From: brian Date: Tue, 12 May 1998 05:23:22 +0000 (+0000) Subject: PR: X-Git-Tag: APACHE_1_3b7~17 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=797657c33b9f96e66b332119ce8158bca118b8bb;p=apache PR: Updated, cleaned up, and tossed out comments dealing with decades-old Apache versions. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@81255 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/misc/compat_notes.html b/docs/manual/misc/compat_notes.html index cb33a4cf64..30c4ca31ba 100644 --- a/docs/manual/misc/compat_notes.html +++ b/docs/manual/misc/compat_notes.html @@ -15,138 +15,98 @@
-While Apache 0.8.x and beyond are for the most part a drop-in -replacement for NCSA's httpd and earlier versions of Apache, there are -a couple gotcha's to watch out for. These are mostly due to the fact -that the parser for config and access control files was rewritten from -scratch, so certain liberties the earlier servers took may not be -available here. These are all easily fixable. If you know of other -non-fatal problems that belong here, let us know. -

Please also check the known bugs -page, and the known client -problems page.

- - +

Please also check the known +client problems page.

    -
  1. The basic mod_auth AuthGroupFile-specified group file - format allows commas between user names - Apache does not.
    - - added 12/1/96 -
    2. - -

  2. If you follow the NCSA guidelines for setting up access restrictions - based on client domain, you may well have added entries for, - AuthType, AuthName, AuthUserFile or AuthGroupFile. - None of these are needed (or appropriate) for restricting access - based on client domain. - -

    When Apache sees AuthType it (reasonably) assumes you - are using some authorization type based on username and password. - -

    Please remove AuthType, it's unnecessary even for NCSA. - -

    - -

  3. AuthUserFile requires a full pathname. In earlier - versions of NCSA httpd and Apache, you could use a filename - relative to the .htaccess file. This could be a major security hole, - as it made it trivially easy to make a ".htpass" file in the a - directory easily accessible by the world. We recommend you store - your passwords outside your document tree. - -

    - -

  4. OldScriptAlias is no longer supported. - -

    - -

  5. exec cgi="" produces reasonable malformed header - responses when used to invoke non-CGI scripts.
    - The NCSA code ignores the missing header. (bad idea)
    - Solution: write CGI to the CGI spec or use exec cmd="" instead. -

    We might add virtual support to exec cmd to - make up for this difference. - -

    - -

  6. <Limit> silliness - in the old Apache 0.6.5, a - directive of <Limit GET> would also restrict POST methods - Apache 0.8.8's new - core is correct in not presuming a limit on a GET is the same limit on a POST, - so if you are relying on that behavior you need to change your access configurations - to reflect that. - -

    - -

  7. Icons for FancyIndexing broken - well, no, they're not broken, - we've just upgraded the - icons from flat .xbm files to pretty and much smaller .gif files, courtesy of -Kevin Hughes at -EIT. - If you are using the same srm.conf from an old distribution, make sure - you add the new - AddIcon, - AddIconByType, - and - DefaultIcon - directives. - -

    - -

  8. Under IRIX, the "Group" directive in httpd.conf needs to be a - valid group name - (i.e., "nogroup") not the numeric group ID. The distribution - httpd.conf, and earlier ones, had the default Group be "#-1", which - was causing silent exits at startup.

    - -

  9. .asis files: Apache 0.6.5 did not require a Status header; -it added one automatically if the .asis file contained a Location header. -0.8.14 requires a Status header.

    - -

    -

  10. Apache versions before 1.2b1 will ignore the last line of configuration - files if the last line does not have a trailing newline. This affects - configuration files (httpd.conf, access.conf and srm.conf), and - htpasswd and htgroup files. -
    11. - -
  11. Apache does not permit commas delimiting the methods in <Limit>. - -
  12. Apache's <VirtualHost> treats all addresses as - "optional" (i.e. the server should continue booting if it can't resolve - the address). Whereas in NCSA the default is to fail booting unless - an added optional keyword is included. - -
  13. Apache does not implement OnDeny use - ErrorDocument - instead. - -
  14. Apache (as of 1.3) always performs the equivalent of - HostnameLookups minimal. minimal is not an - option to - HostnameLookups. - -
  15. To embed spaces in directive arguments NCSA used a backslash - before the space. Apache treats backslashes as normal characters. To - embed spaces surround the argument with double-quotes instead. - -
  16. Apache does not implement the NCSA referer - directive. See - PR#968 for a few brief suggestions on alternative ways to - implement the same thing under Apache. - -
  17. Apache does not allow ServerRoot settings inside a VirtualHost - container. There is only one global ServerRoot in Apache; any desired - changes in paths for virtual hosts need to be made with the explicit - directives, eg. DocumentRoot, TransferLog, etc. + format allows commas between user names - Apache does not. + +

    +

  18. If you follow the NCSA guidelines for setting up access + restrictions based on client domain, you may well have added + entries for, AuthType, AuthName, AuthUserFile or + AuthGroupFile. None of these are + needed (or appropriate) for restricting access based on client + domain. When Apache sees AuthType it (reasonably) + assumes you are using some authorization type based on username + and password. Please remove AuthType, it's + unnecessary even for NCSA. + +

    +

  19. OldScriptAlias is no longer supported. + +

    +

  20. exec cgi="" produces reasonable malformed + header responses when used to invoke non-CGI scripts.
    + The NCSA code ignores the missing header. (bad idea)
    Solution: + write CGI to the CGI spec or use exec cmd="" instead. +

    We might add virtual support to exec + cmd to make up for this difference. + +

    +

  21. Icons for FancyIndexing broken - well, no, they're not broken, + we've just upgraded the icons from flat .xbm files to pretty and + much smaller .gif files, courtesy of Kevin Hughes at EIT. If you are using the same + srm.conf from an old distribution, make sure you add the new AddIcon, AddIconByType, + and DefaultIcon + directives. + +

    +

  22. Apache versions before 1.2b1 will ignore the last line of configuration + files if the last line does not have a trailing newline. This affects + configuration files (httpd.conf, access.conf and srm.conf), and + htpasswd and htgroup files. + +

    +

  23. Apache does not permit commas delimiting the methods in <Limit>. + +

    +

  24. Apache's <VirtualHost> treats all addresses as + "optional" (i.e. the server should continue booting if it can't + resolve the address). Whereas in NCSA the default is to fail + booting unless an added optional keyword is included. + +

    +

  25. Apache does not implement OnDeny use + ErrorDocument + instead. + +

    +

  26. Apache (as of 1.3) always performs the equivalent of + HostnameLookups minimal. minimal is not an + option to + HostnameLookups. + +

    +

  27. To embed spaces in directive arguments NCSA used a backslash + before the space. Apache treats backslashes as normal characters. To + embed spaces surround the argument with double-quotes instead. + +

    +

  28. Apache does not implement the NCSA referer + directive. See + PR#968 for a few brief suggestions on alternative ways to + implement the same thing under Apache. + +

    +

  29. Apache does not allow ServerRoot settings inside a VirtualHost + container. There is only one global ServerRoot in Apache; any desired + changes in paths for virtual hosts need to be made with the explicit + directives, eg. DocumentRoot, TransferLog, etc.