Change History for httpd

History list for the W3C httpd . (See also Known Bugs in the current release, archive of older releases). Many other changes to the daemon are in fact changes to the W3C Reference Library.

CERN terminated its direct engagement in the World Wide Web with the release of CERN httpd version 3.0. The code is now developed and maintained at W3C.

3.0 Release

The common BUILD for the Line Mode Browser, the W3C httpd and the Library of common code now accepts a command line option:
```
	BUILD linemode | daemon | library
```
to build a specific component. The default action is to build all three parts. BUILD is now also provided in a Bourne Shell version
Added the following directives as directives in the configuration file:

IconPath
This one allows to redirect the standard icons to another server without having to do the installation manually.
AddIconToStd
This allows to add a icon to the standard set. This is handy if a single icon is to be added for a specific MIME-type
Also added
- LogFileDateExt
as a new configuration directive. It specifies a common time/date extension for all the logfiles. Spaces in the format are converted to `_`
Logfiles are now opened with a O_APPEND option on UNIX platforms. This should prevent child processes from writing to the log file at the same time
Bug in `\ ' parsing fixed in config file
Bug in password recognition fixed. This ensures no more endless loops!
Fixed bug on GMT time calculation (thanks to Michael Fischer)
Increased the BACKLOG number of the listen command from 5 to 32 - thanks to Simon E Spero, ses@tipper.oit.unc.edu.
Error messages are always of type www/html. They were not initialized in the previous release.
Removed all use of inet_ntoa(). This function causes BIG problems on many platforms
Fixed bug in AddBlankIcon (now understands both with and w/o ALT tag)
The '*' is not a valid alias for `All' in this release.
Max linelength for any line in the config file is now put to 1024 characters
Bug in Timezone calculation for sysV fixed, thanks to Rainer Klute
Bug in redirection fixed. Now any search information is also returned as a part of the redirection
The no-linger will not be turned off as it is needed on some platforms, e.g. the UTS
Bug when calling a script with no name, that is "" fixed
Cache garbage collection now falls back to default value 3.00am if wrong date format given (was turned off completely)
Incorporated Lauren Weinstein's (second) ISC 3.0 changes
This time Makefiles really don't have includes left
HTPut.c no longer in the distribution (confused Imake)
CacheSize automatically taken to be 90% of the given value (10% has been experimentally seen to be the amount of diskspace taken up by the directory structure and cache info files, and allows a suitable margin)
Memory problem on AIX platform in buf_put_char() fixed
Updated ICE package
Now zombies should be avoided on SVR3 platforms

3.0 Prerelease 6 on 3 June 1994

Distribution now contains the ICE indexing package by Christian Neuss.
DirAddHref directive by Guenther Fisher.
Fixed the SIGPIPE bug with POST which caused CGI scripts to exit prematurely without a reason.
Fixed the bug that prevented uid and gid from being set correctly when they were specified in the inlined protection setup (external file worked fine).
Fixed the stupid problem with gc_info file not being initialized with certain gc's.
SCO support by Brian King (thank you!).
A-umlaut problem with FTP README files fixed.
Fixed the bug with conditional GET from the client causing a closed connection when there was no cache file on the proxy for it and the remote server sent "Not modified".
Fixed the bug with proxy URL re-escaping when the original hostname was in upper-case.
~ and : are no longer escaped in automatic redirections.
Fixed the bug that httpd would try to bind to port in -gc_only mode.
ParentUserId and ParentGroupId to set the uid and gid of the parent process right after binding to port (some people complained that setuid() is slow on certain systems).
If CacheLastModifiedFactor is Off then CacheDefaultExpiry is used instead of zero LM factor.

