1 APACHE 2.0 STATUS: -*-text-*-
2 Last modified at [$Date: 2002/02/06 18:32:03 $]
6 2.0.32 : in development
7 2.0.31 : rolled Feburary 1, 2002.
8 2.0.30 : tagged January 8, 2002. not rolled.
9 2.0.29 : tagged November 27, 2001. not rolled.
10 2.0.28 : released November 13, 2001
11 2.0.27 : rolled November 6, 2001
12 2.0.26 : tagged October 16, 2001. not rolled.
13 2.0.25 : rolled August 29, 2001
14 2.0.24 : rolled August 18, 2001
15 2.0.23 : rolled August 9, 2001
16 2.0.22 : rolled July 29, 2001
17 2.0.21 : rolled July 20, 2001
18 2.0.20 : rolled July 8, 2001
19 2.0.19 : rolled June 27, 2001
20 2.0.18 : rolled May 18, 2001
21 2.0.17 : rolled April 17, 2001
22 2.0.16 : rolled April 4, 2001
23 2.0.15 : rolled March 21, 2001
24 2.0.14 : rolled March 7, 2001
25 2.0a9 : released December 12, 2000
26 2.0a8 : released November 20, 2000
27 2.0a7 : released October 8, 2000
28 2.0a6 : released August 18, 2000
29 2.0a5 : released August 4, 2000
30 2.0a4 : released June 7, 2000
31 2.0a3 : released April 28, 2000
32 2.0a2 : released March 31, 2000
33 2.0a1 : released March 10, 2000
35 Please consult the following STATUS files for information
39 * srclib/apr-util/STATUS
45 running on Daedalus since 02-Feb-2002 7:58 PST (need 3 days)
46 Compiles on : AIX 4.3, Solaris, FreeBSD 3.4 & 4.5, Win32,
48 Broken on: Win32 [no error logging within service, other bugs]
51 +0 : Lars, Justin, trawick
53 -1 : BillS, Ian, gregames, BrianP
54 bumps since original tag:
56 * scoreboard x2 : 1 to fix gracefull restarts
58 * win32/locks.c : to fix mod_rewrite on win32
61 * libtool/binbuild on AIX -- possible addition of patched
62 binbuild.sh to 31-beta roll
66 Jeff says: We can't do anything about libtool since AIX
67 needs a version that won't work on some
68 platforms. Handle this in the README.
69 The binbuild issue isn't AIX. It is
70 something that could happen anywhere that
71 the binbuild-er has their own expat.
72 Handle this by patching binbuild.sh for a
73 beta roll or putting a patch in the README for
74 use by people who want to do binbuild but
75 have expat installed locally.
76 gregames: why can't we roll a second tarball with the
77 appropriate libtool version? doesn't
78 Darwin need it as well as AIX?
80 * erroneous check in an AP_DEBUG_ASSERT() call. Only happens
81 in maintainer mode. Fixed in modules/http/http_protocol.c
82 revision 1.391. Add item in release notes:
83 +1: Justin, Cliff, Aaron, BillS, Jim, trawick
87 * seg faults in core_input_filter when the client goes away
88 before any POST body bytes are received.
89 Jeff committed a fix with server/core.c revision 1.144.
90 Justin committed a fix with server/protocol.c revision 1.78
91 (server/protocol.c revision 1.81 demotes a potentially
92 annoying error message)
94 * FirstBill reports problem [re]starting as-a-service, shared
95 score is suspect. OtherBill is investigating... has found
96 . created restart and shutdown events, only restart
97 survived initialization on XP, although breaking into
98 the debugger interferes with reproducing the bug.
99 Perhaps in FirstBill's example _restart didn't survive.
100 . Scoreboard appears irrelevant to the problem.
