CERN httpd 2.15beta released

Ari Luotonen (
Tue, 15 Feb 1994 12:28:45 --100

CERN httpd 2.15beta is out:

This package includes EVERYTHING, so don't ftp the libwww. Also,
DO NOT use the libwww that comes with it for anything else, libwww 2.15
is NOT officially released.

Precompiled binaries exist for:


For other platforms I'm happy to receive diffs. This release is
mainly for CGI/1.0 and proxy gatewaying, but a lot of other new
features have been included (that's why I still call it beta).


There is one single thing that needs to be done when changing over
from httpd 2.14 to 2.15:

Rename your old /htbin scripts to end in .pp suffix!

General Notes

* Code tested under Purify -- all detected memory leaks and
revealed bugs fixed.
* Forking code enhanced -- no longer crashes when running
* Documentation redesigned, but still under construction:

* Contains Solaris port!! (but not VMS :-( )

CGI/1.0, Common Gateway Interface

* CGI/1.0 interface fully implemented
* Old CERN httpd scripts will continue working if you rename them
to end with .pp suffix. Links referencing these scrips do NOT
need to be changed. (This feature does not add any overhead to
CGI/1.0 script calls.)
* New product cgiparse for CGI/1.0 scripts to parse QUERY_STRING
env.var and to read CONTENT_LENGTH characters from stdin
* htimage upgraded to CGI/1.0
* The whole server-environment is propagated to CGI script, except
for variables that are reserved for CGI/1.0.
* Scripts are spawned by doing a fork() and exec() instead of
system() -- more efficient and secure

Firewall Gateway Modifications

* Access authorization works thru firewalls
* So does POST, therefore forms also
* -disable/-enable command line options and Disable/Enable
configuration directives for dis/enabling HTTP methods. GET, HEAD
and POST are enabled by default.
* Fix: text/html and text/plain not passed multiply to servers when
running as gateway
* Fix: */*, image/* etc not expanded by the gateway
* Fix: try local search ONLY when accessing local files
* Known bug remaining: big binary files fail to transfer

Other New Features

* When started standalone in non-verbose mode automatically
disconnects from terminal session and goes background
* User-supported directories enabling URLs starting with /~username
* Redirection
* Meta-information files to allow RFC-822-style headers to be
appended to server response header section
* New, common logfile format, localtime default, GMT as an option
* Ability to suppress logging for certain hosts/domains according to
given hostname template or IP number mask, like * or
* -setuid option to set server uid to authenticated uid (local)
* Multilanguage support: same URL can be used to retrieve a document
in different languages
* AddLanguage, AddEncoding and AddType directives to configuration
file (AddType replaces Suffix -- suffix still understood)
* Better multiformat algorithm
* HostName directive to config file for servers that want to give
CGI/1.0 scripts a different hostname than the actual. Useful if
machine has many aliases, or if httpd fails to get the full
* Exec rule obsoliting HTBin directive -- now multiple script
directories possible, with arbitrary mappings
* Get-Mask, Post-Mask and Put-Mask for protection setup files.
Get-Mask obsolites Mask-Group -- Mask-Group still understood
* Groups All/Users and Anybody/Anyone/Anonymous automatically
defined. All means anybody that has been authenticated, and
Anybody is just anybody
* Server:
* Last-Modified:
* Content-Length:
* Content-Language:
* Content-Encoding:
* Scripts can output also Uri: and Expires: headers (this will
eventually be made more general)
* HEAD works, also with stupid scripts that also output the body

Enhancements, Fixes

* The final explicit Map to filesystem in configuration file no
longer required, because it was causing confusion
* Assume Basic authentication scheme even if not explicitly
mentioned in setup file
* Get client DNS hostname, for the logfile among other things
* Fail made the default when rules are translated to the end without
coming accross with a Pass, Exec or Fail rule (this is to enhance
security, it was too easy to forget the Fail * from the end of
config file)
* Made config (rule) file understand different ways of writing
keywords, e.g.: UserDir, userdir, User-Dir, user_dir,
UserDirectory and so on
* The eight misplaced server-side access authorization files moved
away from libwww
* Fix: directory indexing works with a trailing slash
* Fix: HTSimplify() called strcpy() with overlapping args

Ari Luotonen		 |
World-Wide Web Project	 |
CERN			 | phone: +41 22 767 8583
CH - 1211 Geneve 23	 | email: