CERN httpd 2.17beta Release Notes

General New Features

PUT and POST can be configured to be handled by external CGI scripts; PUT-Script and POST-Script directives
BodyTimeOut for timing out scripts waiting for input that never comes from clients
IdentityCheck directive to turn on RFC931 remote login name checking
REMOTE_IDENT for CGI giving remote login name; this was the only feature missing to be fully CGI/1.0 compiant
CGI/1.1 upgrade:
- all the headers without a special meaning to CGI from CGI scripts get passed to the client
- Status: header to specify the HTTP status code and message for client when not using NPH scripts
- all HTTP request header lines which are not otherwise available to the scripts get passed as HTTP_XXX_YYY environment variables
Understands conditional GET request with If-Modified-Since header
kill -HUP causes httpd to re-read its configuration file
PidFile directive for specifying the file to write the process id [makes it easy to send the HUP signal
ServerRoot directive to specify a "home directory" for httpd
Directory listings with icons; by default icons are in icons subdirectory under ServerRoot
The precompiled binaries are distributed in a tar packet that contains a set of default icons; the easiest way to configure the icons is to just set the ServerRoot to point to the binary distribution directory [its name is cern_httpd]
Welcome directive to specify the name of the overview page of the directory; default values are Welcome.html, welcome.html and, for compatibility with NCSA server, index.html. Use of Welcome directive will override all the defaults.
AlwaysWelcome directive to configure if /directory and /directory/ are to be taken to mean the same thing, or should only /directory/ be mapped to the overview page and /directory produce the directory listing.
/~user causes an automatic redirection to /~user/
Now gives also the Date: header.
Port directive to config file specifying the port number to listen to.

Access Authorization Enhancements / Proxy Protections

Now also domain name templates, like *.cern.ch, can be used in specifying allowed hosts, not only IP number masks
ACLOverRide directive to allow ACLs to override the Masks set in the protection setup [without this feature ACLs cannot allow anything more than what the Masks allow, only restrict access further]. This directive disables Mask checking if an ACL file is present.
Since setting up protection seemed to be unnecessarily hard, it is now possible to give the protection setup in the main configuration file instead of having to use a different file; it is still ok to use a different file.
- Protection directive defines a protection setup and associates a name with it:
```
	Protection  prot-name  {
		AuthType    Basic
		ServerId    Test-Server
		PasswdFile  /where/ever/passwd
		GroupFile   /where/ever/group
		UserId      someuser
		GroupId     somegroup
		GET-Mask    list, of, users, and, groups
		POST-Mask   list, of, users, and, groups
		PUT-Mask    list, of, users, and, groups
	}
```
  The content between the curly braces is the same as used to go the the protection setup file. What's new is the possibility to specify the UserId and GroupId for the clild process when serving the request in protected mode. This is not possible with external files for security reasons [it is not possible inside the external file, but it is not possible if the ids are set when calling that file; see doc for more details].
- A single Mask directive for cases when GET-Mask, POST-Mask and PUT-Mask are the same.
- In Protect rule the prot-name is specified instead of the file name; what's more is that Protect can now be used to protect also proxied URLs:
```
		Protect http:*   prot-name
		Protect ftp:*    prot-name
		Protect gopher:* prot-name
```

Enhancements, Fixes

Incorporated Ian Dunkin's <imd1707@ggr.co.uk> SOCKS modifications (thank you, Ian!); read the README-SOCKS file in the source code distribution for more information.
SIGPIPE causes a normal child to exit; proxy child will correctly stop writing to client socket but still writes to cache file [previously just kept on writing to the socket, too]
401, 402, 403, 404 errors don't go to error log anymore
error log contains now the host name and request
no longer sends Content-Transfer-Encoding, we agreed upon using Content-Encoding for compression
fixed funny panic message from format module in verbose mode even though everything was ok [only aesthetic]
now gives again "not authorized" rather than not found if trying to access a protected but nonexistant file; this way even filenames don't leak

all time specifications in configuration file have more readable forms:

        1 year
        2 months
        3 weeks 2 days
        5 days 20 hours 30 mins 2 secs
        20:30
        20:30:01
        2 weeks 20:30

Case-sense bug with LogTime, LogFormat, DirAccess and DirReadme fixed; now paramters really are handled in a case-insensitive manner.

Proxy Additions, Fixes

Proxy protections, see above
Made proxy do smart guesses about the content of an unknown file while retrieving from the remote; this will end the problems of some files not being transferred to WinMosaic or Lynx. IMPORTANT: Everybody, remove the rule [if you have it]:
```
        AddType  *.*  text/plain
```
because it would disable this smart feature.
Fixed a bug with unknown binary gopher files being truncated
Fixed the bug with trailing slashes in ftp directory listings
Fixed the bug with requests not being URL-encoded when forwarding the request
Fixed a bug with filenames in directory listings not being URL-encoded
Fixed stupid "mail-us" situation in certain situations when ftp load fails

Proxy Caching

Cache is refreshed using the conditional GET method [use of If-Modified-Since header]
Standalone cache mode with CacheNoConnect directive [causes an error rather than document fetch when the document is not in the cache]
Possibility to disable garbage collection altogether
Possibility to disable expiry checking
Caching Off to explicitly turn off caching even if there are other caching directives specified
-gc_only command line option to do garbage collection as a cron job for sites that run httpd as a proxy from inetd. However, since httpd now re-reads its configuration files when it receives a HUP signal, it makes standalone operation now even more easy, and inetd should no longer be much more convenient.
Host names are converted to all-lower-case to avoid doing multiple caching for a single site.
Files expiring immediately never get written to the cache; not even part of it.
By default HTTP-retrieved documents without an Expires: and Last-Modified: field never get cached [because they are usually generated by scripts and should never be cached]; therefore I strongly advice against the use of CacheDefaultExpiry for HTTP.

Caching control directives have changed to take a URL template as a first argument, and a more readable time format:

        CacheDefaultExpiry  ftp:*     2 weeks 4 days
        CacheDefaultExpiry  gopher:*  6 days
        CacheUnused         http:*    1 month
        CacheUnused         ftp:*     2 weeks
        CacheUnused         gopher:*  1 week 5 days 2 hours 1 min 30 secs

Made the expiry date approximation configurable; by default documents with Last-Modified: but without Expires: expire after 10% of the time that they have been unmodified. CacheLastModifiedfactor can be used to change this value, or turn this feature Off. Default value is 0.1 [=10%].
Understands yet another date format:
```
        Thu, 10 Feb 1994 22:23:32 GMT
```
This date format is not conforming to the spec, so use of it is discouraged! This is only to make the proxy more robust.
NoCaching directive to prevent certain URLs from being cached at all.
Time margin to get rid of problems with machine clocks having inaccurate times and confusing caching.
GcDailyGc to specify a daily garbage collection time, by default 3:00. [Can be turned Off, too.]
Now possible to disable GcReqInterval and GcTimeInterval [by default disabled].
Expired cache lock files get removed also during gc.
CacheAccessLog to specify a different log file for cache accesses; also possible to make a separate log for each remote host.

cgiutils

A new product cgiutils for producing HTTP1 replies from CGI scripts, and for easily generating the Expires: header given the time to live, e.g. "2 weeks 4 hours 30 mins".

Ari Luotonen - Henrik Frystyk - httpd@info.cern.ch - April 1994