101 . This looks like handle corruption in NT/XP
102 . Args are not initialized correctly when the -k install
104 OtherBill will not create Win32 binaries due to this bug.
106 * mod_auth_dbm can't open a Berkeley DB password file on Unix
107 Justin postulates that this might be related to the fact
108 that mod_auth_dbm wasn't using apr-util. See
109 modules/aaa/mod_auth_dbm.c revision 1.42 and
110 module/aaa/config.m4 revision 1.54. Also, FreeBSD's DB
111 variant was not properly detected. See
112 apr-util/build/apu-conf.m4 revision 1.31 and
113 apr-util/dbm/apr_dbm_berkeleydb.c revision 1.17.
115 * Madhu reports that the worker MPM doesn't shutdown nicely
118 * mod_autoindex displays the wrong icon for subdirectories
121 * anon shared memory not allocating enough
122 (fix is apr/shm/unix/shm.c 1.14)
124 * other BETA possibilities
125 31 + fixes for all non-cosmetic problems seen on daedalus
126 See: http://www.apache.org/~jerenkrantz/httpd-2.0.jre.patch
131 * ap_directory_walk skips some per-dir config merge functions
132 if there is no "<Directory />" block in the configuration
133 Message-ID: <m3itbdiijq.fsf@rdu163-40-092.nc.rr.com>
134 * That is very unlikely, merges are additive. Much more likely,
135 the default SetOutputFilter default or merge is borked.
136 Unless it's the code that permits 'null' merges, per module.
137 Still, it's probably in SetOutputFilter's behavior.
138 * BrianP notes: directory_walk's handling of trailing slashes
139 appears to be the cause: http://www.apachelabs.org/apache-mbox/200112.mbox/%3c3C1CF721.1090300@pacbell.net%3e
141 * Test suite failures:
142 o worker is also failing some of the 'cgi' subtests
143 (see <URL:http://Source-Zone.Org/Apache/regression/>):
144 Justin says: "Worker should be fine and passes httpd-test here.
145 If you can provide evidence that it can be reproduced
146 outside of httpd-test, then it's a showstopper. I
147 think it's a perl or a httpd-test problem."
148 Not a showstopper: Justin
150 * If any request gets to the core handler, without a flag that this
151 r->filename was tested by dir/file_walk, we need to 500 at the very
152 end of the ap_process_request_internal() processing. This provides
153 authors of older modules better compatibility, while still improving
154 the security and robustness of 2.0.
155 Status: still need to decide where this goes, OtherBill comments...
156 Message-ID: <065701c14526$495203b0$96c0b0d0@roweclan.net>
157 we need to look at halting this in the 'default handler' case,
158 and that implies pushing the 'handler election' into the request
159 internal processing phase from the run request phase.
161 * Convert all instances of the old apr_lock_t type to the new
162 types (once they are fully supported in APR).
163 Status: Aaron is working on converting INTRAPROCESS
164 to apr_thread_mutex_t types. Full replacements for
165 LOCKALL and CROSS_PROCESS are not yet complete on all
166 platforms, and should only be used in MPMs like worker
167 with limited OS exposure.
168 BrianP asks: "Is this really a showstopper?"
169 IanH says: "If we don't do it before we go live we will have 2
170 different API's to support in APR"
172 * A binbuild installation picks up the right libraries when
173 running apachectl because we set the appropriate environment
174 variable, but ab, htpasswd, etc. don't know how to pick up apr,
176 Message-ID: <20020116000226.GA15991@ebuilt.com>
177 Justin says: "You could always build all of the binaries
178 statically if you don't want to let libtool
179 handle it. At most, I don't consider this a
180 a release showstopper as it is a packaging issue."
181 Ken sez: "Showstopper because, until it's the default, it
182 violates the P of LA. Binaries will give strange
183 errors and not run if moved."
184 Status: Aaron volunteers: I'll commit a patch to allow all
185 the support binaries to be built statically against
186 libapr/libaprutil/etc and then enable it in binbuild.
