Apache HTTP Server
Overview of New Features in Apache 1.3
New features with this release, as extensions of the Apache functionality. Because the core code has changed so significantly, there are certain liberties that earlier versions of Apache (and the NCSA daemon) took that recent Apache versions are pickier about - please check the compatibility notes if you have any problems.
If you're upgrading from Apache 1.2, you may wish to read the upgrade notes.
Enhancements: Core | Performance | Configuration | Modules | API | Misc
- Dynamic Shared Object (DSO) support
- Apache modules may now be loaded at runtime; this means that modules can be loaded into the server process space only when necessary, thus overall memory usage by Apache will be significantly reduced. DSO currently is supported on FreeBSD, OpenBSD, NetBSD, Linux, Solaris, SunOS, Digital UNIX, IRIX, HP/UX, UnixWare, NetWare, AIX, ReliantUnix and generic SVR4 platforms.
- Support for Windows NT/95
- Apache now supports the Windows NT and Windows 2000 operating systems. While Apache may run on Windows 95, 98, or ME, these consumer products are never recommended for production environments, and their use remains experimental. All versions of Apache running on Windows prior to 1.3.15 should be considered beta quality releases.
- Support for Cygwin
- Apache now supports the Cygwin platform for the Windows NT and Windows 2000 operating systems. The Cygwin versions should be considered as stable and reliable as the Windows native counterpart.
- Support for NetWare 5.x
- Apache now supports NetWare 5.x and above operating systems.
- Re-organized Sources
- The source files for Apache have been re-organized. The main difference for Apache users is that the "Module" lines in
Configuration
have been replaced with "AddModule" with a slightly different syntax. For module authors there are some changes designed to make it easier for users to add their module.
- Reliable Piped Logs
- On almost all Unix architectures Apache now implements "reliable" piped logs in mod_log_config. Where reliable means that if the logging child dies for whatever reason, Apache will recover and respawn it without having to restart the entire server. Furthermore if the logging child becomes "stuck" and isn't reading its pipe frequently enough Apache will also restart it. This opens up more opportunities for log rotation, hit filtering, real-time splitting of multiple vhosts into separate logs, and asynchronous DNS resolving on the fly.
- IP-based virtual hosts are looked up via hash table.
- <Directory> parsing speedups.
- The critical path for static requests has fewer system calls. This generally helps all requests. (45 syscalls for a static request in 1.2 versus 22 in 1.3 in a well tuned configuration).
ProxyReceiveBufferSize
directive gives mod_proxy
's outgoing connections larger network buffers, for increased throughput.
- The low level I/O routines use
writev
(where available) to issue multiple writes with a single system call. They also avoid copying memory into buffers as much as possible. The result is less CPU time spent on transferring large files.
- Static requests are served using
mmap
, which means bytes are only copied from the disk buffer to the network buffer directly by the kernel. The program never copies bytes around, which reduces CPU time. (Only where available/tested.)
- When presented with a load spike, the server quickly adapts by spawning children at faster rates.
- The code which dispatches modules was optimized to avoid repeatedly skipping over modules that don't implement certain phases of the API. (This skipping showed up as 5% of the CPU time on profiles of a server with the default module mix.)
- Revamp of the Unix scoreboard management code so that less time is spent counting children in various states. Previously a scan was performed for each hit, now it is performed only once per second. This should be noticeable on servers running with hundreds of children and high loads.
- New serialization choices improve performance on Linux, and IRIX.
mod_log_config
can be compile-time configured to buffer writes.
- Replaced
strncpy()
with ap_cpystrn()
, a routine which doesn't have to zero-fill the entire result. This has dramatic effects on mod_include
speed.
- Additions to the internal "table" API (used for keeping lists of key/value string pairs) provide for up to 20% performance improvement in many situations.
See the new performance documentation for more information.
- Unified Server Configuration Files
- (Apache 1.3.4) The contents of the three server configuration files (httpd.conf, srm.conf, and access.conf) have been merged into a single httpd.conf file. The srm.conf and access.conf files are now empty except for comments directing the Webmaster to look in httpd.conf. In addition, the merged httpd.conf file has been restructured to allow directives to appear in a hopefully more intuitive and meaningful order.
