Jim Jagielski [Sun, 13 Jun 1999 19:59:37 +0000 (19:59 +0000)]
PR:
Obtained from:
Submitted by: Mathijs Maassen <mathijs@xs4all.nl>
Reviewed by: Jim, Lars
Add the new DocumentRootCheck directive. This determines if we
check for each DocumentRoot during startup.
dgaudet [Fri, 4 Jun 1999 17:15:48 +0000 (17:15 +0000)]
This patch removes the processing of `mxb' parameters in Accept
headers in mod_negotiation. A second patch updates the manual to
reflect this (mxb is not documented directly in the manual but support
for it is implied in one place).
Reasons for removing this feature:
1) As currently implemented, the 'mxb' feature makes possible certain
denial-of-service attacks on negotiated content. These attacks are
posssible for user communities which access an Apache server from
behind a HTTP/1.1 proxy which implements `Vary' related optimisations.
Plugging this denial of service hole without removing `mxb' is fairly
expensive in terms of degrading caching efficiency.
2) `mxb' is not in HTTP/1.0 or HTTP/1.1 or any other standard
3) Nobody seems to make use of 'mxb'. (Balachander Krishnamurthy
kindly offered to grep some of his web traffic traces -- he did not
find a single Accept with mxb in a whole day of recent traffic, nor in
older traces)
4) Removing a feature makes a nice change from adding features.
Randy Terbush [Sun, 2 May 1999 16:44:24 +0000 (16:44 +0000)]
Make the install-bindist.sh script standalone. (don't require src/helpers)
This could allow us to do binary distributions without source if we choose
to.
PERL detection now makes sure it is perl5 since the 2 scripts in question
(dbmmanage and apxs) require perl5.
Fix some breakage I introduced when creating apachectl.
Randy Terbush [Sun, 2 May 1999 02:58:07 +0000 (02:58 +0000)]
Add functionality to the install-bindist.sh script created by
binbuild.sh to use tar when copying distribution files to the
serverroot. This allows upgrading an existing installation
without nesting the new distribution in the old.
install-bindist.sh now detects the local perl5 path to install
apxs and dbmmanage with proper path to perl interpreter.
Add an install-binsupport target which copies the source files
for apxs and dbmmanage to bindist to allow these scripts to
be properly installed relative to the destination serverroot.
FWIW - abort during commit for changed files commited without
comments.
Ken Coar [Thu, 29 Apr 1999 19:55:53 +0000 (19:55 +0000)]
Point out that for multiple AddLanguage directives with the
same extension, the last one encountered dominates. This is
true of lots of directives, but this is the one on which we
got a PR..
Ken Coar [Sat, 20 Mar 1999 21:51:37 +0000 (21:51 +0000)]
Add PassAllEnv to make all of the server's environment variables
available to CGIs and SSIs within the directive's scope. NOT
recommended for general use, but eases the transition for IBM's
current LDGW customers to Apache.
Ken Coar [Sat, 20 Feb 1999 00:13:29 +0000 (00:13 +0000)]
Remove the ReferIgnore directive from mod_log_config (Dean's veto).
Get rid of the array for the 'env=' clause, since it only takes
a single variable name; use a char * instead. Check for conditional
envars by seeing if the condition string is non-NULL rather than
using a separate Boolean cell.
Ken Coar [Wed, 17 Feb 1999 23:28:11 +0000 (23:28 +0000)]
Add conditional logging based upon environment variable existence.
Also add RefererIgnore functionality from mod_log_referer to
mod_log_config; mod_log_referer and mod_log_agent are now
deprecated. The list of envariables to check is set up as
an array even though the current implementation (TAKE23)
only handles one; just in case we ever want to do something
strange like, 'env=foo,bar,!bag'.
Roy T. Fielding [Tue, 9 Feb 1999 20:20:23 +0000 (20:20 +0000)]
Added a <LimitExcept method ...> sectioning directive that allows
the user to assign authentication control to any HTTP method that
is *not* given in the argument list; i.e., the logical negation
of the <Limit> directive. This is particularly useful for controlling
access on methods unknown to the Apache core, but perhaps known by
some module or CGI script.
Submitted by: Roy Fielding and Tony Finch <dot@dotat.at>
brian [Wed, 20 Jan 1999 04:47:08 +0000 (04:47 +0000)]
Tony Finch says:
>I just realised that this is wrong: the %v won't work on 1.3.4 because
>it always uses the canonical server name. It should be changed to
>%{SERVER_NAME}e.
Jim Jagielski [Sat, 16 Jan 1999 22:00:46 +0000 (22:00 +0000)]
Take II of the shell consistancy change. Although I agree that the use
of '.' is easier on the eyes, 'x' does seem more common and old-dog
shell programmers kind of expect it. It's also easier to search for in
vi :)
Some may question why we need to wrap or protect if we are sure that
the $var isn't null, but it really doesn't cost that much for the
extra insurance and it stops people from having to shift "mental gears"
when they run across such statements.
