1 <?xml version='1.0' encoding='UTF-8' ?>
2 <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
3 <?xml-stylesheet type="text/xsl" href="./style/manual.en.xsl"?>
4 <!-- $LastChangedRevision$ -->
7 Licensed to the Apache Software Foundation (ASF) under one or more
8 contributor license agreements. See the NOTICE file distributed with
9 this work for additional information regarding copyright ownership.
10 The ASF licenses this file to You under the Apache License, Version 2.0
11 (the "License"); you may not use this file except in compliance with
12 the License. You may obtain a copy of the License at
14 http://www.apache.org/licenses/LICENSE-2.0
16 Unless required by applicable law or agreed to in writing, software
17 distributed under the License is distributed on an "AS IS" BASIS,
18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 See the License for the specific language governing permissions and
20 limitations under the License.
23 <manualpage metafile="new_features_2_4.xml.meta">
25 <title>Overview of new features in Apache HTTP Server 2.4</title>
28 <p>This document describes some of the major changes between the
29 2.2 and 2.4 versions of the Apache HTTP Server. For new features since
30 version 2.0, see the <a href="new_features_2_2.html">2.2 new features</a>
35 <title>Core Enhancements</title>
37 <dt>Run-time Loadable MPMs</dt>
38 <dd>Multiple MPMs can now be <a href="mpm.html#dynamic">built
39 as loadable modules</a> at compile time.
40 The MPM of choice can be configured at run time via <directive
41 module="mod_so">LoadModule</directive> directive.</dd>
44 <dd>The <a href="mod/event.html">Event MPM</a> is no longer experimental
45 but is now fully supported.</dd>
47 <dt>Asynchronous support</dt>
48 <dd>Better support for asynchronous read/write for supporting MPMs and
51 <dt>Per-module and per-directory LogLevel configuration</dt>
52 <dd>The <directive module="core">LogLevel</directive> can now be
53 configured per module and per directory. New levels <code>trace1</code>
54 to <code>trace8</code> have been added above the <code>debug</code> log
57 <dt>Per-request configuration sections</dt>
58 <dd><directive module="core" type="section">If</directive>,
59 <directive module="core" type="section">ElseIf</directive>,
60 and <directive module="core" type="section">Else</directive>
61 sections can be used to set the configuration based on per-request
64 <dt>General-purpose expression parser</dt>
65 <dd>A new expression parser allows to specify
66 <a href="expr.html">complex conditions</a> using a common syntax
68 <directive module="mod_setenvif">SetEnvIfExpr</directive>,
69 <directive module="mod_rewrite">RewriteCond</directive>,
70 <directive module="mod_headers">Header</directive>,
71 <directive module="core" type="section">If</directive>,
75 <dt>KeepAliveTimeout in milliseconds</dt>
76 <dd>It is now possible to specify <directive module="core"
77 >KeepAliveTimeout</directive> in milliseconds.
80 <dt>NameVirtualHost directive</dt>
81 <dd>No longer needed and is now deprecated.</dd>
83 <dt>Override Configuration</dt>
84 <dd>The new <directive module="core">AllowOverrideList</directive>
85 directive allows more fine grained control which directives are
86 allowed in <code>.htaccess</code> files. </dd>
88 <dt>Config file variables</dt>
89 <dd>It is now possible to <directive module="core">Define</directive>
90 variables in the configuration, allowing a clearer representation
91 if the same value is used at many places in the configuration.