- Continuation Lines in config files
- Directive lines in the server configuration files may now be split onto multiple lines by using the canonical Unix continuation mechanism, namely a '\' as the last non-blank character on the line to indicate that the next line should be concatenated.
- Apache Autoconf-style Interface (APACI)
- Until Apache 1.3 there was no real out-of-the-box batch-capable build and installation procedure for the complete Apache package. This is now provided by a top-level
configure
script and a corresponding top-level Makefile.tmpl
file. The goal is to provide a GNU Autoconf-style frontend which is capable to both drive the old src/Configure
stuff in batch and additionally installs the package with a GNU-conforming directory layout. Any options from the old configuration scheme are available plus a lot of new options for flexibly customizing Apache.
Note: The default installation layout has changed for Apache 1.3.4. See the files README.configure
and INSTALL
for more information.
- APache eXtenSion (APXS) support tool
- Now that Apache provides full support for loading modules under runtime from dynamic shared object (DSO) files, a new support tool
apxs
was created which provides off-source building, installing and activating of those DSO-based modules. It completely hides the platform-dependent DSO-build commands from the user and provides an easy way to build modules outside the Apache source tree. To achieve this APACI installs the Apache C header files together with the apxs
tool.
- Default Apache directory path changed to
/usr/local/apache/
- The default directory for the Apache ServerRoot changed from the NCSA-compatible
/usr/local/etc/httpd/
to /usr/local/apache/
. This change covers only the default setting (and the documentation); it is of course possible to override it using the -d ServerRoot and -f httpd.conf switches when starting apache.
- Improved HTTP/1.1-style Virtual Hosts
- The new
NameVirtualHost
directive is used to list IP address:port pairs on which HTTP/1.1-style virtual hosting occurs. This is vhosting based on the Host:
header from the client. Previously this address was implicitly the same as the "main address" of the machine, and this caused no end of problems for users, and was not powerful enough. Please see the Apache Virtual Host documentation for further details on configuration.
Include
directive
- The
Include
directive includes other config files immediately at that point in parsing.
- -S command line option for debugging vhost setup
- If Apache is invoked with the
-S
command line option it will dump out information regarding how it parsed the VirtualHost
sections. This is useful for folks trying to debug their virtual host configuration.
- Control of HTTP methods
- <LimitExcept> and </LimitExcept> are used to enclose a group of access control directives which will then apply to any HTTP access method not listed in the arguments; i.e., it is the opposite of a <Limit> section and can be used to control both standard and nonstandard/unrecognized methods.
- Improved mod_negotiation
- The optional content negotiation (MultiViews) module has been completely overhauled for Apache 1.3.4, incorporating the latest HTTP/1.1 revisions and the experimental Transparent Content Negotion features of RFC 2295 and RFC 2296.
- NEW - Spelling correction module
- This optional module corrects frequently occurring spelling and capitalization errors in document names requested from the server.
- NEW - Conditional setting of environment variables
- The addition of
SetEnvIf
and SetEnvIfNoCase
. These allow you to set environment variables for server and CGI use based upon attributes of the request.
- NEW - "Magic" MIME-typing
- The optional
mod_mime_magic
has been added. It uses "magic numbers" and other hints from a file's contents to figure out what the contents are. It then uses this information to set the file's media type, if it cannot be determined by the file's extension.
- NEW - Unique Request Identifiers
- mod_unique_id can be included to generate a unique identifier that distinguishes a hit from every other hit. ("Unique" has some restrictions on it.) The identifier is available in the environment variable
UNIQUE_ID
.
- mod_proxy enhancements:
-
- Easier and safer authentication for ftp proxy logins: When no ftp user name and/or password is specified in the URL, but the destination ftp server requires one, Apache now returns a "[401] Authorization Required" status. This status code usually makes the client browser pop up an "Enter user name and password" dialog, and the request is retried with the given user authentification. That is slightly more secure than specifying the authentication information as part of the request URL, where it could be logged in plaintext by older proxy servers.
