Apache HTTP Server

Upgrading to 1.3 from 1.2

In order to assist folks upgrading we are now going to maintain a document describing information critical to existing Apache users. Note that it only lists differences between recent major releases, so for example, folks using Apache 1.1 or earlier will have to figure out what changed up to Apache 1.2 before this document can be considered relevant. Old users could look at the src/CHANGES file which tracks code changes.

These are intended to be brief notes, and you should be able to find more information in either the New Features document, or in the src/CHANGES file.

Compile-Time Configuration Changes

• The source code has been reorganized, which affects anyone with custom modules or modifications. But also, the Module directive has been changed to the AddModule directive.
• The Configuration variable EXTRA_LFLAGS has been renamed EXTRA_LDFLAGS.
• The -DMAXIMUM_DNS definition has been obsoleted by changes to mod_access enforcing double-reverse DNS lookups when necessary.
• The -DSERVER_SUBVERSION=\"string\" compile-time option has been replaced with the run-time API call ap_add_version_component(). Compile-time modification of the server identity by the configuration scripts is no longer supported.
• mod_dir has been split into two pieces mod_autoindex, and mod_dir.
• mod_browser has been replaced by mod_setenvif.
• IRIX systems with untrusted users who can write CGIs which execute as the same uid as httpd should consider using suexec, or adding -DUSE_FCNTL_SERIALIZED_ACCEPT to EXTRA_CFLAGS. This is slower, more information is available on the performance tuning page. There is a mild denial of service attack possible with the default config, but the default config is an order of magnitude faster.
• mod_auth_msql has been removed from the distribution.
• The new Apache Autoconf-style Interface (APACI) was added to the top-level to provide a real out-of-the-box build and installation procedure for the complete Apache package.

Run-Time Configuration Changes

• There have been numerous changes to the default config files. Ensure that you compare your existing configuration files with the new ones to ensure there aren't any undesired differences. In particular:
  • As of Apache 1.3.0, the current config files apply different Options and AllowOverride settings to various directories than were used in 1.2.
  • As of the release following Apache 1.3.3, the three config file templates have been merged into httpd.conf-dist and the order of the directives changed.
• As of 1.3.2, mod_expires will add Expires headers to content that does not come from a file on disk, unless you are using a modification time based setting. Previously, it would never add an Expires header unless content came from a file on disk. This could result in Expires headers being added in places where they were not previously added.
• Standalone FancyIndexing directives are now combined with the settings of any IndexOptions directive already in effect, rather than replacing them.
• AuthName strings will need to be quoted in .htaccess or server configuration files if they contain blank characters (like spaces). For example, if you use an AuthName directive like this:

       AuthName This and That
      

  you will need to change it to

       AuthName "This and That"
      

  This change was made for consistency in the config language.
• As of Apache 1.3.1, methods listed in <Limit> directives must be uppercase. Method names, such as GET, POST, and PUT are defined as being case-sensitive. That is, a GET request is different from a get request. Prior to Apache 1.3.1, the <Limit> directive parser incorrectly treated both of these as being the same. Apache's built-in method limit processing currently only understands uppercase method names, so if you've used clauses such as "<Limit Get post>" in your configuration files, you need to correct them to use uppercase names.

  Unrecognized method names in the server configuration files will result in the server logging an error message and failing to start. In .htaccess files, unknown methods will cause the server to log an error to its error log and return an 'Internal Server Error' page to the client.