94 <dt>Reduced memory usage</dt>
95 <dd>Despite many new features, 2.4.x tends to use less memory than
101 <section id="newmods">
102 <title>New Modules</title>
104 <dt><module>mod_proxy_fcgi</module></dt>
105 <dd>FastCGI Protocol backend for <module>mod_proxy</module></dd>
107 <dt><module>mod_proxy_scgi</module></dt>
108 <dd>SCGI Protocol backend for <module>mod_proxy</module></dd>
110 <dt><module>mod_proxy_express</module></dt>
111 <dd>Provides dynamically configured mass reverse proxies for
112 <module>mod_proxy</module></dd>
114 <dt><module>mod_remoteip</module></dt>
115 <dd>Replaces the apparent client remote IP address and hostname for the request
116 with the IP address list presented by a proxies or a load balancer via
117 the request headers.</dd>
119 <dt><module>mod_heartmonitor</module>,
120 <module>mod_lbmethod_heartbeat</module></dt>
121 <dd>Allow <module>mod_proxy_balancer</module> to base loadbalancing decisions
122 on the number of active connections on the backend servers.</dd>
124 <dt><module>mod_proxy_html</module></dt>
125 <dd>Formerly a third-party module, this supports fixing of HTML
126 links in a reverse proxy situation, where the backend generates
127 URLs that are not valid for the proxy's clients.</dd>
129 <dt><module>mod_sed</module></dt>
130 <dd>An advanced replacement of <module>mod_substitute</module>, allows
131 to edit the response body with the full power of sed.</dd>
133 <dt><module>mod_auth_form</module></dt>
134 <dd>Enables form-based authentication.</dd>
136 <dt><module>mod_session</module></dt>
137 <dd>Enables the use of session state for clients, using cookie or
138 database storage.</dd>
140 <dt><module>mod_allowmethods</module></dt>
141 <dd>New module to restrict certain HTTP methods without interfering with
142 authentication or authorization.</dd>
144 <dt><module>mod_lua</module></dt>
145 <dd>Embeds the <a href="http://www.lua.org/">Lua</a> language into httpd,
146 for configuration and small business logic functions. (Experimental)</dd>
148 <dt><module>mod_log_debug</module></dt>
149 <dd>Allows the addition of customizable debug logging at different phases of the
150 request processing.</dd>
152 <dt><module>mod_buffer</module></dt>
153 <dd>Provides for buffering the input and output filter stacks</dd>
155 <dt><module>mod_data</module></dt>
156 <dd>Convert response body into an RFC2397 data URL</dd>
158 <dt><module>mod_ratelimit</module></dt>
159 <dd>Provides Bandwidth Rate Limiting for Clients</dd>
161 <dt><module>mod_request</module></dt>
162 <dd>Provides Filters to handle and make available HTTP request bodies</dd>
164 <dt><module>mod_reflector</module></dt>
165 <dd>Provides Reflection of a request body as a response via the output filter stack.</dd>
167 <dt><module>mod_slotmem_shm</module></dt>
168 <dd>Provides a Slot-based shared memory provider (ala the scoreboard).</dd>
170 <dt><module>mod_xml2enc</module></dt>
171 <dd>Formerly a third-party module, this supports internationalisation
172 in libxml2-based (markup-aware) filter modules.</dd>
174 <dt><module>mod_macro</module> (available since 2.4.5)</dt>
175 <dd>Provide macros within configuration files.</dd>
177 <dt><module>mod_proxy_wstunnel</module> (available since 2.4.5)</dt>
178 <dd>Support web-socket tunnels.</dd>
180 <dt><module>mod_authnz_fcgi</module> (available since 2.4.10)</dt>
181 <dd>Enable FastCGI authorizer applications to authenticate and/or
182 authorize clients.</dd>
184 <dt><module>mod_http2</module> (available since 2.4.17)</dt>
185 <dd>Support for the HTTP/2 transport layer.</dd>
187 <dt><module>mod_proxy_http2</module> (available since 2.4.19)</dt>
188 <dd>HTTP/2 Protocol backend for <module>mod_proxy</module></dd>
190 <dt><module>mod_proxy_hcheck</module> (available since 2.4.21)</dt>
191 <dd>Support independent dynamic health checks for remote proxiy backend servers.</dd>
193 <dt><module>mod_brotli</module> (available since 2.4.26)</dt>
194 <dd>Support the Brotli compression algorithm.</dd>
196 <dt><module>mod_md</module> (available since 2.4.30)</dt>
197 <dd>Support the ACME protocol to automate certificate provisionning.</dd>
199 <dt><module>mod_socache_redis</module> (available since 2.4.39)</dt>
200 <dd>Support <a href="http://redis.io/">Redis</a> based shared object cache provider.</dd>
205 <section id="module">
206 <title>Module Enhancements</title>
208 <dt><module>mod_ssl</module></dt>
210 <dd><module>mod_ssl</module> can now be configured to use an
211 OCSP server to check the validation status of a client
