You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by je...@apache.org on 2001/11/21 08:16:36 UTC
cvs commit: httpd-site/xdocs/info/css-security apache_1.3.11_css_patch.txt apache_specific.html encoding_examples.html index.html
jerenkrantz 01/11/20 23:16:36
Added: xdocs/dev/dist .htaccess HEADER.html KEYS README.html
xdocs/dev/private .cvsignore bugdb-todo.txt
xdocs/dev/private/test works
xdocs/info aol-http.html apache_books.html apache_nt.html
apache_on_linux.html apache_users.html
how-to-mirror.html in_the_news.xml
in_the_news_1997.html in_the_news_1999.html
index.xml jdk-102.html known_bugs.html
security_bulletin_1.2.5.html support.cgi
supportdb.txt three-config-files.html
xdocs/info/css-security apache_1.3.11_css_patch.txt
apache_specific.html encoding_examples.html
index.html
Log:
Add the dev and info directories (missed them on my last commit).
I'm going to use cvs import for the docs dir. =) I swear.
Revision Changes Path
1.1 httpd-site/xdocs/dev/dist/.htaccess
Index: .htaccess
===================================================================
IndexIgnore /.htaccess /. /..
AddIcon /icons/quill.gif .md5 .asc KEYS
AddDescription "PGP signature" *.asc
AddDescription "MD5 hash" *.md5
AddDescription "PGP keyring" KEYS
AddDescription "PKZIP w/dos cr/lf lines" *.zip
AddType application/pgp-signature .asc
1.1 httpd-site/xdocs/dev/dist/HEADER.html
Index: HEADER.html
===================================================================
<H1 ALIGN="CENTER">UNDER DEVELOPMENT</H1>
<H2>Sources and binaries in this directory are experimental.</H2>
<P>Please do not use them unless you are prepared for the consequences</P>
<P>If you are looking for the most recently released distributions, go to
<A HREF="http://httpd.apache.org/dist/">http://httpd.apache.org/dist/</A></P>
1.1 httpd-site/xdocs/dev/dist/KEYS
Index: KEYS
===================================================================
This file contains the PGP keys of various Apache developers.
Please don't use them for email unless you have to. Their main
purpose is code signing.
Apache users: pgp < KEYS
Apache developers: pgp -kxa <your name> and append it to this file.
Type Bits/KeyID Date User ID
pub 1024/2719AF35 1995/05/13 Ben Laurie <be...@algroup.co.uk>
Ben Laurie <be...@gonzo.ben.algroup.co.uk>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAi+0jQEAAAEEAK7oX0FeNncaHfa1v+V7SMUviAm8qB8orWG0zvja4ZtSrHVg
/PMwppUh44t5ERA9lltRBdHu30+YSh8a1dYt1XOD83nknzj9rhtpFAPqyywlLVhN
