ME, these
consumer products are never recommended for production
environments, and their use remains experimental. All versions of
Apache running on Windows prior to 1.3.15 should be considered beta
quality releases.
- Support for
Cygwin
- Apache now supports the Cygwin platform for the Windows NT and
Windows 2000 operating systems. The Cygwin versions should be
considered as stable and reliable as the Windows native counterpart.
- Support for NetWare
5.x
- Apache now supports NetWare 5.x and above operating
systems.
- Re-organized
Sources
- The source files for Apache have been re-organized. The main
difference for Apache users is that the "Module" lines in
Configuration
have been replaced with "AddModule" with
a slightly different syntax. For module authors there are some
changes designed to make it easier for users to add their
module.
- Reliable Piped Logs
- On almost all Unix architectures Apache now implements
"reliable" piped logs in
mod_log_config. Where reliable means that if the logging child
dies for whatever reason, Apache will recover and respawn it
without having to restart the entire server. Furthermore if the
logging child becomes "stuck" and isn't reading its pipe frequently
enough Apache will also restart it. This opens up more
opportunities for log rotation, hit filtering, real-time splitting
of multiple vhosts into separate logs, and asynchronous DNS
resolving on the fly.
- IP-based virtual hosts are looked up via hash table.
- <Directory> parsing speedups.
- The critical path for static requests has fewer system calls.
This generally helps all requests. (45 syscalls for a static
request in 1.2 versus 22 in 1.3 in a well tuned
configuration).
-
ProxyReceiveBufferSize
directive gives
mod_proxy
's outgoing connections larger network
buffers, for increased throughput.
- The low level I/O routines use
writev
(where
available) to issue multiple writes with a single system call. They
also avoid copying memory into buffers as much as possible. The
result is less CPU time spent on transferring large files.
- Static requests are served using
mmap
, which means
bytes are only copied from the disk buffer to the network buffer
directly by the kernel. The program never copies bytes around,
which reduces CPU time. (Only where available/tested.)
- When presented with a load spike, the server quickly adapts by
spawning children at faster rates.
- The code which dispatches modules was optimized to avoid
repeatedly skipping over modules that don't implement certain
phases of the API. (This skipping showed up as 5% of the CPU time
on profiles of a server with the default module mix.)
- Revamp of the Unix scoreboard management code so that less time
is spent counting children in various states. Previously a scan was
performed for each hit, now it is performed only once per second.
This should be noticeable on servers running with hundreds of
children and high loads.
- New serialization choices improve performance on Linux, and
IRIX.
mod_log_config
can be compile-time configured to buffer
writes.
- Replaced
strncpy()
with ap_cpystrn()
,
a routine which doesn't have to zero-fill the entire result. This
has dramatic effects on mod_include
speed.
- Additions to the internal "table" API (used for keeping lists
of key/value string pairs) provide for up to 20% performance
improvement in many situations.
See the new performance
documentation for more information.
- Unified Server Configuration Files
- (Apache 1.3.4) The contents of the three server
configuration files (httpd.conf,
srm.conf, and access.conf) have been
merged into a single httpd.conf file. The
srm.conf and access.conf files are now
empty except for comments directing the Webmaster to look in
httpd.conf. In addition, the merged
httpd.conf file has been restructured to allow
directives to appear in a hopefully more intuitive and meaningful
order.
- Continuation Lines in config files
- Directive lines in the server configuration files may now be
split onto multiple lines by using the canonical Unix continuation
mechanism, namely a '\' as the last non-blank character on the line
to indicate that the next line should be concatenated.
- Apache Autoconf-style Interface (APACI)
- Until Apache 1.3 there was no real out-of-the-box batch-capable
build and installation procedure for the complete Apache package.
This is now provided by a top-level
configure
script
and a corresponding top-level Makefile.tmpl
file. The
goal is to provide a GNU Autoconf-style frontend which is capable
to both drive the old src/Configure
stuff in batch and
additionally installs the package with a GNU-conforming directory
layout. Any options from the old configuration scheme are available
plus a lot of new options for flexibly customizing Apache.