187 gregames says: what about httpd? yeah, it works at the moment
188 if you use apachectl. But I've already heard
189 complaints about not being able to execute
192 RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
194 * Usage of APR_BRIGADE_NORMALIZE in core_input_filter should be
196 Message-ID: <Pine.LNX.4.33.0201202232430.318-100000@deepthought.cs.virginia.edu>
198 * There is a bug in how we sort some hooks, at least the pre-config
199 hook. The first time we call the hooks, they are in the correct
200 order, but the second time, we don't sort them correctly. Currently,
201 the modules/http/config.m4 file has been renamed to
202 modules/http/config2.m4 to work around this problem, it should moved
203 back when this is fixed. rbb
204 Justin says: "Is this really a showstopper? This has been here
205 forever. What's wrong? Does this have to do with
207 Not a showstopper: Justin, BrianP, trawick, gregames
209 * The Add...Filter and Set...Filter directives do not allow the
210 administrator to order filters, beyond the order of filename (mime)
211 extensions. It isn't clear if Set...Filter(s) should be inserted
212 before or after the Add...Filter(s) which are ordered by sequence of
213 filename extensions. At minimum, some sort of +-[0-10] syntax seems
214 like the quickest fix for a 2.0 gold release.
215 Justin says: "Could we delay this for a point release or 2.1?"
216 Not a showstopper: justin, wrowe, trawick, stoddard, Jim, Ian, Aaron,
219 * Should we always build binaries statically unless otherwise
221 Message-ID: <20020129210006.B23512@Lithium.MeepZor.Com>
226 * If the parent process dies, should the remaining child processes
227 "gracefully" self-terminate. Or maybe we should make it a runtime
228 option, or have a concept of 2 parent processes (one being a
230 See: Message-ID: <3C58232C.FE91F19F@Golux.Com>
232 Self-destruct: Ken, Martin
233 Not self-destruct: BrianP, Ian, Cliff, BillS
234 Make it runtime configurable: Aaron, Jim, Justin
235 Have 2 parents: +1: Jim
237 +0: Martin (while standing by, could it do
239 look at accept() error handling first: gregames
241 * Make some modifications to the scoreboard creation routines,
242 prefer anonymous shared memory, and allow a configuration
243 directive to override the defaults.
244 Message-ID: <20020130080804.C16977@clove.org>
245 Status: Aaron volunteers
247 * Get perchild to work on platforms other than Linux. This
248 will require a portable mechanism to pass data and file/socket
249 descriptors between vhost child groups. An API was proposed
251 Message-ID: <20020111115006.K1529@clove.org>
252 Vote: Is a non-portable perchild going to hold up a GA release?
254 No: Aaron, Justin, trawick, stoddard, Jim, Ian, BrianP, gregames
256 * Recent changes to ap_rgetline may have broken EBCDIC boxes.
257 Message-ID: <20020122072605.GF28051@ebuilt.com>
258 Justin says: "I don't have an EBCDIC box to test on. A potential
259 solution is to split out ap_rgetline into two
260 functions as described in this message."
261 gregames says: I see the breakage now, and volunteer to fix it
262 when things calm down a little. It looks OK when
263 there are complete lines and no mime continuations.
265 * Modify the worker MPM so that it doesn't need to create and
266 destroy a pool for each request--possibly by adopting a
267 leader/follower model in which each worker owns a persistent
268 ptrans pool (like the prefork MPM) and the workers take
269 turns acting as listeners...this approach might also help
270 reduce context-switching
272 * CGI single-byte reads
273 BrianP suggests that this is caused by the ap_scan_script_header_err()
274 routine, which will do single-byte reads until it finds the end
275 of the header, at which point it constructs a pipe-bucket (buffered)
278 Proposed solution in:
279 Message-ID: <3C36ADAF.60601@cnet.com>
281 * Try to get libtool inter-library dependency code working on AIX.
283 Message-ID: <cm3n10lx555.fsf@rdu163-40-092.nc.rr.com>
285 Justin says: If we get it working on AIX, we can enable this
286 on all platforms and clean up our build system
288 Jeff says: I thought I tested a patch for you sometime in
289 January that you were going to commit within a few
292 * Handling of %2f in URIs. Currently both 1.3 and 2.0
293 completely disallow %2f in the request URI path (see
294 ap_unescape_url() in util.c). It's permitted and passed
295 through in the query string, however. Roy says the
296 original reason for disallowing it, from five years ago,
297 was to protect CGI scripts that applied PATH_INFO to
298 a filesystem location and which might be tricked by
299 ..%2f..%2f(...). We *should* allow path-info of the
300 form 'http://foo.com/index.cgi/path/to/path%2finfo'.