- The new AllowCONNECT directive allows configuration of the port numbers to which the proxy CONNECT method may connect. That allows proxying to https://some.server:8443/ which resulted in an error message prior to Apache version 1.3.2.
- The proxy now supports the HTTP/1.1 "Via:" header as specified in RFC2068. The new
ProxyVia
directive allows switching "Via:" support off or on, or suppressing outgoing "Via:" header lines altogether for privacy reasons.
- The "Max-Forwards:" TRACE header specified in HTTP/1.1 is now supported. With it, you can trace the path of a request along a chain of proxies (if they, too, support it).
NoProxy
and ProxyDomain
directives added to proxy, useful for intranets.
- New
ProxyPassReverse
directive. It lets Apache adjust the URL in the Location header on HTTP redirect responses.
- Easier navigation in ftp server directory trees.
- Enhanced
mod_include
string comparisons
- The string-based server-side include (SSI) flow-control directives now include comparison for less-than (<), less-than-or-equal (<=), greater-than (>), and greater-than-or-equal (>=). Previously comparisons could only be made for equality or inequality.
- ServerRoot relative auth filenames
- Auth filenames for the various authentication modules are now treated as relative to the ServerRoot if they are not full paths.
- Enhancements to directory indexing:
-
- Code split:The
mod_dir
module has been split in two, with mod_dir handling directory index files, and mod_autoindex creating directory listings. Thus allowing folks to remove the indexing function from critical servers.
- Sortable: Clicking on a column title will now sort the listing in order by the values in that column. This feature can be disabled using the
SuppressColumnSorting
IndexOptions keyword.
SuppressHTMLPreamble
can be used if your README.html file includes its own HTML header.
- The
IndexOptions
directive now allows the use of incremental prefixes (+/- to add/remove the respective keyword feature, as was already possible for the Options directive) to its keyword arguments. Multiple IndexOptions directives applying to the same directory will now be merged.
IconHeight
and IconWidth
let you set height and width attributes to the <IMG>
tag in directory listings.
- The new
NameWidth
keyword to the IndexOptions directive lets you set the number of columns for "fancy" directory listings. If set to an '*' asterisk, the name width will be adjusted automatically.
- The FancyIndexing directive now correctly has the same impact as IndexOptions FancyIndexing without replacing the effect of any existing IndexOptions directive.
- Starting with 1.3.15, the server will satisfy directory requests with the cache controls ETag and LastModified, if IndexOptions includes the TrackModified directive. The server will not need to generate the listing if the client determines the request has not changed, improving performance. Due to its experimental nature, this feature is not enabled by default.
- Less Buffering of CGI Script Output
- In previous versions of Apache, the output from CGI scripts would be internally buffered by the server, and wouldn't be forwarded to the client until either the buffers were full or the CGI script completed. As of Apache 1.3, the buffer to the client is flushed any time it contains something and the server is waiting for more information from the script. This allows CGI script to provide partial status reports during long processing operations.
- Regular Expression support for
Alias
and Redirect
- New
AliasMatch
, ScriptAliasMatch
, and RedirectMatch
directives allow for the use of regular expression matching. Additionally, new <DirectoryMatch>
, <LocationMatch>
, and <FilesMatch>
sections provide a new syntax for regular expression sectioning.
AddModuleInfo
directive added to mod_info
- Allows additional information to be listed along with a specified module.
- Absence of any
TransferLog
disables logging
- If no
TransferLog
directive is given then no log is written. This supports co-existence with other logging modules.
- Ability to name logging formats
- The
LogFormat
directive has been enhanced to allow you to give nicknames to specific logging formats. You can then use these nicknames in other LogFormat
and CustomLog
directives, rather than having to spell out the complete log format string each time.
- Conditional logging
- mod_log_config now supports logging based upon environment variables. mod_log_referer and mod_log_agent are now deprecated.
- mod_cern_meta configurable per-directory
- mod_cern_meta is now configurable on a per-directory basis.
- New map types for
RewriteMap
directive
- The new map types `Randomized Plain Text' and `Internal Function' were added to the
RewriteMap
directive of mod_rewrite. They provide two new features: First, you now can randomly choose a sub-value from a value which was looked-up in a rewriting map (which is useful when choosing between backend servers in a Reverse Proxy situation). Second, you now can translate URL parts to fixed (upper or lower) case (which is useful when doing mass virtual hosting by the help of mod_rewrite).