VY3PVLyMbULw27aEAGc+StFqrDoUQ0+j9QU/YH/IyVN9rBaJyhsIDEUnGa81AAUR
tB5CZW4gTGF1cmllIDxiZW5AYWxncm91cC5jby51az6JARUDBRAyb2Doc3AsNzyk
Yh0BARa6CACUBnsP9Vb+T/PvNYKVQBIODz+90tz5GozWwCVfPVSaRd8Dz+oF1sFs
YCz/KuxqBhL5PkiCuSMfOVlPA5nirjoktMF/af5saZqhPr5rvr67Z1OzZnVDvWe4
DhFrn8EoLrY5YNJhUwfINnZqyKaQu8TW6p4caLkTCW0KM+4ztTe74xRG9NeE+K0+
0RMpAF3jEY36LGRjq6miazt2bVZQDTl6CuWE+gAaFlX2ojV7e1xdxVvpBIEc34MP
g9ORJ0evx1QilMt1VyGcS/pe4IQgjdJqjU/4fzqFZkT2nntQMbV9kQyNe2+qfqP7
giTryIanmBAfd3oOCTsRz2VKPfdhCqCRiQB1AwUQMRdzEEyr2GZv4ALJAQEuhAL6
A8I84BR+87uNAHD0ZJkTM73WdyMEGvAKBvrZK/g0VLYj0NtgkSuRJfrXnGkuh27I
ZrjfL952Q/mXgMtHhJHJ9YfenGFWSEDHnolNzKOzTQJpE01IZ3nWv7ezA9N1LZVC
iQCVAgUQMROrdRsIDEUnGa81AQEUNgQAlvyjt534RDQd2AYGoZriaFzjaL7dTCRH
4b1zxuWBNWf3pI4W0iwU02Q5rEWEmY5DLl6/ie+vcQKOWSqXVgnM/s6EARdKEN56
d6PzkwszgfEybDYrcAxReJcTCcV8ItJer/iqpBLgtaxyUpI77NvKcDGHp6BgYpnv
1lNkH0FISK+JAJUDBRAwtzlWdGx7qH+PTVkBARFWA/99NTCMihlOZS7LmHDVic/q
H1K1DVdMcv0iL39+7Pq4+AA/ET8dWIgcjaIreSqAZTpjwU1pMPaWgecDD1rEMCYX
R+JoofLJ24BLcSlpXJ/gWMifYNxqdDeMRkw/aW/kaXQJWIz+oDYNuOyi5VvB6faF
6Lm7P5cw1mX0I5rYc3woh7QoQmVuIExhdXJpZSA8YmVuQGdvbnpvLmJlbi5hbGdy
b3VwLmNvLnVrPokAlQIFEDEXgCUbCAxFJxmvNQEBiL8D/3MLjfHGvuByqP1VFQrF
QeMNd2aIQuC7ys3lkDvrLkkPJQANua0/MdDaZk6F5pCGcTmmmaJOjcOcCheD7FU5
w9zxkQGR3Swr3opFHSr/CkEl83jRy3oq1MFydWoGajQjIr/c23X8zr+XntPyO6VX
q5He4RrTiXeAEFBzz+J+R+EQ
=zh1u
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024/A99F75DD 1997/01/24 Rodent of Unusual Size <Ke...@Golux.Com>
Rodent of Unusual Size <co...@Apache.Org>
Rodent of Unusual Size <Co...@Raleigh.IBM.Com>
Rodent of Unusual Size <Co...@DECUS.Org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a
mQCNAzLpIyUAAAEEAN9KC8CxTeozPYJjsnhFpJ14d4Hhf2M6OTgqPQFRHOswM/3j
B7IW0s+HwVyQ5/SjIlo+8ur9X7yaj1FS2GQmKD1x9LKeHRAoosBIs33okRtoeDRy
ufTaTyQTwLklxClWm3JEef4xZioun1mtWbpz0yVEOCSZcRvtnJrNPMCpn3XdAAUR
tCtSb2RlbnQgb2YgVW51c3VhbCBTaXplIDxLZW4uQ29hckBHb2x1eC5Db20+iQCV
AwUQNiiZ2JrNPMCpn3XdAQGlgwP+JLlZvNV/fJ2azKIwjibDa4n2LUDxa7ofKboU
QL+D7FD24zQcmzmkBQm/BL/FSUtxZasJkvdVbU98N3G4h3C4AyErfQOFcrepyGAB
M88onQ1DbQ6tiUA3gw9gIB+2l1C5R8wBOtlwoRJM4GFvjjtRp+KaQqvN3f+lLMMt
hKYB70m0KFJvZGVudCBvZiBVbnVzdWFsIFNpemUgPGNvYXJAQXBhY2hlLk9yZz6J
AJUDBRA2KJmIms08wKmfdd0BAT3yBADEDHAn++77n7bLA/u9QYM2LBQHnXdw5Is8
YGHpHcNZVDA8CtRTOdub8rhe9qgsid/jEry0hT9Sygfx/ry5ntjmF12ltnxBDPdZ
uU2DaHaIh/zBUAv0hyaQeAXEYiV9J75GrDkTj5Jrrnd623uyIRoMZPKYb+oqsZ4H
jIe/w+CDfrQtUm9kZW50IG9mIFVudXN1YWwgU2l6ZSA8Q29hckBSYWxlaWdoLklC
TS5Db20+iQCVAwUQNiiiaZrNPMCpn3XdAQFnMwP/cX21KHwg6ID7NoGzEKxsfZE/
dEgRGHFp5T6vznI9fO9WZZ2HmISWjEjri5zAAmXvQG2nWEYFVcF1oWph/ndLgLws