301 Since we've revamped a lot of our processing of path
302 segments, it would be nice to allow this, or at least
303 allow it conditionally with a directive.
305 * FreeBSD, threads, and worker MPM. All seems to work fine
306 if you only have one worker process with many threads. Add
307 a second worker process and the accept lock seems to be
308 lost. This might be an APR issue with how it deals with
309 the child_init hook (i.e. the fcntl lock needs to be resynced).
310 More examination and analysis is required.
311 Status: This has also been reported on Cygwin.
313 Message-ID: <3C2CC514.8EF3BED1@wapme-systems.de> (cygnus)
315 Justin says: So, FreeBSD-CURRENT and Cywin have the same
316 problem. Yum. If another platform has this
317 with worker, this becomes a showstopper.
318 Aaron says: I spent some time disecting this and have come to
319 the conclusion that it is not a problem in the worker MPM
320 (or at least, it is not isolated to a problem in worker).
321 I'll list some of the problems I'm seeing in case someone
322 else wants to pick up where I've left off:
323 - Delivery of just about any signal to one of the child
324 processes will send it into an infinite loop as well.
325 - Even though the parent is spinning out of control,
326 at first the child or children will appear to work
327 properly. At times it is possible to get it into a state,
328 however, where a request will hang until another concurrent
329 request "kicks" the first, at which point the second will
330 hang. My theory is that this has to do with the
331 pthread_cond_*() implementation in FreeBSD, but it's still
332 possible that it is in APR.
334 Justin adds: Oh, FreeBSD threads are implemented entirely with
335 select()/poll()/longjmp(). Welcome to the nightmare.
336 So, that means a ktrace output also has the thread
337 scheduling internals in it (since it is all the same to
338 the kernel). Which makes it hard to distinguish between
339 our select() calls and their select() calls.
340 *bangs head on wall repeatedly* But, some of the libc_r
341 files have a DBG_MSG #define. This is moderately helpful
342 when used with -DNO_DETACH. The kernel scheduler isn't
343 waking up the threads on a select(). Yum. And, I bet
344 those decrementing select calls have to do with the
345 scheduler. Time to brush up on our OS fundamentals.
347 * There is increasing demand from module writers for an API
348 that will allow them to control the server à la apachectl.
349 Reasons include sole-function servers that need to die if
350 an external dependency (e.g., a database) fails, et cetera.
351 Perhaps something in the (ever more abused) scoreboard?
352 rbb: I don't believe the scoreboard is the correct mechanism
353 for this. We already have a pipe that goes between parent
354 and child for graceful shutdown events, along with an API that
355 can be used to send a message down that pipe. In threaded MPMs,
356 it is easy enough to make that one pipe be used for graceful
357 and graceless events, and it is also easy to open that pipe
358 to both parent and child for writing. Then we just need to figure
359 out how to do graceless on non-threaded MPMs.
361 * revamp the input filter behavior, per discussions since
362 February (and especially at the hackathon last
363 April). Specifically, ap_get_brigade will return a brigade with
364 *up to* a specific number of bytes, or a "line" of data. The
365 read may be blocking or nonblocking. ap_getline() will be
366 refactored into apr_brigade_getline(), and then DECHUNK can use
367 f->next (ap_getline will always read "top of input stack"). Also
368 fix the bug where request body content will end up closing the
369 connection (buggering up persistent conns).
370 Status: Justin is working on this as fast as he can.
371 The core input filters, HTTP-related filters, mod_ssl,
372 mod_proxy, and ap_[r]getline are switched to the new logic.