- CIDR and Netmask access control
- mod_access directives now support CIDR (Classless Inter-Domain Routing) style prefixes, and netmasks for greater control over IP access lists.
For all those module writers and code hackers:
child_init
- A new phase for Apache's API is called once per "heavy-weight process," before any requests are handled. This allows the module to set up anything that need to be done once per processes. For example, connections to databases.
child_exit
- A new phase called once per "heavy-weight process," when it is terminating. Note that it can't be called in some fatal cases (such as segfaults and kill -9). The
child_init
and child_exit
functions are passed a pool whose lifetime is the same as the lifetime of the child (modulo completely fatal events in which Apache has no hope of recovering). In contrast, the module init
function is passed a pool whose lifetime ends when the parent exits or restarts.
child_terminate
- Used in the child to indicate the child should exit after finishing the current request.
register_other_child
- See
http_main.h
. This is used in the parent to register a child for monitoring. The parent will report status to a supplied callback function. This allows modules to create their own children which are monitored along with the httpd children.
piped_log
- See
http_log.h
. This API provides the common code for implementing piped logs. In particular it implements a reliable piped log on architectures supporting it (i.e., Unix at the moment).
- scoreboard format changed
- The scoreboard format is quite different. It is considered a "private" interface in general, so it's only mentioned here as an FYI.
set_last_modified
split into three
- The old function
set_last_modified
performed multiple jobs including the setting of the Last-Modified
header, the ETag
header, and processing conditional requests (such as IMS). These functions have been split into three functions: set_last_modified
, set_etag
, and meets_conditions
. The field mtime
has been added to request_rec
to facilitate meets_conditions
.
- New error logging function:
ap_log_error
- All old logging functions are deprecated, we are in the process of replacing them with a single function called
ap_log_error
. This is still a work in progress.
set_file_slot
for config parsing
- The
set_file_slot
routine provides a standard routine that prepends ServerRoot to non-absolute paths.
post_read_request
module API
- This request phase occurs immediately after reading the request (headers), and immediately after creating an internal redirect. It is most useful for setting environment variables to affect future phases.
psocket
, and popendir
- The
psocket
and pclosesocket
functions allow for race-condition free socket creation with resource tracking. Similarly popendir
and pclosedir
protect directory reading.
is_initial_req
- Test if the request is the initial request (i.e., the one coming from the client).
kill_only_once
- An option to
ap_spawn_child
functions which prevents Apache from aggressively trying to kill off the child.
alloc debugging code
- Defining
ALLOC_DEBUG
provides a rudimentary memory debugger which can be used on live servers with low impact -- it sets all allocated and freed memory bytes to 0xa5. Defining ALLOC_USE_MALLOC
will cause the alloc code to use malloc()
and free()
for each object. This is far more expensive and should only be used for testing with tools such as Electric Fence and Purify. See main/alloc.c
for more details.
ap_cpystrn
- The new
strncpy
"lookalike", with slightly different semantics is much faster than strncpy
because it doesn't have to zero-fill the entire buffer.
table_addn
, table_setn
, table_mergen
- These new functions do not call
pstrdup
on their arguments. This provides for big speedups. There is also some debugging support to ensure code uses them properly. See src/CHANGES
for more information.
construct_url
- The function prototype for this changed from taking a
server_rec *
to taking a request_rec *
.
get_server_name
, get_server_port
- These are wrappers which deal with the UseCanonicalName directive when retrieving the server name and port for a request.
- Change to prototype for
ap_bspawn_child
and ap_call_exec
- Added a
child_info *
to spawn
function (as passed to ap_bspawn_child
) and to ap_call_exec
to allow children to work correctly on Win32. We also cleaned up the nomenclature a bit, replacing spawn_child_err
with simply ap_spawn_child
and spawn_child_err_buff
with simply ap_bspawn_child
.
ap_add_version_component()
- This API function allows for modules to add their own additional server tokens which are printed on the on the
Server:
header line. Previous 1.3beta versions had used a SERVER_SUBVERSION
compile-time #define
to perform this function. Whether the tokens are actually displayed is controlled by the new ServerTokens
directive.