Some may question why even bother with a consistant style... I think
it's important to write readable code and understandable code and code
that others can maintain easily. A consistant style, IMO, helps this
effort. It also just plain looks better :)
PR:
Obtained from:
Submitted by:
Reviewed by:
brian [Fri, 15 Jan 1999 00:57:10 +0000 (00:57 +0000)]
This is the document on how to use mod_rewrite to eliminate the need for
virtualhost settings in the config file. Many thanks to Tony Finch <dot@dotat.at>
for contributing this!
pcs [Sat, 9 Jan 1999 16:53:56 +0000 (16:53 +0000)]
Try to avoid some confusion from the changing of command line arguments,
by documenting the meanings of the arguments for each different version of
Apache. This is important since the current live site now documents the
"new" behaviour (for -L, -l, h) even though there is no released Apache
for which that documentation is valid. Even after releasing 1.3.4 users of
older versions will be accessing the documentation.
Small fix for mod_env.html: The module was documented as to be _not_
compiled into Apache per default, although it _IS_ compiled into
Apache per default.
Two minor enhancements to mod_rewrite: First RewriteRule now also supports the
``nocase|NC'' flag (as RewriteCond already does for ages) to match case
insensitive (this especially avoids nasty patterns like `[tT][eE][sS][tT]').
Second two additional internal map functions `escape' and `unescape' were
added which can be used to escape/unescape to/from hex-encodings in URLs parts
(this is especially useful in combination with map lookups).
Submitted by: Magnus Bodin, Ian Kallen
Integrated and fixed by: Ralf S. Engelschall
Fix a few minor inconsistencies related to directive scoping
============================================================
1. httpd -h
Under "httpd -h" one gets a nice English description in which scope a
directive can occur. But we talk here only about <Directory> and <Location>,
although <Files> is treated the same (also with `cmd->override ==
ACCESS_CONF|OR_ALL'). So I think it's correct to also list <Files>, too.
2. Used scope variants
Currently we have 203 directives and they use the following scopes (the
numbers in parenthesis gives the number of directives using a particular
scope):
The first one is just a syntax overkill. It means only OR_ALL, because OR_ALL
includes (implicitly) already RSRC_CONF and ACCESS_CONF. So, when we fix
this to OR_ALL we get:
The remaining RSRC_CONF|ACCESS_CONF|OR_AUTHCFG is used by two directives:
UseCanonicalName and ContentDigest. Two not too old directives which were
added mostly at the same time. They're are implemented the same way.
But the scope looks incorrect. Why?
First, it's again syntax overkill, ok. We can reduce it to
RSRC_CONF|OR_AUTHCFG. But when we compare it to all other used scopes, it
looks very inconsistent. No other of the 203 directives want to be applicable
in such a non-orthoginal scope: on the first hand inside the AuthConfig scope
(which means .htaccess under "AllowOverride AuthConfig" plus _INSIDE_ of
<Directory>/<Location>/<Files> sections in httpd.conf only) and on the other
hand also in RSRC_CONF (which means _OUTSIDE_ of
<Directory>/<Location>/<Files> sections in httpd.conf only). Sure, finally
it's everywhere in httpd.conf plus .htaccess under AuthConfig scope. But it's
not intuitive: Directives which want to be applicable in such a total scope
use OR_OPTIONS, OR_FILEINFO or OR_INDEXES. And when we think about
UseCanonicalName and ContentDigest we find out that they belongs more to
Options, XBitHack and CheckSpelling than to any AuthXXXX directives.
So, I propose to change the scope of those two directives to OR_OPTIONS. It
makes no big difference, of course. It still is useable everwhere inside
httpd.conf, but inside .htaccess now under Options instead of AuthConfig. And
it both belongs to the more correct group of directives and makes our list of
used scopes more consistent.
With the above patch be get this consistent scope-list:
When we take into account that _theoretically_ there are a lot more variants
of these or'ed values are possible, this list is _VERY_ clean. Actually it's
the most clean variant I can think of (except for the fact that the whole
mechanism is a horrible mess ;-)...
Cleanup the command line options: `-?' was documented to show the usage list
but does it with an error because `?' is not a valid command. OTOH a lot of
users expect `-h' to print such a usage list and instead are annoyed for ages
by our huge unreadable list of directives. So we now changed the command line
options this way:
1. `-L' => `-R'
Intent: we need `-L' to be free, and `-R' for the DSO run-time path is
very similar to the popular linker option.
2. `-h' => `-L'
Intent: while -l gives the small list of modules, -L now gives the
large list of directives implemented by these modules. This is also
consistent with -v (short version info) and -V (large version info).
3. `-?' => `-h'
Intent: it's now the expected option ;-)
The manual page was adjusted accordingly.
Submitted by: Ralf S. Engelschall
Reviewed by: Randy Terbush
PR: 2714
dgaudet [Sun, 13 Dec 1998 20:42:16 +0000 (20:42 +0000)]
update the draft-ietf-http-connection-00 link... this new link works... but
I'm still not sure if this draft has issued as an RFC or if it's just fallen
dead
PR:
Obtained from:
Submitted by:
Reviewed by:
pcs [Fri, 4 Dec 1998 17:37:06 +0000 (17:37 +0000)]
Fix negotiation so that we prefer an encoded variant over an unencoded
variant if the user-agent explicitly says it can accept that encoding.
Previously we always preferred the unencoded variant.
PR: 3447
Submitted by: Paul Ausbeck <paula@alumni.cse.ucsc.edu>
Reviewed by: Paul Sutton
pcs [Fri, 20 Nov 1998 16:39:03 +0000 (16:39 +0000)]
Make documentation clearer for Windows users: state when descriptions
apply only to Unix; add links to Windows and TPF instructions. Where
defaults are different in OS/2 or Windows, show them. Add the -k command
line option (Windows only).
projects / apache / log