374 - socket bucket and core input filter changes. see end of
375 message ID (Feb 27): <20010227075326.S2297@lyra.org>
377 - fix up ap_get_brigade() semantics, fix bug in DECHUNK /
378 ap_getline. many messages (plus their threads) (Apr/May):
379 Message-ID: <20010402101207.J27539@lyra.org>
380 Message-ID: <3AF7F921.D2EEC41A@algroup.co.uk>
381 Message-ID: <20010508190029.E18404@lyra.org>
383 - further work with combining/tweaking the builtin filters:
384 Message-ID: <20010509115445.D1374@lyra.org>
386 - thoughts on filter modes:
387 Message-ID: <021b01c14dee$09782af0$93c0b0d0@roweclan.net>
389 - proposal for getline rewrite:
390 Message-ID: <20011231104019.GD3904@ebuilt.com>
392 - patch for getline rewrite:
393 Message-ID: <20020122072605.GF28051@ebuilt.com>
395 - Change ap_get_brigade prototype:
396 Message-ID: <20020120115136.GI17601@ebuilt.com>
398 * Allow the DocumentRoot directive within <Location > scopes? This
399 allows the beloved (crusty) Alias /foo/ /somepath/foo/ followed
400 by a <Directory /somepath/foo> to become simply
401 <Location /foo/> DocumentRoot /somefile/foo (IMHO a bit more legible
402 and in-your-face.) DocumentRoot unset would be accepted [and would
403 not permit content to be served, only virtual resources such as
404 server-info or server-status.
405 This proposed change would _not_ depricate Alias.
407 * Win32: Rotatelogs sometimes is not terminated when Apache
408 goes down hard. FirstBill was looking at possibly tracking the
409 child's-child processes in the parent process.
410 OtherBill asks, wasn't this fixed?
411 stoddard: Not fixed. Shared scoreboard might offer a good
412 way for the parent to keep track of 'other child' processes
413 and whack them if the child goes down.
415 * Win32: Add a simple hold console open patch (wait for close or
416 the ESC key, with a nice message) if the server died a bad
417 death (non-zero exit code) in console mode.
418 Resolution: bring forward same ugly hacks from 1.3.13-.20
420 * Port of mod_ssl to Apache 2.0:
422 The current porting state is summarized in modules/ssl/README. The
423 remaining work includes:
424 (1) stablizing/optimizing the SSL filter logic
425 (2) Enabling the various SSL caching mechanisms (shmcb, shmht)
426 (3) Enabling SSL extentions
427 (4) Trying to seperate the https filter logic from mod_ssl -
428 This is to facilitate other modules that wish to use the https
429 filter or the mod_ssl logic or both as required.
430 Justin: mod_ssl filter logic is redone, so that should be fine.
431 Madhu has submitted a patch for SSL caching - however, I
432 am -0 on that patch as I *think* we could implement the
433 shared memory another way that is much cleaner (i.e.
434 treat shmem directly as a dbm via APR routines). Justin
435 also thinks that the https filter logic may be sufficiently
436 decoupled now, but isn't really sure.
438 * Performance & Debug: Eliminate most (and perhaps all) of the
439 malloc/free calls in the bucket brigade code. Need some
440 light weight memory management functions that allow freeing
441 memory (putting it back into a memory pool) when it is no
442 longer needed. Enabling simple debugging features like guard
443 bands, double free detection, etc. would be cool but certainly
444 not a hard requirement.
446 Status: Cliff started to implement this using SMS as has
447 been discussed at length for months, but since
448 SMS is not being used anywhere else in the server,
449 several people expressed the opinion that we should
450 get rid of it entirely, meaning that the buckets
451 need their own memory management (free list) functions.
452 Cliff will implement that this weekend so we at least
453 have something to look at/compare with.
455 * Eliminate unnecessary creation of pipes in mod_cgid
457 * the autoconf setup should be fixed to default to using the
458 "Apache" layout from config.layout, and each variable settable
459 in a layout should be overridable on the command line. Plus,
460 what we do right now just doesn't seem to fully fit into how autoconf
461 works, eg. AC_PREFIX_DEFAULT issues.
462 Message-ID: <Pine.BSF.4.20.0104031557420.20876-100000@alive.znep.com>
464 * Combine log_child and piped_log_spawn. Clean up http_log.c.