3.0 Prerelease 5 on 19 May 1994

New cache configuration directive CacheRefreshInterval for specifying the maximum allowed time between consecutive up-to-date checks regardless of expiry date. This is good for cases when it is vital to always have the most up-to-date information even if expiry date has been approximated to be too far off.
CacheDefaultExpiry time no longer defaults to non-zero for FTP or Gopher - it is always zero. I am thus forcing proxy maintainers explicitly set these values if they want to have FTP and Gopher cached.
Fixed the bug which caused proxy truncate binary HTTP0 responses.
Fixed the bug the in the configuration file it wasn't possible to do Map'pings onto a WAIS URL. Now it's possible to run httpd as a WAIS gateway as well as a WAIS proxy.
Fixed the bug with invalid last-modified fields confusing the caching system.
Fixed the bug with headers sometimes missing form the proxy reply even though the original reply was HTTP1.
Now passes proxy URL's that were un-Map'ped by the rule system as they came in; this will fix the problems with servers that insist on having their URL's encoded in a special, non-canonical form (e.g. dranet.dra.com).
Fixed the bug that caused temporary backup files with IMG-GET to be left behind (thanks to Shouichi Matsui).
Fixed the bug that in a cascade of proxies the first proxy would strip away the keywords.
Fixed the bug that "ä" character caused Gopher listings to be truncated.
Fixed the bug that daily garbage collection sometimes didn't start.
Fixed the ProxyAccessLog (new & broken in pre4).
Content-encoding with FTP works again; now clients can uncompress transparently again (broken since 3.0pre1).
README files in Directory listings containing "<", ">", and "&" are now parsed corectly.
Bug in FTP using short directory listings fixed. Also file sizes are now shown as "-" and not "0" as before.
FTP is now generally more robust and knows how to handle more servers like Windows NT and OS/2.
Multiline error messages understood by FTP.
Gopher client now handles characters like "<" in file titles.
Error messages improved in Gopher, FTP and HTTP.
Improved the code for CSO Name Server via Gopher.
Added Sun3 to the BUILD script.

3.0 Prerelease 4 on 11 May 1994 (only for beta-testers)

IMPORTANT: CacheDefaultExpiry, CacheUnused and CacheClean are now matched so that the first match is used, not the last one, e.g.:

        CacheDefaultExpiry  */cgi-bin/*  0
        CacheDefaultExpiry  */htbin/*    0
        CacheDefaultExpiry  *            12 hours

now works as expected.

Direct WAIS support on the proxy works again; WAIS support can be compiled in by unpacking the freeWAIS-0.3 distribution in the same directory as WWW and compiling it, uncommenting appropriate lines from the platform specific makefile WWW/All/XXX/Makefile.include, and then doing the normal BUILD in directory WWW.
KeepExpired directive; if turned On the proxy will not remove expired HTTP documents from the cache during regular garbage collection but use up all the cache space, thus increasing the effectiveness of if-modified-since [documents that have expired are still usually not modified and become valid again after a check from remote server].
ProxyAccessLog for logging proxy accesses, i.e. accesses that were not satisfied by the server in normal HTTP server mode, but required an external connection from the proxy server. [Broken, will be fixed in pre5.]
FTPDirInfo Top | Bottom | Off directive for specifying the placement of FTP messages in FTP directory listings.
DirShowHTMLTitles Off can be used to disable HTML TITLEs in the directory listings.
Proxy process now lowers its priority when it's doing garbage collection, and when it's retrieving a document to cache but the requesting user has interrupted the connection (thanks to Peter Parnes for the idea!).
Linux changes by Matt Ranney, thank you!
Made socket lingering optional - in Linux it's causing problems, and according to somebody it's not necessary at all. If I'm wrong Linger On enables it again.
ISC 3.0 port, thanks to Lauren Weinstein for it!
Fixes the bug that standard icon set was initialized even when there were icon settings in the configuration file.
Added a kludge that sends a cursor-return and line-feed after CGI script input (for scripts that do line-oriented reading).
Nasty divide-by-zero situation and a random-memory-free in garbage collection fixed, thanks to Henrik Nordström!
When a directory listing cache file (e.g. pub/www/src) gets moved when a link in that listing is followed (e.g. to pub/www/src/.cache_dirindex), a correct entry is now written to .cache_info file, so that index no longer expires immediately.
Directory browsing title/heading & parent directory link problem for both HTTP and FTP fixed; now always correctly shows the directory in the title, and gives the parent directory link for all the others except root directory.
Fixed the strange bug with large CGI script outputs having a MIME header both before and after the response (happened when MaxContentLengthBuffer size was exceeded).
FTP module now returns a timeout message correctly. And yes, we know that there are still weird FTP servers whose output is not understood.
DNSLookup directive for disabling the reverse DNS lookup to find out the remote DNS hostname for cases when DNS seems to be a bottleneck. Disabling this will naturally prevent the use of DNS name templates in access control, and results in plain IP numbers in the logfiles.
ServerType StandAlone | Inetd directive to select the server type. If not set will default to StandAlone if Port is defined or -p option used, otherwise to Inetd.