212 certificate. The default responder is configurable, along with
213 the decision on whether to prefer the responder designated in
214 the client certificate itself.</dd>
216 <dd><module>mod_ssl</module> now also supports OCSP stapling, where the
217 server pro-actively obtains an OCSP verification of its certificate and
218 transmits that to the client during the handshake. </dd>
220 <dd><module>mod_ssl</module> can now be configured to share SSL Session
221 data between servers through memcached</dd>
223 <dd>EC keys are now supported in addition to RSA and DSA.</dd>
225 <dd>Support for TLS-SRP (available in 2.4.4 and later).</dd>
227 <dt><module>mod_proxy</module></dt>
229 <dd>The <directive module="mod_proxy">ProxyPass</directive> directive
230 is now most optimally configured within a
231 <directive module="core">Location</directive> or
232 <directive module="core">LocationMatch</directive>
233 block, and offers a significant performance advantage over the traditional
234 two-parameter syntax when present in large numbers.</dd>
235 <dd>The source address used for proxy requests is now configurable.</dd>
236 <dd>Support for Unix domain sockets to the backend (available in 2.4.7
239 <dt><module>mod_proxy_balancer</module></dt>
241 <dd>More runtime configuration changes for BalancerMembers via balancer-manager</dd>
243 <dd>Additional BalancerMembers can be added at runtime via balancer-manager</dd>
245 <dd>Runtime configuration of a subset of Balancer parameters</dd>
247 <dd>BalancerMembers can be set to 'Drain' so that they only respond to existing sticky
248 sessions, allowing them to be taken gracefully offline.</dd>
250 <dd>Balancer settings can be persistent after restarts.</dd>
252 <dt><module>mod_cache</module></dt>
254 <dd>The <module>mod_cache</module> CACHE filter can be optionally inserted
255 at a given point in the filter chain to provide fine control over caching.
258 <dd><module>mod_cache</module> can now cache HEAD requests.</dd>
260 <dd>Where possible, <module>mod_cache</module> directives can now be set
261 per directory, instead of per server.</dd>
263 <dd>The base URL of cached URLs can be customised, so that a cluster of
264 caches can share the same endpoint URL prefix.</dd>
266 <dd><module>mod_cache</module> is now capable of serving stale cached
267 data when a backend is unavailable (error 5xx).</dd>
269 <dd><module>mod_cache</module> can now insert HIT/MISS/REVALIDATE into
270 an X-Cache header.</dd>
272 <dt><module>mod_include</module></dt>
273 <dd>Support for the 'onerror' attribute within an 'include' element,
274 allowing an error document to be served on error instead of the default
277 <dt><module>mod_cgi</module>, <module>mod_include</module>,
278 <module>mod_isapi</module>, ...</dt>
279 <dd>Translation of headers to environment variables is more strict than
280 before to mitigate some possible cross-site-scripting attacks via header
281 injection. Headers containing invalid characters (including underscores)
282 are now silently dropped. <a href="env.html">Environment Variables
283 in Apache</a> has some pointers on how to work around broken legacy
284 clients which require such headers. (This affects all modules which
285 use these environment variables.)</dd>
287 <dt><module>mod_authz_core</module> Authorization Logic Containers</dt>
289 <dd>Advanced authorization logic may now be specified using the
290 <directive module="mod_authz_core">Require</directive> directive
291 and the related container directives, such as
292 <directive module="mod_authz_core"
293 type="section">RequireAll</directive>.</dd>
295 <dt><module>mod_rewrite</module></dt>
296 <dd><module>mod_rewrite</module> adds the <code>[QSD]</code>
297 (Query String Discard) and <code>[END]</code> flags for
298 <directive module="mod_rewrite">RewriteRule</directive> to
299 simplify common rewriting scenarios.</dd>
300 <dd>Adds the possibility to use complex boolean expressions in <directive
301 module="mod_rewrite">RewriteCond</directive>.</dd>
302 <dd>Allows the use of SQL queries as <directive
303 module="mod_rewrite">RewriteMap</directive> functions.</dd>
305 <dt><module>mod_ldap</module>, <module>mod_authnz_ldap</module></dt>
306 <dd><module>mod_authnz_ldap</module> adds support for nested groups.</dd>
307 <dd><module>mod_ldap</module> adds
308 <directive module="mod_ldap">LDAPConnectionPoolTTL</directive>,
309 <directive module="mod_ldap">LDAPTimeout</directive>, and
310 other improvements in the handling of timeouts.