- Port to EBCDIC mainframe machine running BS2000/OSD
- As a premiere, this version of Apache comes with a beta version of a port to a mainframe machine which uses the EBCDIC character set as its native codeset (It is the SIEMENS family of mainframes running the BS2000/OSD operating system on a IBM/390 compatible processor. This mainframe OS nowadays features a SVR4-like POSIX subsystem).
AccessFileName
Enhancement
- The
AccessFileName
directive can now take more than one filename. This lets sites serving pages from network file systems and more than one Apache web server, configure access based on the server through which shared pages are being served.
HostnameLookups
now defaults to "Off"
- The
HostnameLookups
directive now defaults to "Off". This means that, unless explicitly turned on, the server will not resolve IP addresses into names. This was done to spare the Internet from unnecessary DNS traffic.
- Double-Reverse DNS enforced
- The
HostnameLookups
directive now supports double-reverse DNS. (Known as PARANOID in the terminology of tcp_wrappers.) An IP address passes a double-reverse DNS test if the forward map of the reverse map includes the original IP. Regardless of the HostnameLookups setting, mod_access access lists using DNS names require all names to pass a double-reverse DNS test. (Prior versions of Apache required a compile-time switch to enable double-reverse DNS.)
- LogLevel and syslog support
- Apache now has configurable error logging levels and supports error logging via syslogd(8).
- Detaching from stdin/out/err
- On boot Apache will now detach from stdin, stdout, and stderr. It does not detach from stderr until it has successfully read the config files. So you will see errors in the config file. This should make it easier to start Apache via rsh or crontab.
- Year-2000 Improvements
- The default
timefmt
string used by mod_include
has been modified to display the year using four digits rather than the two-digit format used previously. The mod_autoindex
module has also been modified to display years using four digits in FancyIndexed directory listings.
- Common routines Moving to a Separate Library
- There are a number of functions and routines that have been developed for the Apache project that supplement or supersede library routines that differ from one operating system to another. While most of these are used only by the Apache server itself, some are referenced by supporting applications (such as
htdigest
), and these other applications would fail to build because the routines were built only into the server. These routines are now being migrated to a separate subdirectory and library so they can be used by other applications than just the server. See the src/ap/
subdirectory.
- New
ServerSignature
directive
- This directive optionally adds a line containing the server version and virtual host name to server-generated pages (error documents, ftp directory listings, mod_info output etc.). This makes it easier for users to tell which server produced the error message, especially in a proxy chain (often found in intranet environments).
- New
UseCanonicalName
directive
- This directive gives control over how Apache creates self-referential URLs. Previously Apache would always use the ServerName and Port directives to construct a "canonical" name for the server. With
UseCanonicalName off
Apache will use the hostname and port supplied by the client, if available.
SERVER_VERSION
definition abstracted, and server build date added
- In earlier versions, the Apache server version was available to modules through the
#define
d value for SERVER_VERSION
. In order to keep this value consistent when modules and the core server are compiled at different times, this information is now available through the core API routine ap_get_server_version()
. The use of the SERVER_VERSION
symbol is deprecated. Also, ap_get_server_built()
returns a string representing the time the core server was linked.
- Including the operating system in the server identity
- A new directive,
ServerTokens
, allows the Webmaster to change the value of the Server
response header field which is sent back to clients. The ServerTokens
directive controls whether the server will include a non-specific note in the server identity about the type of operating system on which the server is running as well as included module information. As of Apache 1.3, this additional information is included by default.
- Support for Netscape style SHA1 encrypted passwords
- To facilitate migration or integration of BasicAuth password schemes where the password is encrypted using SHA1 (as opposed to Apache's built in MD5 and/or the OS specific crypt(3) function ) passwords prefixed with with
{SHA1}
are taken as Base64 encoded SHA1 passwords. More information and some utilities to convert Netscape ldap/ldif entries can be found in support/SHA1.
Apache HTTP Server