3.0 Prerelease 3 on 5 May 1994

No longer strips hyphens from content-types and content-encodings that are given in the configuration file (broken in pre1).
GMT-to-localtime transformation works now on all platforms in caching (was broken on others than Sun).
Binary-FTP works again (broken pre2).
Unescaping bug fixed in news module (caused many articles to fail to be retrieved).
News module now gives appropriate error reponses for unavailable articles and non-existent news groups.
FTP and HTTP modules now give better error responses.
Fixed the cache access log to show the correct content-lengths.

3.0 Prerelease 2 on 30 April 1994 (only for beta-testers)

Respects UserId and GroupId directives again.
FTP module no longer prints messages to stderr in non-verbose mode.
~username form understood with ServerRoot, Search, PutScript, PostScript, DeleteScript, AccessLog, ErrorLog, CacheAccessLog directives.
Opens cache access log only if caching is turned on.
Binary distribution now contains a template configuration file that has all the configuration directives understood by httpd (thanks to Sean Gonzalez for it!).

3.0 Prerelease 1 on 29 April 1994 (only for beta-testers)

If-Modified-Since GET request now works correctly with proxy (client can do conditional GET/proxy can do conditional GET plus all the combinations of these).
Pragma: no-cache supported; by sending this header to the proxy the client will force it to refresh its cache from remote server. Pragma headers are also forwarded to the remote server.
Server now resets its state correctly when it receives the HUP signal (directory listing icons used to stop working).
-restart option - httpd will find out the actual server process number and send s HUP signal to it to make it reload its configuration files; note that httpd must still have the same configuration file command line parameters (-r options) as the actual server (so it finds out the ServerRoot and PidFile).
Now makes appropriate entry to error log when restarting.
Made common logfile format default, the old format can still be used with the LogFormat directive:
```
	LogFormat old
```
Multiple wild-card (asterisk) matching in configuration file works; it is a bit different from typical regular expression matching in that the wildcard matches the shortest possible amount of characters instead of the longest matching string; this is the best choise in most of the cases. Consider:
```
	Pass  http://*/*  /mirror/*/http/*
```
Clearly the first asterisk should rather match only the hostname, and not the entire path except the filename.
Rules can now have asterisks and whitespace in them: precede them with a backslah; as a result also the backslash itself has to be escaped with another backslash.
The tilde character after a slash has to be explicitly matched:
```
	Map	/*	/foo/bar/*
```
does not match user-supported directories, but:
```
	Map	/~*	/Webs/users/*
```
does match them.
Fixed the problem that user-supported directories could not be mapped or Protect'ed.
Hostname matching made case-insensitive in access control/caching
Added suffixes .htm and .htmls to the default set of known suffixes.
Fixed some of the mysterious caching problems (all that were reported to me and that I could reproduce).
Made it possible to specify the various byte/kilo/mega sizes in cache configuration with letters after the number (so it's no longer necessary to remember if the default is kilobytes or megabytes):
```
	CacheSize	150 M
	CacheLimit_1	100 K
	CacheLimit_2	2 M
```
The numbers still have to be cardinals.
Content-Length given for all documents, including (non-nph-)script responses, generated directory listings, error responses, all the documents retrieved over another protocol by the proxy (FTP, Gopher, ...), including HTTP responses from servers that didn't give it originally.
MaxContentLengthBuffer directive to specify the maximum bytecount for the proxy to buffer in order to find out the content-length for the client - content-length is always calculated for the logs, but the user migth interrupt the connection if nothing seems to be happening, even though it is the proxy that is just buffering the entire file in order to find out the content-length before actually sending it to the client.
Caching module now checks that it receives the correct content-length; if not it discards the cached document. This rules out the possibility to cache a truncated document from a timed out connection in 99.99% of the cases (0.01% comes from the fact that Plexus sends a timeout error message concatenated to the document and if so should happen that this produces exactly the correct content-length then there is nothing that can be done about it; in practice this never happens).
Made HEAD work always, even on proxy with other protocols (FTP, Gopher...).
PASV (Passive mode) in FTP now supported. It is no longer necessary to allow incoming connections above 1024 on the firewall host just to make FTP work. If PASV fails httpd will retry PORT.
Welcome messages from FTP servers get shown on top of the directory listings.
Fixed bug with old FTP files fixed getting wrong date in the listing.
Gopher listings now have icons.
Proxy now reports unknown host errors appropriately.
Fixed encoding-decoding problems with directory listings.
Added ScriptTimeOut - scripts that do not finish in this amount of time will be killed by httpd. Default value is 5 minutes.
A /~username URL with an invalid username no longer causes an infinite redirection loop.
The two files missing in FTP listings are no longer missing (they weren't in 2.18beta, either).
Fixed a possible error condition that might cause the server to stop responding, or even die.
Server now resets its UserId and GroupId even when in gc-only mode (this solves problems with .cache_info files sometimes being unwritable to actual caching processes).
CacheAccessLog is now opened during startup while running as root to avoid opening problems. There is no longer logging to individual files according to remote hosts - all cache accesses are logged to this single file.
CacheOnly directive for specifying a set of URLs that should be cached (for cases when there are only a few sites that should be cached).
Added DELETE-Script directive for specifying the CGI script to handle DELETE method.
NoProxy directive to allow the proxy to do direct access to some servers instead of connecting to another proxy server (contains a list of domain names). This works exactly like the no_proxy environment variable on clients. (Thanks to Rainer Klute for the patch!) This is only necessary when running multiple proxy servers that connect to each other.
Fixed a bug that sometimes caused time directives to be parsed incorrectly (e.g. CacheDefaultExpiry).
Multilanguage addition to allow server to understand e.g. that British English is also English, and that the US citizens do understand it (thanks to Toshihiro Takada for the patch!).
Removed:
- GcReqInterval and GcTimeInterval - not very good criteria to start doing garbage collection (GcDailyGc is better, giving the actual time to lauch gc)
- cache access logging to individual logfiles according to remote host (wasted resources - a separate program is better for collecting this information from a single log file).
- -a and -R options (never used).
- BodyTimeOut replaced by ScriptTimeOut
- includes from Makefiles (not supported by all the makes).
- #elif preprocessor directive removed (wasn't supported by all the HP preprocessors)

2.18beta on 10 April 1994

Long FTP directory listing with last modification dates and sizes
Fixed a bad bug with Port directive -- server didn't fork but rather the parent process served which caused the service to eventually hang (this is the main reason for this release).
CLIENT_CONTROL removed from SOCKS mods since httpd has now native proxy protection support.
No longer fails to sometimes create .gc_info file.

2.17beta on 5 April 1994

General New Features

PUT and POST can be configured to be handled by external CGI scripts; PUT-Script and POST-Script directives
BodyTimeOut for timing out scripts waiting for input that never comes from clients
IdentityCheck directive to turn on RFC931 remote login name checking
REMOTE_IDENT for CGI giving remote login name; this was the only feature missing to be fully CGI/1.0 compiant
CGI/1.1 upgrade:
- all the headers without a special meaning to CGI from CGI scripts get passed to the client
- Status: header to specify the HTTP status code and message for client when not using NPH scripts
- all HTTP request header lines which are not otherwise available to the scripts get passed as HTTP_XXX_YYY environment variables
Understands conditional GET request with If-Modified-Since header
kill -HUP causes httpd to re-read its configuration file
PidFile directive for specifying the file to write the process id [makes it easy to send the HUP signal
ServerRoot directive to specify a "home directory" for httpd
Directory listings with icons; by default icons are in icons subdirectory under ServerRoot
The precompiled binaries are distributed in a tar packet that contains a set of default icons; the easiest way to configure the icons is to just set the ServerRoot to point to the binary distribution directory [its name is cern_httpd]
Welcome directive to specify the name of the overview page of the directory; default values are Welcome.html, welcome.html and, for compatibility with NCSA server, index.html. Use of Welcome directive will override all the defaults.
AlwaysWelcome directive to configure if /directory and /directory/ are to be taken to mean the same thing, or should only /directory/ be mapped to the overview page and /directory produce the directory listing.
/~user causes an automatic redirection to /~user/
Now gives also the Date: header.
Port directive to config file specifying the port number to listen to.