311 This is especially useful for setups where a
312 stateful firewall drops idle connections to the LDAP server.</dd>
313 <dd><module>mod_ldap</module> adds
314 <directive module="mod_ldap">LDAPLibraryDebug</directive> to log
315 debug information provided by the used LDAP toolkit.</dd>
317 <dt><module>mod_info</module></dt>
318 <dd><module>mod_info</module> can now dump the pre-parsed configuration
319 to stdout during server startup.</dd>
321 <dt><module>mod_auth_basic</module></dt>
322 <dd>New generic mechanism to fake basic authentication (available in
323 2.4.5 and later).</dd>
328 <section id="programs">
329 <title>Program Enhancements</title>
331 <dt><program>fcgistarter</program></dt>
332 <dd>New FastCGI daemon starter utility</dd>
334 <dt><program>htcacheclean</program></dt>
335 <dd>Current cached URLs can now be listed, with optional metadata
337 <dd>Allow explicit deletion of individual cached URLs from the
339 <dd>File sizes can now be rounded up to the given block size, making
340 the size limits map more closely to the real size on disk.</dd>
341 <dd>Cache size can now be limited by the number of inodes, instead
342 of or in addition to being limited by the size of the files on
345 <dt><program>rotatelogs</program></dt>
346 <dd>May now create a link to the current log file.</dd>
347 <dd>May now invoke a custom post-rotate script.</dd>
349 <dt><program>htpasswd</program>, <program>htdbm</program></dt>
350 <dd>Support for the bcrypt algorithm (available in 2.4.4 and later).
355 <section id="documentation">
356 <title>Documentation</title>
359 <dd>The <module>mod_rewrite</module> documentation has been
360 rearranged and almost completely rewritten, with a focus on
361 examples and common usage, as well as on showing you when other
362 solutions are more appropriate. The <a href="rewrite/">Rewrite
363 Guide</a> is now a top-level section with much more detail and
364 better organization.</dd>
367 <dd>The <module>mod_ssl</module> documentation has been greatly
368 enhanced, with more examples at the getting started level, in
369 addition to the previous focus on technical details.</dd>
371 <dt>Caching Guide</dt>
372 <dd>The <a href="caching.html">Caching Guide</a> has been rewritten
373 to properly distinguish between the RFC2616 HTTP/1.1 caching
374 features provided by <module>mod_cache</module>, and the generic
375 key/value caching provided by the <a href="socache.html">socache</a>
376 interface, as well as to cover specialised caching provided by
377 mechanisms such as <module>mod_file_cache</module>.</dd>
382 <section id="developer">
383 <title>Module Developer Changes</title>
385 <dt>Check Configuration Hook Added</dt>
387 <dd>A new hook, <code>check_config</code>, has been added which runs
388 between the <code>pre_config</code> and <code>open_logs</code>
389 hooks. It also runs before the <code>test_config</code> hook
390 when the <code>-t</code> option is passed to
391 <program>httpd</program>. The <code>check_config</code> hook
392 allows modules to review interdependent configuration directive
393 values and adjust them while messages can still be logged to the
394 console. The user can thus be alerted to misconfiguration problems
395 before the core <code>open_logs</code> hook function redirects
396 console output to the error log.</dd>
398 <dt>Expression Parser Added</dt>
400 <dd>We now have a general-purpose expression parser, whose API is
401 exposed in <var>ap_expr.h</var>. This is adapted from the
402 expression parser previously implemented in
403 <module>mod_ssl</module>.</dd>
405 <dt>Authorization Logic Containers</dt>
407 <dd>Authorization modules now register as a provider, via
408 ap_register_auth_provider(), to support advanced authorization logic,
409 such as <directive module="mod_authz_core" type="section"
410 >RequireAll</directive>.</dd>
412 <dt>Small-Object Caching Interface</dt>
414 <dd>The <var>ap_socache.h</var> header exposes a provider-based
415 interface for caching small data objects, based on the previous
416 implementation of the <module>mod_ssl</module> session cache.
417 Providers using a shared-memory cyclic buffer, disk-based dbm
418 files, and a memcache distributed cache are currently
421 <dt>Cache Status Hook Added</dt>
423 <dd>The <module>mod_cache</module> module now includes a new
424 <code>cache_status</code> hook, which is called when the caching
425 decision becomes known. A default implementation is provided
426 which adds an optional <code>X-Cache</code> and
427 <code>X-Cache-Detail</code> header to the response.</dd>
430 <p>The developer documentation contains a
431 <a href="developer/new_api_2_4.html">detailed list of API changes</a>.</p>