467 * Document mod_file_cache.
469 * Platforms that do not support fork (primarily Win32 and AS/400)
470 Architect start-up code that avoids initializing all the modules
471 in the parent process on platforms that do not support fork.
473 * Win32: Migrate the MPM over to use APR thread/process calls. This
474 would eliminate some code in the Win32 branch that essentially
475 duplicates what is in APR.
477 * There are still a number of places in the code where we are
478 losing error status (i.e. throwing away the error returned by a
479 system call and replacing it with a generic error code)
481 * Mass vhosting version of suEXEC.
483 * All DBMs suffer from confusion in support/dbmmanage (perl script) since
484 the dbmmanage employs the first-matched dbm format. This is not
485 necessarily the library that Apache was built with. Aught to
486 rewrite dbmmanage upon installation to bin/ with the proper library
487 for predictable mod_auth_dbm administration.
488 Questions; htdbm exists, time to kill dbmmanage, or does it remain
489 useful as a perl dbm management example? If we keep it,
490 do we address the issue above?
492 * use apu_dbm in mod_auth_dbm
493 Status: Greg +1 (low-priority volunteer)
494 Justin says: "Seems like this is already there, so should we just
495 remove the other DBM code in that file? If you want
496 to use gdbm, or dbm, etc, you should tell apr-util."
497 Will says: "bs - I may choose the fastest - most efficient native
498 dbm implementation, for shared proc caches, ssl session
499 caching, etc, but that has nothing to do with maintaining
500 a userlist via dbm, which has to remain readable between
501 builds/machines, etc. The use-multiple database schema
502 for apr-util would let us do this with just apr, though."
503 Ian says: "multi-dbm is in, but it still has ndbm support hardcoded
504 is this still required? isn't ndbm supported via gdbm?"
508 Some additional items remaining:
509 - case_preserved_filename stuff
510 (use the new canonical name stuff?)
511 - find a new home for ap_text(_header)
512 - is it possible to remove the DAV: namespace stuff from util_xml?
514 * ap_core_translate() and its use by mod_mmap_static and mod_file_cache
515 are a bit wonky. The function should probably be exposed as a utility
516 function (such as ap_translate_url2fs() or ap_validate_fs_url() or
517 something). Another approach would be a new hook phase after
518 "translate" which would allow the module to munge what the
519 translation has decided to do.
520 Status: Greg +1 (volunteers), Ryan +1
522 * Explore use of a post-config hook for the code in http_main.c which
523 calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
524 ap_sort_hooks() [to reduce the logic in main()]
526 * read the config tree just once, and process N times (as necessary)
528 * (possibly) use UUIDs in mod_unique_id and/or mod_usertrack
530 * (possibly) port the bug fix for PR 6942 (segv when LoadModule is put
531 into a VirtualHost container) to 2.0.
533 * shift stuff to mod_core.h
535 * callers of ap_run_create_request() should check the return value
536 for failure (Doug volunteers)
538 * Win32: Get Apache working on Windows 95/98. The following work
539 (at least) needs to be done:
540 - winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT
541 specific code that is still not in NT only code paths
542 - IOL binds to APR sendfile, implemented with TransmitFile, which
543 is not available on 95/98.
544 - Document warning that OSR2 is required (for Crypt functions, in
545 rand.c, at least.) This could be resolved with an SSL library, or
546 randomization in APR itself.
547 - Bring the Win9xConHook.dll from 1.3 into 2.0 (no sense till it
548 actually works) and add in a splash of Win9x service code.
550 * In order to use a DSO version of mod_ssl we have to link with
551 -lssl and -lcrypto. A workaround is in place right now where the
552 entire EXTRA_LIBS macro is being appended to the objects list, but
553 this is a hack. We should either revamp the APACHE_CHECK_SSL_TOOLKIT
554 autoconf function or come up with some other autoconf checks to
555 search for libssl and libcrypto and properly add them to mod_ssl's
558 * Make the worker MPM the default MPM for threaded Unix boxes.