Access Authorization Enhancements / Proxy Protections

Now also domain name templates, like *.cern.ch, can be used in specifying allowed hosts, not only IP number masks
ACLOverRide directive to allow ACLs to override the Masks set in the protection setup [without this feature ACLs cannot allow anything more than what the Masks allow, only restrict access further]. This directive disables Mask checking if an ACL file is present.
Since setting up protection seemed to be unnecessarily hard, it is now possible to give the protection setup in the main configuration file instead of having to use a different file; it is still ok to use a different file.
- Protection directive defines a protection setup and associates a name with it:
```
	Protection  prot-name  {
		AuthType    Basic
		ServerId    Test-Server
		PasswdFile  /where/ever/passwd
		GroupFile   /where/ever/group
		UserId      someuser
		GroupId     somegroup
		GET-Mask    list, of, users, and, groups
		POST-Mask   list, of, users, and, groups
		PUT-Mask    list, of, users, and, groups
	}
```
  The content between the curly braces is the same as used to go the the protection setup file. What's new is the possibility to specify the UserId and GroupId for the clild process when serving the request in protected mode. This is not possible with external files for security reasons [it is not possible inside the external file, but it is not possible if the ids are set when calling that file; see doc for more details].
- A single Mask directive for cases when GET-Mask, POST-Mask and PUT-Mask are the same.
- In Protect rule the prot-name is specified instead of the file name; what's more is that Protect can now be used to protect also proxied URLs:
```
		Protect http:*   prot-name
		Protect ftp:*    prot-name
		Protect gopher:* prot-name
```

Enhancements, Fixes

Incorporated Ian Dunkin's <imd1707@ggr.co.uk> SOCKS modifications (thank you, Ian!); read the README-SOCKS file in the source code distribution for more information.
SIGPIPE causes a normal child to exit; proxy child will correctly stop writing to client socket but still writes to cache file [previously just kept on writing to the socket, too]
401, 402, 403, 404 errors don't go to error log anymore
error log contains now the host name and request
no longer sends Content-Transfer-Encoding, we agreed upon using Content-Encoding for compression
fixed funny panic message from format module in verbose mode even though everything was ok [only aesthetic]
now gives again "not authorized" rather than not found if trying to access a protected but nonexistant file; this way even filenames don't leak

all time specifications in configuration file have more readable forms:

        1 year
        2 months
        3 weeks 2 days
        5 days 20 hours 30 mins 2 secs
        20:30
        20:30:01
        2 weeks 20:30

Case-sense bug with LogTime, LogFormat, DirAccess and DirReadme fixed; now paramters really are handled in a case-insensitive manner.

Proxy Additions, Fixes

Proxy protections, see above
Made proxy do smart guesses about the content of an unknown file while retrieving from the remote; this will end the problems of some files not being transferred to WinMosaic or Lynx. IMPORTANT: Everybody, remove the rule [if you have it]:
```
        AddType  *.*  text/plain
```
because it would disable this smart feature.
Fixed a bug with unknown binary gopher files being truncated
Fixed the bug with trailing slashes in ftp directory listings
Fixed the bug with requests not being URL-encoded when forwarding the request
Fixed a bug with filenames in directory listings not being URL-encoded
Fixed stupid "mail-us" situation in certain situations when ftp load fails

Proxy Caching

Cache is refreshed using the conditional GET method [use of If-Modified-Since header]
Standalone cache mode with CacheNoConnect directive [causes an error rather than document fetch when the document is not in the cache]
Possibility to disable garbage collection altogether
Possibility to disable expiry checking
Caching Off to explicitly turn off caching even if there are other caching directives specified
-gc_only command line option to do garbage collection as a cron job for sites that run httpd as a proxy from inetd. However, since httpd now re-reads its configuration files when it receives a HUP signal, it makes standalone operation now even more easy, and inetd should no longer be much more convenient.
Host names are converted to all-lower-case to avoid doing multiple caching for a single site.
Files expiring immediately never get written to the cache; not even part of it.
By default HTTP-retrieved documents without an Expires: and Last-Modified: field never get cached [because they are usually generated by scripts and should never be cached]; therefore I strongly advice against the use of CacheDefaultExpiry for HTTP.

Caching control directives have changed to take a URL template as a first argument, and a more readable time format:

        CacheDefaultExpiry  ftp:*     2 weeks 4 days
        CacheDefaultExpiry  gopher:*  6 days
        CacheUnused         http:*    1 month
        CacheUnused         ftp:*     2 weeks
        CacheUnused         gopher:*  1 week 5 days 2 hours 1 min 30 secs

