Apache HTTP Server Version 1.3

Upgrading to 1.3 from 1.2

In order to assist folks upgrading we are now going to maintain a document describing information critical to existing Apache users. Note that it only lists differences between recent major releases, so for example, folks using Apache 1.1 or earlier will have to figure out what changed up to Apache 1.2 before this document can be considered relevant. Old users could look at the src/CHANGES file which tracks code changes.

These are intended to be brief notes, and you should be able to find more information in either the New Features document, or in the src/CHANGES file.

Compile-Time Configuration Changes

• The source code has been reorganized, which affects anyone with custom modules or modifications. But also, the Module directive has been changed to the AddModule directive.
• The Configuration variable EXTRA_LFLAGS has been renamed EXTRA_LDFLAGS.
• The -DMAXIMUM_DNS definition has been obsoleted by changes to mod_access enforcing double-reverse DNS lookups when necessary.
• The -DSERVER_SUBVERSION=\"string\" compile-time option has been replaced with the run-time API call ap_add_version_component(). Compile-time modification of the server identity by the configuration scripts is no longer supported.
• mod_dir has been split into two pieces mod_autoindex, and mod_dir.
• mod_browser has been replaced by mod_setenvif.
• IRIX systems with untrusted users who can write CGIs which execute as the same uid as httpd should consider using suexec, or adding -DUSE_FCNTL_SERIALIZED_ACCEPT to EXTRA_CFLAGS. This is slower, more information is available on the performance tuning page. There is a mild denial of service attack possible with the default config, but the default config is an order of magnitude faster.
• mod_auth_msql has been removed from the distribution.
• The new Apache Autoconf-style Interface (APACI) was added to the top-level to provide a real out-of-the-box build and installation procedure for the complete Apache package.

Run-Time Configuration Changes

• AuthName strings will need to be quoted in .htaccess or server configuration files if they contain blank characters (like spaces). For example, if you use an AuthName directive like this:

       AuthName This and That
      

  you will need to change it to

       AuthName "This and That"
      

  This change was made for consistency in the config language.
• As of Apache 1.3.1, methods listed in <Limit> directives must be uppercase. Method names, such as GET, POST, and PUT are defined as being case-sensitive. That is, a GET request is different from a get request. Prior to Apache 1.3.1, the <Limit> directive parser incorrectly treated both of these as being the same. Apache's built-in method limit processing currently only understands uppercase method names, so if you've used clauses such as "<Limit Get post>" in your configuration files, you need to correct them to use uppercase names.

  Unrecognised method names in the server configuration files will result in the server logging an error message and failing to start. In .htaccess files, unknown methods will cause the server to log an error to its error log and return an 'Internal Server Error' page to the client.

• The default Apache ServerRoot directory changed from the NCSA-compatible /usr/local/etc/httpd/ to /usr/local/apache/. This change covers only the default setting (and the documentation); it is of course possible to override it using the -d ServerRoot and -f httpd.conf switches when starting apache.
• Folks using HTTP/1.1-style virtual hosting will need to list the ip:port pairs that are supposed to have HTTP/1.1-style virtual hosting via the NameVirtualHost directive (one directive per pair). Previously this support was given implicitly on the "main server address". Now it has to be explicitly listed so as to avoid many problems that users had. Please see the Apache Virtual Host documentation for further details on configuration.
• The precedence of virtual hosts has been reversed (applies mainly to vhosts using HTTP/1.1 Host: headers, and the ServerPath directive). Now the earlier vhosts in the file have precedence over the later vhosts.
• HostnameLookups defaults to Off.
• REMOTE_HOST CGI variable changed. In Apache 1.2 and earlier, the REMOTE_HOST environment variable made available to CGI scripts was set to either the full DNS name of the client, or else to the client's IP address if the name was not known. This behaviour differed from that specified by the CGI specification, which defines this variable as being NULL if the name isn't known. In Apache 1.3, we have made this correction. REMOTE_ADDR always contains the client's IP address, but REMOTE_HOST is only defined when the server has been able to determine the client's DNS name.
• The undocumented mod_access syntax "allow user-agents" was removed. The replacement is the more general "allow from env".
• When using wildcards in pathnames (such as * and ?) they no longer match / (slash). That is, they more closely behave how a UNIX shell behaves. This affects <Directory> directives, for example.
• If no TransferLog directive is given then nothing will be logged. (Previously it would default to logs/access_log.)
• Apache now has configurable error logging levels, and the default eliminates some messages that earlier versions always generated.
• When booting, Apache will now detach itself from stdin, stdout, and stderr. stderr will not be detached until after the config files have been read so you will be able to see initial error messages. After that all errors are logged in the error_log. This makes it more convenient to start Apache via rsh, ssh, or crontabs.
• <Files> sections previously could take a full pathname, and were matched against the full pathnames. This had some inconsistancies, and was removed. To emulate this older behaviour use a <Files> section nested inside a <Directory> section.
• <Location> matching behaviour with respect to slashes has changed. See the <Location> documentation for more info.

Misc Changes

• ServerType inetd has been deprecated. It still exists, but bugs are unlikely to be fixed.
• httpd_monitor has been deprecated. The replacement is to use mod_status and make a request to a URL such as http://myhost/server-status?refresh=10.
• Apache now provides an effectively