559 +1: Justin, Jeff, Ian
560 -0: Aaron (premature decision, needs more discussion), Lars
561 -0: Cliff (I think the default config should be the safest possible)
563 * Fix the worker MPM to use POD to kill child processes instead
564 of ap_os_killpg, regardless of how they should die. (Ryan Bloom)
566 PRs that have been suspended forever waiting for someone to
567 put them into 'the next release':
570 missing call to "setlocale();"
574 Additional status for XBitHack directive
578 Mod_proxy doesn't allow change of error pages
582 Modified PATH environemnt variable is not passed, instead
587 Proxy doesn't deliver documents if not connected
591 proxy converts ~name to %7Ename when name starts with a dot (.)
595 mod_access syntax allows hosts that should be restricted
598 * PR#557: mod_auth-any
599 ~UserHome directories are not honored in absolute pathname
604 Proxy FTP Authentication Fails
607 * PR#623: mod_include
608 A smarter "Last Modified" value for SSI documents (see PR number 600)
612 Request of "Options SymLinksIfGroupMatch"
616 Proxy doesn't do links right for OpenVMS files through ftp:
620 imap should read <MAP><AREA>*</MAP> too!
624 RLimitCPU and RLimitMEM don't apply to all children like they should
628 Uses cwd before filling it in, doesn't use syslog
632 it is useful to allow specifiction that root-owned symlinks
633 should always be followed
637 Controlling Access to Remote Proxies would be nice...
641 Adding authentication "on the fly" through the proxy module
644 * PR#1004: apache-api
645 request_config field in request_rec is moderately bogus
649 DoS attacks involving memory consumption
652 * PR#1050: mod_log-any
653 Logging of virtual server to error_log as well
657 ProxyRemote make a dead cycle.
660 * PR#1117: mod_auth-any
661 Using NIS passwd.byname dbm files with AuthDBMUserFile
665 suexec does not parse arguments to #exec cmd
668 * PR#1145: mod_include
669 Allow for Last-Modified: without resorting to XBitHack
672 * PR#1158: apache-api
673 improvements to child spawning API
677 ``nph-'' not honored (no buffering) for ProxyRemote mapping
681 Apache cannot handle continuation line in headers
685 setlogin() is not called, causing problems with e.g. identd
689 regerror() exists, use it
692 * PR#1233: apache-api
693 there is no way to keep per-connection per-module state
696 * PR#1263: mod_autoexec
697 Add frame-safe anchor attribute to mod_autoindex links
701 CGI scripts running as Apache user: security (suexec etc.)
705 Error messages could be easier to spot in cgi.log file for suexec.c
708 * PR#1287: mod_access
709 add allow,deny/deny,allow warning to mod_access
713 Need to know "hit-rate" on proxy cache
716 * PR#1358: mod_log-any
717 Selective url-encode of log fields (or maybe a pseudo
721 * PR#1383: mod_headers
722 I make mod_headers to modify request headers as well as
727 Proxy transfer logging
731 No HTTP_X_FORWARDED_FOR set...
735 ProxyRemote proxy requests fail authentication by firewall
738 * PR#1582: mod_rewrite
739 mod_rewrite forms REQUEST_URI different than mod_cgi does
742 * PR#1677: mod_headers
743 mod_headers should allow mod_log_config-style formats in
748 mod_proxy to support persistent conns?
751 * PR#1803: mod_include
752 patches to mod_include to allow for file tests
755 * PR#1809: mod_auth-any
756 Suggestion for improving authentication modules and core source
757 code, problem with 401 and ErrorDocument
761 listing of proxy cache content
765 Allow modules to set user:group for execution.
768 * PR#2024: apache-api
769 adding auth_why to conn_rec
772 * PR#2073: mod_log-any
773 pipelined connections are not logged correctly
776 * PR#2074: mod_rewrite
777 mod_rewrite doesn't pass Proxy Throughput on internal subrequests
781 HTTP Server Rebuild Line Needs Changing for the better
784 * PR#2138: mod_status
785 mod_status always displays 256 possible connection slots
788 * PR#2221: documentation
789 Make online documentation search link back to my installation
793 Can not POST to ErrorDocument - Apache/1.3b6
797 patterns in ProxyRemote
800 * PR#2343: mod_status
801 Status module averages are for entire uptime
805 suexec for general access of user content?
