There is one single thing that needs to be done when
changing over from httpd
2.14 to 2.15:
Rename your old /htbin scripts to end in .pp suffix!
General Notes
- Code tested under Purify -- all detected memory leaks and
bugs fixed.
- Forking code enhanced -- no longer crashes when running
standalone. Everybody should start running CERN
httpd standalone instead of from inetd
- Documentation redesigned, but still under construction
- Contains Solaris port, but not VMS
CGI/1.0, Common Gateway Interface
- CGI/1.0 interface fully implemented
- Old CERN httpd scripts will continue working if you rename
them to end with .pp suffix. Links referencing these scrips do
NOT need to be changed. (This feature does not add any overhead to
CGI/1.0 script calls.)
- New product cgiparse for CGI/1.0 scripts to parse QUERY_STRING
env.var and to read CONTENT_LENGTH characters from stdin
-
htimage
upgraded to CGI/1.0
- The whole server-environment is propagated to CGI script, except
for variables that are reserved for CGI/1.0.
- Scripts are spawned by doing a fork() and exec() instead of
system() -- more efficient and secure
Firewall Gateway Modifications
- Access authorization works thru firewalls
- So does POST, therefore forms also
- -disable/-enable command line options and Disable/Enable
configuration directives for dis/enabling HTTP methods. GET,
HEAD and POST are enabled by default.
- Fix: text/html and text/plain not passed multiply to
servers when running as gateway
- Fix: */*, image/* etc not expanded by the gateway
- Fix: try local search ONLY when accessing local files
Other New Features
- When started standalone in non-verbose mode automatically
disconnects from terminal session and goes background
- User-supported directories enabling URLs starting with
/~username
- Redirection
- Meta-information files to allow RFC-822-style headers to be
appended to server response header section
- New, common logfile format, localtime default,
GMT
as an option
- Ability to suppress logging for certain hosts/domains
according to given hostname template or IP number mask,
like
*.cern.ch
or 128.141.*.*
- -setuid option to set server uid to authenticated uid (local)
- Multilanguage support: same URL can be used to retrieve a
document in different languages
- AddLanguage, AddEncoding and AddType directives to
configuration file (AddType replaces Suffix)
- Better multiformat algorithm
- HostName directive to configuration file for servers that want to give
CGI/1.0 scripts a different hostname than the actual. Useful
if machine has many aliases, or if httpd fails to get the full
domainname.
- Exec rule obsoliting HTBin directive -- now multiple script
directories possible, with arbitrary mappings
- Get-Mask, Post-Mask and Put-Mask for protection setup
files. Get-Mask obsolites Mask-Group
- Groups All/Users and Anybody/Anyone/Anonymous automatically
defined. All means anybody that has been authenticated, and
Anybody is just anybody
- Server:
- Last-Modified:
- Content-Length:
- Content-Language:
- Content-Encoding:
- Scripts can output also Uri: and Expires: headers (this will
eventually be made more general)
- HEAD works, also with stupid scripts that also output the body
Enhancements, Fixes
- The final explicit Map to filesystem in configuration file no
longer required, because it was causing confusion
- Assume Basic authentication scheme even if not explicitly
mentioned in setup file
- Get client DNS hostname, for the logfile among other things
- Fail made the default when rules are translated to the end
without coming accross with a Pass, Exec or Fail rule (this is
to enhance security, it was too easy to forget the Fail * from
the end of config file)
- Made config (rule) file understand different ways of writing
keywords, e.g.: UserDir, userdir, User-Dir, user_dir,
UserDirectory and so on
- The eight misplaced server-side access authorization files
moved away from libwww
- Fix: directory indexing works with a trailing slash
- Fix: HTSimplify() might have behaved unexpectably on some
systems (called strcpy() with overlapping args)
Ari Luotonen - httpd@info.cern.ch - February 1994