Made the expiry date approximation configurable; by default documents with Last-Modified: but without Expires: expire after 10% of the time that they have been unmodified. CacheLastModifiedfactor can be used to change this value, or turn this feature Off. Default value is 0.1 [=10%].
Understands yet another date format:
```
        Thu, 10 Feb 1994 22:23:32 GMT
```
This date format is not conforming to the spec, so use of it is discouraged! This is only to make the proxy more robust.
NoCaching directive to prevent certain URLs from being cached at all.
Time margin to get rid of problems with machine clocks having inaccurate times and confusing caching.
GcDailyGc to specify a daily garbage collection time, by default 3:00. [Can be turned Off, too.]
Now possible to disable GcReqInterval and GcTimeInterval [by default disabled].
Expired cache lock files get removed also during gc.
CacheAccessLog to specify a different log file for cache accesses; also possible to make a separate log for each remote host.

cgiutils

A new product cgiutils for producing HTTP1 replies from CGI scripts, and for easily generating the Expires: header given the time to live, e.g. "2 weeks 4 hours 30 mins".

2.16beta on 28 February 1994

Firewall Gateway (Proxy) Additions, Fixes

ftp with binary files work
x-compress and x-gzip work correctly over proxy
Firewalling now works through arbitrary number of proxies; http_proxy, ftp_proxy, gopher_proxy and wais_proxy configuration directives cause proxy to connect to the outside world through another proxy. Environment variables with the same names have same effects, but config file is user-friendlier for this.
Now sends all the headers sent by client.
Proxy log file now gives byte count.
Proxy log file now gives correct status code also on error.

Firewall Gateway (Proxy) Caching

CacheRoot directive specifies cache root directory, and turns on proxy caching. Cache root directory must be dedicated to httpd - all files in there are subject to garbage collection.
Cache size (in megabytes) is specified by CacheSize directive; cache size should be several megabytes, 50-100MB should give good results. Cache may, however, temporarily grow a few megabytes bigger than specified. Also, space taken up by directories is not calculated in the current version.
http, ftp, gopher with GET method get cached.
However, not caching:
- HTTP0 responses (you never know if it failed; also confused HTTP1 servers sometimes output garbage in front of HTTP1 headers).
- Protected documents (request had Authorization: field).
- Queries - they have too often side-effects. (POST should be always used with forms, and all script responses should have Expires: header when necessary. Until then, we don't cache them.)
Expiry date is extracted:
- From Expires: header.
- If not present Last-Modified: is used to approximate expires. If a file hasn't changed in five months the chances are it won't change during the next week. On the other hand, if a file has changed yesterday, it will probably change again pretty soon. I know this is heuristic but until all the servers give Expires: this works much better than not using it, so no flames about it.
- If Last-Modified: not given use the time given by CacheDefaultExpiry directive, default 7 days.
Format of cache files and directory structure under cache root is subject to change if necessary. No application should yet rely on any certain cache format. Eventually I can see clients accessing cache files directly, bypassing proxy server.
Caching system understands both time formats, also the one output by old NCSA httpds.
Cache files get locked during transfer. Lock files time out if something goes wrong. Timeout can be set by CacheLockTimeOut directive (default 20 minutes). During the lock is in effect, further requests to the same file get retrieved from the remote host.
Garbage collection directives:
- GcMemoryUsage to advice gc about how radical to be in memory use (more memory => smarter gc).
- GcTimeInterval, how often to do gc.
- GcReqInterval, after how many requests to do gc.
- (gc is also automatically started if cache size limit is reached.)
- CacheLimit_1, size in KB until which files are equally valuable despite their size (200K).
- CacheLimit_2, size in KB after which files get discarded because they are too big (4MB).
- CacheClean, remove all files older than this (default 21 days).
- CacheUnused, remove all files that have not been used in this long time (default 14 days).
Garbage collector always removes all expired, too long unused, and too old files.
If cache size limit is reached some files need to be sacrified; the current algorithm takes into account:
- Time remaining to unconditional removal; if it expires tomorrow it might as well be removed today.
- Time last accessed; if it hasn't been accessed in 5 days, it probably won't be accessed anymore before it expires.
- Size; huge files get removed move easily.
- Time it took to load it from the remote host; files that were time-consuming to transfer have much higher value. This compensates the size factor. Load delay is the single most significant value.
- Time it has already been in cache; ancient files get removed more easily than fresh ones.