• The default Apache ServerRoot directory changed from the NCSA-compatible /usr/local/etc/httpd/ to /usr/local/apache/. This change covers only the default setting (and the documentation); it is of course possible to override it using the -d ServerRoot and -f httpd.conf switches when starting apache.
• Folks using HTTP/1.1-style virtual hosting will need to list the ip:port pairs that are supposed to have HTTP/1.1-style virtual hosting via the NameVirtualHost directive (one directive per pair). Previously this support was given implicitly on the "main server address". Now it has to be explicitly listed so as to avoid many problems that users had. Please see the Apache Virtual Host documentation for further details on configuration.
• The precedence of virtual hosts has been reversed (applies mainly to vhosts using HTTP/1.1 Host: headers, and the ServerPath directive). Now the earlier vhosts in the file have precedence over the later vhosts.
• HostnameLookups defaults to Off.
• REMOTE_HOST CGI variable changed. In Apache 1.2 and earlier, the REMOTE_HOST environment variable made available to CGI scripts was set to either the full DNS name of the client, or else to the client's IP address if the name was not known. This behaviour differed from that specified by the CGI specification, which defines this variable as being NULL if the name isn't known. In Apache 1.3, we have made this correction. REMOTE_ADDR always contains the client's IP address, but REMOTE_HOST is only defined when the server has been able to determine the client's DNS name.
• The undocumented mod_access syntax "allow user-agents" was removed. The replacement is the more general "allow from env".
• When using wildcards in pathnames (such as * and ?) they no longer match / (slash). That is, they more closely behave how a UNIX shell behaves. This affects <Directory> directives, for example.
• If no TransferLog directive is given then nothing will be logged. (Previously it would default to logs/access_log.)
• Apache now has configurable error logging levels, and the default eliminates some messages that earlier versions always generated.
• When booting, Apache will now detach itself from stdin, stdout, and stderr. stderr will not be detached until after the config files have been read so you will be able to see initial error messages. After that all errors are logged in the error_log. This makes it more convenient to start Apache via rsh, ssh, or crontabs.
• <Files> sections previously could take a full pathname, and were matched against the full pathnames. This had some inconsistencies, and was removed. To emulate this older behaviour use a <Files> section nested inside a <Directory> section.
• <Location> matching behaviour with respect to slashes has changed. See the <Location> documentation for more info.

Misc Changes

• ServerType inetd has been deprecated. It still exists, but bugs are unlikely to be fixed.
• httpd_monitor has been deprecated. The replacement is to use mod_status and make a request to a URL such as http://myhost/server-status?refresh=10.
• Apache now provides an effectively unbuffered connection for CGI scripts. This means that data will be sent to the client as soon as the CGI pauses or stops output; previously, Apache would buffer the output up to a fixed buffer size before sending, which could result in the user viewing an empty page until the CGI finished or output a complete buffer. It is no longer necessary to use an "nph-" CGI to get unbuffered output. Given that most CGIs are written in a language that by default does buffering (e.g., perl) this shouldn't have a detrimental effect on performance.

  "nph-" CGIs, which formerly provided a direct socket to the client without any server post-processing, were not fully compatible with HTTP/1.1 or SSL support. As such they would have had to implement the transport details, such as encryption or chunking, in order to work properly in certain situations. Now, the only difference between nph and non-nph scripts is "non-parsed headers".

• dbmmanage has been overhauled.

Third Party Modules

The following changes between the 1.2 and 1.3 API may require slight changes in third party modules not maintained by Apache.

• To avoid symbol clashes with third-party code compiled into the server, the general prefix `ap_' was globally applied to the following classes of symbols: Apache provided general functions (e.g., ap_cpystrn), public API functions (e.g., palloc, bgets) and private functions which can't be made static (because of cross-object usage) but should be (e.g., new_connection). For backward source compatibility with Apache 1.2 a new header file named compat.h was created which provides defines for the old symbol names. You'll either have to #include compat.h or update the API symbols you use.
• Be sure and examine the source code reorganization page to see whether any item there affects you.
• Use of SERVER_VERSION definition. If third-party modules reference the server version string using this symbol, they should be corrected to obtain it by calling the new API routine const char *ap_get_server_version().
• ap_construct_url prototype change. The second parameter was previously a server_rec, it has been changed to a request_rec.
• The table datatype has been made an opaque type. Code which assumes a table is the same as an array_header will not compile. This is actually a change to enforce the API the way it was intended, all versions of Apache have had a table_elts() function which is intended for code which needs to access the elements of a table. The changes required for this are pretty easy, and work with all versions of Apache.

  Suppose t is a table. Whenever code refers to t->elts, replace it with something like this:

      array_header *arr = table_elts(t);
      table_entry *elts = (table_entry *)arr->elts;
  

  Whenever code refers to t->nelts use arr->nelts. Many examples can be found in the standard modules, search for table_elts.

Apache HTTP Server