Note: The default installation layout has changed
for Apache 1.3.4. See the files README.configure
and
INSTALL
for more information.
- APache eXtenSion (APXS) support tool
- Now that Apache provides full support for loading modules under
runtime from dynamic shared object (DSO) files, a new support tool
apxs
was created which provides off-source building,
installing and activating of those DSO-based modules. It completely
hides the platform-dependent DSO-build commands from the user and
provides an easy way to build modules outside the Apache source
tree. To achieve this APACI installs the Apache C header files
together with the apxs
tool.
- Default Apache directory
path changed to
/usr/local/apache/
- The default directory for the Apache ServerRoot changed from
the NCSA-compatible
/usr/local/etc/httpd/
to
/usr/local/apache/
. This change covers only the
default setting (and the documentation); it is of course possible
to override it using the -d
ServerRoot and -f httpd.conf switches when
starting apache.
- Improved HTTP/1.1-style Virtual Hosts
- The new
NameVirtualHost
directive is used to list IP
address:port pairs on which HTTP/1.1-style virtual hosting occurs.
This is vhosting based on the Host:
header from the
client. Previously this address was implicitly the same as the
"main address" of the machine, and this caused no end of problems
for users, and was not powerful enough. Please see the Apache
Virtual Host documentation for further details on
configuration.
Include
directive
- The
Include
directive includes other config files
immediately at that point in parsing.
- -S command line option for debugging vhost
setup
- If Apache is invoked with the
-S
command line
option it will dump out information regarding how it parsed the
VirtualHost
sections. This is useful for folks trying
to debug their virtual host configuration.
- Control of HTTP methods
-
<LimitExcept> and </LimitExcept> are used to
enclose a group of access control directives which will then apply
to any HTTP access method not listed in the arguments; i.e., it is
the opposite of a <Limit> section and can be used to control
both standard and nonstandard/unrecognized methods.
-
Improved mod_negotiation
- The optional content negotiation (MultiViews) module has been
completely overhauled for Apache 1.3.4, incorporating the latest
HTTP/1.1 revisions and the experimental Transparent Content
Negotion features of RFC 2295 and RFC 2296.
-
NEW - Spelling correction module
- This optional module corrects frequently occurring spelling and
capitalization errors in document names requested from the
server.
-
NEW - Conditional setting of environment
variables
- The addition of
SetEnvIf
and
SetEnvIfNoCase
. These allow you to set environment
variables for server and CGI use based upon attributes of the
request.
-
NEW - "Magic" MIME-typing
- The optional
mod_mime_magic
has been added. It
uses "magic numbers" and other hints from a file's contents to
figure out what the contents are. It then uses this information to
set the file's media type, if it cannot be determined by the file's
extension.
-
NEW - Unique Request Identifiers
-
mod_unique_id can be included to generate a unique identifier
that distinguishes a hit from every other hit. ("Unique" has some
restrictions on it.) The identifier is available in the environment
variable
UNIQUE_ID
.
- mod_proxy enhancements:
-
- Easier and safer authentication for ftp proxy logins: When no
ftp user name and/or password is specified in the URL, but the
destination ftp server requires one, Apache now returns a "[401]
Authorization Required" status. This status code usually makes the
client browser pop up an "Enter user name and password" dialog, and
the request is retried with the given user authentification. That
is slightly more secure than specifying the authentication
information as part of the request URL, where it could be logged in
plaintext by older proxy servers.
- The new AllowCONNECT directive allows
configuration of the port numbers to which the proxy CONNECT method
may connect. That allows proxying to https://some.server:8443/
which resulted in an error message prior to Apache version
1.3.2.
- The proxy now supports the HTTP/1.1 "Via:" header as specified
in RFC2068. The new
ProxyVia
directive allows switching "Via:" support
off or on, or suppressing outgoing "Via:" header lines altogether
for privacy reasons.
- The "Max-Forwards:" TRACE header specified in HTTP/1.1 is now
supported. With it, you can trace the path of a request along a
chain of proxies (if they, too, support it).
-
NoProxy
and
ProxyDomain
directives added to proxy, useful for
intranets.