Other New Features

Error log file.
Referer: field ends up in error log when a request fails.
UserId and GroupId to set default uid and gid (used instead of nobody and nogroup).
Timeout for input and output; default time to wait for a request is 2 minutes, and to send response 20 minutes. Timeout causes a note to error log, and terminates child (no more hanging httpds). Note: the one zombie is normal; don't report to me about it, I may do something about it some day, or maybe I won't. Zombie doesn't take up any other system resources except the one process table entry.
Suffixes are no longer case-sensitive by default; this may be changed via the SuffixCaseSense configuration directive.
Lou Montulli's news and proxy diffs added to the library.
Most command line options now also available as configuration directives:
- DirAccess
- DirReadme
- AccessLog
- ErrorLog
- LogFormat
- LogTime
-vv command line option for Very Verbose trace output. Outputs also request headers as they came in. Otherwise like -v flag.

Enhancements, Fixes

NPH-scripts now work from automatically backgrounded standalone server.
Fixed the many problems with Content-Transfer-Encoding:
- Mosaic uses Content-Encoding, although spec says Content-Transfer-Encoding; I now output both
- Content-Transfer-Encoding sometimes didn't show up although it should have, fixed.
- Content-Transfer-Encoding didn't come up correctly with ftp, fixed.
Strange escaping fixed with directory indexing (legal characters got escaped randomly by a gcc-compiled version).
Timezone bug around midnight with the new logfile format fixed. (New logfile format is not yet default, use -newlog command line option, or LogFormat directive in configuration file.)
Dashes for non-existent status codes and byte counts now show up correctly in the log.
Forking code once again enhanced - fixed a possible hanging situation.
Log time fixed to be the time of incoming request, not the time of request served.
Zombies now correctly waited away on HP (this was in fact fixed already in 2.15beta binaries distributed after February 17th - note, that this bug had no effect on any other platforms ).
Directory listings no longer have Content-Length: (because it was wrong).
Now understands also the old Accept: syntax, with spaces as separators between actual content-type and its parameters. This will eventually be taken out.
htadm now uses the same file creation mask as in the original password file.

2.15beta on 11 February 1994

There is one single thing that needs to be done when changing over from httpd 2.14 to 2.15:

        Rename your old /htbin scripts to end in .pp suffix!

General Notes

Code tested under Purify -- all detected memory leaks and bugs fixed.
Forking code enhanced -- no longer crashes when running standalone. Everybody should start running CERN httpd standalone instead of from inetd
Documentation redesigned, but still under construction
Contains Solaris port, but not VMS

CGI/1.0, Common Gateway Interface

CGI/1.0 interface fully implemented
Old W3C httpd scripts will continue working if you rename them to end with .pp suffix. Links referencing these scrips do NOT need to be changed. (This feature does not add any overhead to CGI/1.0 script calls.)
New product cgiparse for CGI/1.0 scripts to parse QUERY_STRING env.var and to read CONTENT_LENGTH characters from stdin
htimage upgraded to CGI/1.0
The whole server-environment is propagated to CGI script, except for variables that are reserved for CGI/1.0.
Scripts are spawned by doing a fork() and exec() instead of system() -- more efficient and secure

Firewall Gateway Modifications

Access authorization works thru firewalls
So does POST, therefore forms also
-disable/-enable command line options and Disable/Enable configuration directives for dis/enabling HTTP methods. GET, HEAD and POST are enabled by default.
Fix: text/html and text/plain not passed multiply to servers when running as gateway
Fix: */*, image/* etc not expanded by the gateway
Fix: try local search ONLY when accessing local files

Other New Features

When started standalone in non-verbose mode automatically disconnects from terminal session and goes background
User-supported directories enabling URLs starting with /~username
Redirection
Meta-information files to allow RFC-822-style headers to be appended to server response header section
New, common logfile format, localtime default, GMT as an option
Ability to suppress logging for certain hosts/domains according to given hostname template or IP number mask, like *.cern.ch or 128.141.*.*
-setuid option to set server uid to authenticated uid (local)
Multilanguage support: same URL can be used to retrieve a document in different languages
AddLanguage, AddEncoding and AddType directives to configuration file (AddType replaces Suffix)
Better multiformat algorithm
HostName directive to configuration file for servers that want to give CGI/1.0 scripts a different hostname than the actual. Useful if machine has many aliases, or if httpd fails to get the full domainname.
Exec rule obsoliting HTBin directive -- now multiple script directories possible, with arbitrary mappings
Get-Mask, Post-Mask and Put-Mask for protection setup files. Get-Mask obsolites Mask-Group
Groups All/Users and Anybody/Anyone/Anonymous automatically defined. All means anybody that has been authenticated, and Anybody is just anybody
Server:
Last-Modified:
Content-Length:
Content-Language:
Content-Encoding:
Scripts can output also Uri: and Expires: headers (this will eventually be made more general)
HEAD works, also with stupid scripts that also output the body