809 Proposal for TimeZone directive
813 /server-info doesn't check for the virtual host to list the info
817 problem specifying ndbm library for build ?with autoconfigure
821 A small addition to rotatelogs.c to improve program functionality.
825 AllowOverride FileInfo is too coarse
829 TimeOut applies to output of CGI scripts
832 * PR#2512: mod_access
833 <IfDenied> directive wanted
837 CGI's for general use still have to be run as another user
842 Cache file names in Proxy module
846 [PATCH] User/Group for <Directory> and <Location> i.e. not only
847 in global and <Virtual>.
851 mailto tags and bundling bug report script
855 Support for System Resource Controller
859 When will Apache support P3P? Any Plans?
863 Feedback/Comment on APACI
867 Inclusion of RPM spec file in CVS/distributions
871 Propose that Apache recommend $UNIQUE_ID for all "session id"
876 suggestion: power up your Include directive :)
880 cannot limit some HTTP methods
883 * PR#3143: apache-api
884 No module specific data hook for per-connection data
887 * PR#3191: mod_negotiation
888 no way to set global quality-of-source (qs) coneg values
893 Accessing URL through proxy server corrupts data.
897 Some anonymous FTP URLs ask for authentication
901 New ErrorDocumentMatch directive
905 Need to be able to override shebang line to make CGI scripts
910 "Files" and "FilesMatch" regexp does not recognize bang as
914 * PR#4448: mod_log-any
915 Please allow CGI env variables (QUERY_STRING, ...) to be logged
919 * PR#4459: mod_include
920 Suggestion for better handling of Last-modified headers
924 mod_cgi prevents handling of OPTIONS requests
927 * PR#5713: os-windows
928 [PATCH] install as win32 service with domain account
929 Status: Cannot accept password-as-arg, we should prompt the
930 user when -k install/-k config with a user argument.
933 AllowOverride should have a 'CheckNone' and 'AllowNone' argument
934 instead of only 'None'
937 Other bugs that need fixing:
939 * MaxRequestsPerChild measures connections, not requests.
940 Until someone has a better way, we'll probably just rename it
941 "MaxConnectionsPerChild".
943 * Regex containers don't work in an intutive way
944 Status: No one has come up with an efficient way to fix this
945 behavior. Dean has suggested getting rid of regex containers
947 OtherBill suggests: We at least seem to agree on eliminating
948 the <Container ~ foo> forms, and using only
949 <ContainerMatch foo> semantics.
951 * SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
952 sigwaiting thread. We need to work around this, perhaps unless
953 there is hope soon for a fixed glibc.
955 * orig_ct in the byterange/multipart handling may not be
956 needed. Apache 1.3 just never stashed "multipart" into
957 r->content_type. We should probably follow suit since the
958 byterange stuff doesn't want the rest of the code to see the
959 multipart content-type; the other code should still think it is
960 dealing with the <orig_ct> stuff.
961 Status: Greg volunteers to investigate (esp. since he was most
962 likely the one to break it :-)
964 Other features that need writing:
966 * Finish infrastructure in core for async MPMs
969 * TODO in source -- just do an egrep on "TODO" and see what's there
973 * Jon Travis's <jtravis@covalent.net> patch to deal with thread-safe
974 issues with inet_ntoa. See message <20001201163220.A12827@covalent.net>
975 Status: This is being set aside until the IPv6 work is finished
976 so that we know exactly what is required.
978 * Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
979 htpasswd actions due to a full /tmp volume (other programs may have
984 * Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
986 Status: These were written for 1.3, and are awaiting a port to
989 * Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
990 other small mod_usertrack features
992 * Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
993 of SSI's to be modified in the config file. Patch is available in
998 * Which MPMs will be included with Apache 2.0?