- New
ProxyPassReverse
directive. It lets Apache adjust the
URL in the Location header on HTTP redirect
responses.
- Easier navigation in ftp server directory trees.
-
Enhanced
mod_include
string
comparisons
- The string-based server-side include (SSI) flow-control
directives now include comparison for less-than (<),
less-than-or-equal (<=), greater-than (>), and
greater-than-or-equal (>=). Previously comparisons could only be
made for equality or inequality.
- ServerRoot relative auth filenames
- Auth filenames for the various authentication modules are now
treated as relative to the ServerRoot if they are not full
paths.
-
Enhancements to directory indexing:
-
- Code split:The
mod_dir
module has
been split in two, with mod_dir
handling directory index files, and
mod_autoindex creating directory listings. Thus allowing folks
to remove the indexing function from critical servers.
- Sortable: Clicking on a column title will now
sort the listing in order by the values in that column. This
feature can be disabled using the
SuppressColumnSorting
IndexOptions keyword.
-
SuppressHTMLPreamble
can be used
if your README.html file includes its own HTML header.
- The
IndexOptions
directive now allows
the use of incremental prefixes (+/- to add/remove the respective
keyword feature, as was already possible for the
Options directive) to its keyword arguments. Multiple
IndexOptions directives applying to the same directory will now be
merged.
-
IconHeight
and
IconWidth
let you set height and
width attributes to the <IMG>
tag in directory
listings.
- The new
NameWidth
keyword to the
IndexOptions directive lets you set the number of columns for
"fancy" directory listings. If set to an '*' asterisk, the name
width will be adjusted automatically.
- The
FancyIndexing directive now correctly has the same
impact as
IndexOptions FancyIndexing without replacing
the effect of any existing IndexOptions
directive.
- Starting with 1.3.15, the server will satisfy directory
requests with the cache controls ETag and LastModified, if
IndexOptions includes the
TrackModified directive. The server will not need
to generate the listing if the client determines the request has
not changed, improving performance. Due to its experimental nature,
this feature is not enabled by default.
- Less Buffering of CGI Script Output
- In previous versions of Apache, the output from CGI scripts
would be internally buffered by the server, and wouldn't be
forwarded to the client until either the buffers were full or the
CGI script completed. As of Apache 1.3, the buffer to the client is
flushed any time it contains something and the server is waiting
for more information from the script. This allows CGI script to
provide partial status reports during long processing
operations.
-
Regular Expression support for
Alias
and
Redirect
- New
AliasMatch
,
ScriptAliasMatch
, and
RedirectMatch
directives allow for the use of
regular expression matching. Additionally, new
<DirectoryMatch>
,
<LocationMatch>
, and
<FilesMatch>
sections provide a new syntax
for regular expression sectioning.
-
AddModuleInfo
directive added to
mod_info
- Allows additional information to be listed along with a
specified module.
- Absence of any
TransferLog
disables
logging
- If no
TransferLog
directive is given then no log is
written. This supports co-existence with other logging
modules.
- Ability to name logging formats
- The
LogFormat
directive has been enhanced to allow you
to give nicknames to specific logging formats. You can then use
these nicknames in other LogFormat
and
CustomLog
directives, rather than having to spell
out the complete log format string each time.
- Conditional logging
-
mod_log_config now supports logging based upon environment
variables. mod_log_referer and mod_log_agent are now
deprecated.
- mod_cern_meta configurable per-directory
-
mod_cern_meta is now configurable on a per-directory
basis.
- New map types for
RewriteMap
directive
- The new map types `Randomized Plain Text' and `Internal
Function' were added to the
RewriteMap
directive of
mod_rewrite. They provide two new features: First, you now can
randomly choose a sub-value from a value which was looked-up in a
rewriting map (which is useful when choosing between backend
servers in a Reverse Proxy situation). Second, you now can
translate URL parts to fixed (upper or lower) case (which is useful
when doing mass virtual hosting by the help of mod_rewrite).
- CIDR and Netmask access control
-
mod_access directives now support CIDR (Classless Inter-Domain
Routing) style prefixes, and netmasks for greater control over IP
access lists.