Enhancements, Fixes

The final explicit Map to filesystem in configuration file no longer required, because it was causing confusion
Assume Basic authentication scheme even if not explicitly mentioned in setup file
Get client DNS hostname, for the logfile among other things
Fail made the default when rules are translated to the end without coming accross with a Pass, Exec or Fail rule (this is to enhance security, it was too easy to forget the Fail * from the end of config file)
Made config (rule) file understand different ways of writing keywords, e.g.: UserDir, userdir, User-Dir, user_dir, UserDirectory and so on
The eight misplaced server-side access authorization files moved away from libwww
Fix: directory indexing works with a trailing slash
Fix: HTSimplify() might have behaved unexpectably on some systems (called strcpy() with overlapping args)
Fix: sometimes returned "Forbidden -- refusing to serve to your IP address", although there were users allowed to do that.
Forking moved to the beginnig of message handling -- increases server reliability and responsiveness highly when standalone.
Inefficient parts rewritten -- better performance.
Fix: no longer uses the same time in log file when standalone.
Fix: works also if a non-full URL in Location: contains a #label (doesn't do redirection-on-fly but an actual redirection)

2.14vms on 15 December 93

Provisional Distribution for VMS
In HTScript only one file is opened for sys$error and sys$output.
The updates to the logfiles have the correct timestamp on them.
The updates to the logfiles are now flushed from C as well as from RMS.
The multinet socket options KEEPALIVE and REUSE are set to make sure you can reuse the port.
If the server runs with SYSPRV all Access Authorisation related files are accessed over the system field of the file protection. This is also true for the rule file. You can therefore protect all these files from world readability.

2.14 on 16 November 93

Mosaic forms support added.
Clickable image support, see demo.
Easy-to-use index search interface -- no changes need to be made to daemon code to enable searches (implemented as /htbin scripts).
Handles redirection directly without sending it to client, if Location: field returned by a script is not a full URL. Translates rules and checks access authorization even in this case.
Added MIME Content-Type wild-card handling, i.e. image/*, audio/*, */* etc.
Now ignores SIGPIPE signals (doesn't die if client suddenly closes connection).
/htbin default directory is stripped off -- /htbin feature is off unless there is an htbin rule in rule file defining the physical /htbin directory location.

2.13 on 4 November 93

/htbin support added.
Now also htadm in distribution.
Bug fixes:

Access authorization bypass when acting as a gateway.
Broken fail rule handling fixed.
Looks up nobody correctly, so setuid() should always succeed (and even if it fails doesn't die).

2.12 on 11 October 93

First release with access authorization.

2.06 on 7 June 93

Bug fix: Load error 500 returned as proper HTTP status, not as simple document.
WAIS gateway now caches source files again.
Bug fix: Daemon used to try to display graphics file locally on the server when the client couldn't display them! Cause of much confusion :-)

2.05

Big bug fix in local file directory handling .. didn't work in 2.04!

2.04 28 April 93

With the properly compiled libwww library, this daemon will operate as a WAIS, news etc gaetway if so configured.
WAIS gateway operation bug fix.

2.03-beta: unreleased

Bug fix: operation with no rule file didn't work as expected.

2.02-beta: 17 March 93

Misleading error trace removed.
Compiled on HP, SGI, Sun, DEC, NeXT and binaries available
Binary handling fixed in library.
Reference to missing HTDirRead.h removed.
Assumes that user can handle files of unknown format (application/binary).

2.00-alpha 15 Mar 93

Simple command line -- with no parameters, exports the /Public directory.
Multiformat handling -- see library changes for 2.0. Links to .multi filenames resolve to any file with same root, any recognised extension.

unrealeased 0.9b

Bug fix: If a PASS or FAIL line in the configuration file acted on a single document id (ie no wildcard) then it crashed the daemon. (HTRules.c, 17-Jun-92, TBL).

Sept 1991 v0.3

Bug fix: Plain text files were returned to be parsed as SGML, causing them to come out as garbage. (Mike Sendall)

August 1991 v 0.2

-R option now suppresses default rule file.
Rule file format changed completely. Now allows authorisation of specific paths only.

June 1991 version 0.1

-r and -R options for rules
Default address is now for Inet daemon working. (29 June)
-l option to log to a file.
-a option for address other than default

httpd@w3.org