Upgrading NCSA httpd httpd 1.2 -> httpd 1.3 httpd 1.3 is a maintenance release designed to fix some of the bugs which were introduced in httpd 1.2. Changes from httpd 1.2 Now compiles cleanly under A/UX and Solaris. Directory indexing bugs repaired, new options to suppress last modified, size, and description columns (thanks Tanmoy.) Wildcard based access control should work this time. Fixed core dump related to recursive parsed document include. Fixed bug by which httpd would not follow a symbolic link it should have. Fixed file typing (no longer case sensitive like in 1.2.) Parent directory escaped in indexes. IdentityCheck should work again. LAST_MODIFIED and #flastmod are now local zone. Time related functions work with NeXT now. Fixed spelling error in 500 error page. Server will log proper timeout message for non-DNS hosts. Added x-bit hack for people to use the x-bit of an HTML file to determine if it is parsed or not. Added compile defines so people can customize the amount of DNS the server performs (for speed). httpd 1.1 -> httpd 1.2 httpd 1.2 makes some significant changes over httpd 1.1. These changes make its "look and feel" a bit different than 1.1. New features The CGI interface is now revised to version 1.1. See the changes that were made. A new logfile format was agreed upon which should simplify the lives of the authors of logfile analyzers. Quickly, the format is: host rfc931 authuser [DD/Mon/YYYY:hh:mm:ss [+/-]HHMM] "request" status bytes Host = hostname rfc931 = RFC931 user name if IdentityCheck active, - if not. authuser = HTTP/1.0 authenticated user, - if none. DD/Mon/YYY:hh:mm:ss [+/-]HHMM: Local time of the request with timezone offset from GMT at end. "request" = the request as sent by the client status = the HTTP/1.0 status code from this transaction bytes = the count of the bytes sent in this transaction, not including the header. If not applicable, this will be a - character. CGI scripts are now allowed anywhere. See this tutorial on the new setup (and how it relates to the old setup), and how to disable this feature in places you don't want it. The server side includes interface has been completely rewritten. See this tutorial to learn how to convert your old INC SRV documents, and to learn how to take advantage of the new features. There is a new access control option to disable symbolic links only if the owner of the pointer is not the same as the owner of that which is pointed to. This means your users can have symbolic links to things they own, but not to dangerous things like /etc. A new access control method called mutual-failure has been added. This method is a bit unorthodox, but allows you to allow hosts from one domain while excluding certain hosts (such as public access machines) from that domain. Wildcard expressions are now allowed in various areas of server configuration, to allow patterns to be specified. This is most useful in the Directory directive. Directory indexing has been revamped. It looks much different, and I've written a short tutorial on how to set it up. Access Control Files now allow the indexing directives as well as the DefaultType directive. require user now allows quotes for PGP usernames with spaces. Server now explicitly kills CGI scripts when the client aborts. Server now verifies the DNS hostname it gets from the IP number to prevent PTR spoofs. Support for 304 and If-modified-since. Bug fixes All of the known bugs in 1.1 have now been fixed. Now it's time to find the ones I introduce with 1.2. Fixed problem running scripts in ServerMode inetd under IRIX. Fixed bad port problem under OSF/1. Inserted missing return statement for the IdentityCheck directive. Fixed problem whereby errors would stop being logged after a restart. Fixed 256 character limitation on CGI URLs. httpd 1.0 -> httpd 1.1 httpd 1.1 should plug right in if you already have httpd 1.0. Introduced experimental PEM/PGP based encrypted user authentication. See this overview to read about trying it out. Improved directory indexing. See the new directives in srm.conf to use it. Cleaned up error output and fixed horrible output when server-side include error occurred Fixed slight bug in buffering code Directory indexing for user-supported directories fixed Retrieval of user supported directory with no trailing slash issues redirect again Now supports RFC931 identd for logging purposes. See the IdentityCheck directive. stderr for scripts and server side includes now sent to error_log Fixed bug in NCSA POST script code which would cause Location: to be ignored for local files Removed misfeature wherein Location: url's were being escaped by the server Args to INC SRVURL escaped to avoid unpleasant surprises Location: /cgi-bin/foo?arg now works HEAD only for CGI scripts now ignores body put out by stupid scripts httpd 1.0a5 -> httpd1.0 httpd 1.0 is fairly similar to httpd 1.0a5. Changes which directly require configuration changes ScriptAlias now used for CGI scripts only, access your NCSA scripts with OldScriptAlias Fixed AddType directive The NCSA scripts are no longer included, CGI replacements are now included Other changes NCSA POST scripts now have REMOTE_HOST set Added AddEncoding directive to srm.conf and .htaccess error_log now logs all failed accesses and the reason for failure Time headers are now RFC822 compliant You can now alias or disable user-supported directories Added a require directive to allow you to allow any valid user I/O is now buffered into chunks for speed Redirect no longer supported from .htaccess files. Added -v and -f command line flags httpd@ncsa.uiuc.edu