For all those module writers and code hackers:
child_init
- A new phase for Apache's API is called once per "heavy-weight
process," before any requests are handled. This allows the module
to set up anything that need to be done once per processes. For
example, connections to databases.
child_exit
- A new phase called once per "heavy-weight process," when it is
terminating. Note that it can't be called in some fatal cases (such
as segfaults and kill -9). The
child_init
and
child_exit
functions are passed a pool whose lifetime
is the same as the lifetime of the child (modulo completely fatal
events in which Apache has no hope of recovering). In contrast, the
module init
function is passed a pool whose lifetime
ends when the parent exits or restarts.
child_terminate
- Used in the child to indicate the child should exit after
finishing the current request.
register_other_child
- See
http_main.h
. This is used in the parent to
register a child for monitoring. The parent will report status to a
supplied callback function. This allows modules to create their own
children which are monitored along with the httpd children.
piped_log
- See
http_log.h
. This API provides the common code
for implementing piped logs. In particular it implements a reliable
piped log on architectures supporting it (i.e., Unix at
the moment).
- scoreboard format changed
- The scoreboard format is quite different. It is considered a
"private" interface in general, so it's only mentioned here as an
FYI.
set_last_modified
split into
three
- The old function
set_last_modified
performed
multiple jobs including the setting of the
Last-Modified
header, the ETag
header,
and processing conditional requests (such as IMS). These functions
have been split into three functions:
set_last_modified
, set_etag
, and
meets_conditions
. The field mtime
has
been added to request_rec
to facilitate
meets_conditions
.
- New error logging function:
ap_log_error
- All old logging functions are deprecated, we are in the process
of replacing them with a single function called
ap_log_error
. This is still a work in progress.
set_file_slot
for config
parsing
- The
set_file_slot
routine provides a standard
routine that prepends ServerRoot to non-absolute paths.
post_read_request
module API
- This request phase occurs immediately after reading the request
(headers), and immediately after creating an internal redirect. It
is most useful for setting environment variables to affect future
phases.
psocket
, and
popendir
- The
psocket
and pclosesocket
functions allow for race-condition free socket creation with
resource tracking. Similarly popendir
and
pclosedir
protect directory reading.
is_initial_req
- Test if the request is the initial request (i.e., the
one coming from the client).
kill_only_once
- An option to
ap_spawn_child
functions which
prevents Apache from aggressively trying to kill off the
child.
alloc debugging code
- Defining
ALLOC_DEBUG
provides a rudimentary memory
debugger which can be used on live servers with low impact -- it
sets all allocated and freed memory bytes to 0xa5. Defining
ALLOC_USE_MALLOC
will cause the alloc code to use
malloc()
and free()
for each object. This
is far more expensive and should only be used for testing with
tools such as Electric Fence and Purify. See
main/alloc.c
for more details.
ap_cpystrn
- The new
strncpy
"lookalike", with slightly
different semantics is much faster than strncpy
because it doesn't have to zero-fill the entire buffer.
table_addn
, table_setn
,
table_mergen
- These new functions do not call
pstrdup
on their arguments. This provides for big
speedups. There is also some debugging support to ensure code uses
them properly. See src/CHANGES
for more
information.
construct_url
- The function prototype for this changed from taking a
server_rec *
to taking a request_rec
*
.
get_server_name
,
get_server_port
- These are wrappers which deal with the
UseCanonicalName directive when retrieving the server name and
port for a request.
- Change to prototype for
ap_bspawn_child
and ap_call_exec
- Added a
child_info *
to spawn
function (as passed to ap_bspawn_child
) and to
ap_call_exec
to allow children to work correctly on
Win32. We also cleaned up the nomenclature a bit, replacing
spawn_child_err
with simply
ap_spawn_child
and spawn_child_err_buff
with simply ap_bspawn_child
.
ap_add_version_component()
- This API function allows for modules to add their own
additional server tokens which are printed on the on the
Server:
header line. Previous 1.3beta versions had
used a SERVER_SUBVERSION
compile-time
#define
to perform this function. Whether the tokens
are actually displayed is controlled by the new
ServerTokens
directive.
- Port
to EBCDIC mainframe machine running BS2000/OSD
- As a premiere, this version of Apache comes with a beta version
of a port to a mainframe machine which uses the EBCDIC character
set as its native codeset (It is the SIEMENS family of mainframes
running the BS2000/OSD operating system on a IBM/390 compatible
processor. This mainframe OS nowadays features a SVR4-like POSIX
subsystem).
-
AccessFileName
Enhancement
- The
AccessFileName
directive can now take more
than one filename. This lets sites serving pages from network file
systems and more than one Apache web server, configure access based
on the server through which shared pages are being served.
HostnameLookups
now defaults to
"Off"
- The
HostnameLookups
directive now defaults to "Off".
This means that, unless explicitly turned on, the server will not
resolve IP addresses into names. This was done to spare the
Internet from unnecessary DNS traffic.
- Double-Reverse DNS enforced
- The
HostnameLookups
directive now supports
double-reverse DNS. (Known as PARANOID in the terminology
of tcp_wrappers.) An IP address passes a double-reverse DNS test if
the forward map of the reverse map includes the original IP.
Regardless of the HostnameLookups setting,
mod_access access lists using DNS names
require all names to pass a double-reverse DNS
test. (Prior versions of Apache required a compile-time switch to
enable double-reverse DNS.)
- LogLevel and syslog support
- Apache now has
configurable error logging levels and supports
error logging via syslogd(8).
- Detaching from stdin/out/err
- On boot Apache will now detach from stdin, stdout, and stderr.
It does not detach from stderr until it has successfully read the
config files. So you will see errors in the config file. This
should make it easier to start Apache via rsh or crontab.
- Year-2000
Improvements
- The default
timefmt
string used by
mod_include
has been modified to display the year
using four digits rather than the two-digit format used previously.
The
mod_autoindex
module has also been modified to
display years using four digits in FancyIndexed directory
listings.
- Common routines Moving to a Separate
Library
- There are a number of functions and routines that have been
developed for the Apache project that supplement or supersede
library routines that differ from one operating system to another.
While most of these are used only by the Apache server itself, some
are referenced by supporting applications (such as
htdigest
), and these other applications would fail to
build because the routines were built only into the server. These
routines are now being migrated to a separate subdirectory and
library so they can be used by other applications than just the
server. See the src/ap/
subdirectory.
- New
ServerSignature
directive
- This directive optionally adds a line containing the server
version and virtual host name to server-generated pages (error
documents, ftp directory listings, mod_info output etc.).
This makes it easier for users to tell which server produced the
error message, especially in a proxy chain (often found in intranet
environments).
- New
UseCanonicalName
directive
- This directive gives control over how Apache creates
self-referential URLs. Previously Apache would always use the
ServerName and
Port directives to construct a "canonical" name for the server.
With
UseCanonicalName off
Apache will use the hostname
and port supplied by the client, if available.
SERVER_VERSION
definition abstracted, and
server build date added
- In earlier versions, the Apache server version was available to
modules through the
#define
d value for
SERVER_VERSION
. In order to keep this value consistent
when modules and the core server are compiled at different times,
this information is now available through the core API routine
ap_get_server_version()
. The use of the
SERVER_VERSION
symbol is deprecated. Also,
ap_get_server_built()
returns a string representing
the time the core server was linked.
-
Including the operating system in the server
identity
- A new directive,
ServerTokens
, allows the
Webmaster to change the value of the Server
response
header field which is sent back to clients. The
ServerTokens
directive controls whether the server
will include a non-specific note in the server identity about the
type of operating system on which the server is running as well as
included module information. As of Apache 1.3, this additional
information is included by default.
- Support for Netscape style SHA1 encrypted
passwords
- To facilitate migration or integration of BasicAuth password
schemes where the password is encrypted using SHA1 (as opposed to
Apache's built in MD5 and/or the OS specific crypt(3) function )
passwords prefixed with with
{SHA1}
are taken as
Base64 encoded SHA1 passwords. More information and some utilities
to convert Netscape ldap/ldif entries can be found in
support/SHA1.
Apache HTTP Server