PfIsZiPXpj1LD7oon5PEXvJlkFfpHDqiG4xOORbbGWBcv1sqkx6djkpfyXLoMD36
5YazFuKurHpWPwAQRJK0J1JvZGVudCBvZiBVbnVzdWFsIFNpemUgPENvYXJAREVD
VVMuT3JnPg==
=kWdi
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 768/A0BB71C1 1997/06/03 Jim Jagielski <ji...@jaguNET.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3
mQBtAzOUkNMAAAEDANZdTUJQPwrFI9526Qf+DEWL8dXgfhWW8o6CzewdcCoHYEpu
9CiOMD3f9bgo1VozOPceGzCu/9FF2hMLUvVsTAZkzC3rre5TtPo/vOf5HJ+ac9M7
aqxW+gRu2/90oLtxwQAFEbQfSmltIEphZ2llbHNraSA8amltQGphZ3VORVQuY29t
PokAdQMFEDOUkNRu2/90oLtxwQEB8iEC/i9Qo55TlT8bRpcqeM3lzNDqzU9cqKRf
9X8pGJIVE5m2JPm99qPLs8RPeepLChi8ZZ+2hSfb7ldQhvVLgNqQqLpsjGtJjJOU
C+MrKDeSk2WAicg6Uo0FWCsEHxrssw139A==
=pwim
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
sec 1024 0x08C975E5 1999-04-14 ---------- DSS Sign & Encrypt
sub 2048 0x4CCDB430 1999-04-14 ---------- Diffie-Hellman
uid Jim Jagielski <ji...@apache.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.5.3i
mQGiBDcUl9QRBADl5tF8kOD0uddlnl9qsaG70/hwujGTsSXATnqoLseTsWORoVXf
oBklokEAGmT2+Cl8XIXZ31Wh+GaJ3CTbEv8Ok1vapOt+ltPgOKzZEB4uP25EbhC2
LWf+lUoafcd2Xi0KBV4fqXqEEuDGP1TAdZ6k7NVqgpjvbJ5TdqL0LrWOOwCg/0b4
+/p/avQr+uZRU2rdmYu/b/0D/2LnjcEqUjsslh2e9m0OgAu+gnYAmQH6Dbnp+iKl
jffWPChwIMFZd/7FnGOzYDzoqnzTFyA4VE5PHWL61V2lpHJWB21K9D6rbEcx0iYB
AHHxZQEmxSBU6PmGnbF+2P7vC0Jz9gZ5dCbjtGboYxd00/XQlZwCs8jHueTpSfx9
n7dYBACFpW+v2pSlG0ReiS6Ult3gaGWiw81D0nFVvCp5BlxgQDymyF1MS6FbCj/g
FGILosMhlsIHTFaC0DD0LSXyN1rm0ykPvi+vULIlKNJwW7fCi+33j1Azx+zfMNeO
T5vqAfF6cvsZ6qPb9CcYvU4jEKvkovA1U3jMFehqcGkTV5sfvbQeSmltIEphZ2ll
bHNraSA8amltQGFwYWNoZS5vcmc+iQBLBBARAgALBQI3FJfUBAsDAgEACgkQizpg
HwjJdeU/8ACg3mtYerA7QN/8Okp2IgGr+ge4yKgAn09RX5UR8DyZ1/Q8OFasE6T6
Tg2UuQINBDcUl9UQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoBp1aj
FOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZ
zf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI
/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjT
NP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AK
UJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCACEhzcRGEc3y3/4YNaG
89FmtIRpFU5zoaZxxDrmUiS1HdhqFykv8ozaTyjfImCuhq8i6DG15oGudxPma7Ey
sCcA/qmQEBVrXFK2DYTFW3UnPyqiE822plo0d45u1csKzPvGpHYVGC4HOEKCghRy
/54nH0fsKV3VSlIXAhRG3LIstzAtslrSYELW1Lov53GK+YZpRDJTbLAxjIYB8kEY
hiQYzHm/cbBeRpjG9BpoBQh54dNOj22CU8HC4KvZSnDcLAzmDyrQFXFfffvJtQ7+
HH2iIWKMFOjpRHh2ZK6uhJb03Yo/v+admKs1HSEFdV5VJUCkqymhKT0OiWnXmNHq
QUfliQBGBBgRAgAGBQI3FJfVAAoJEIs6YB8IyXXlME4AniogMeV3YLNf6C1Y2+k8
F3rt0S/OAKDHF+wfxLDzCxsoQbwesIUAKgb7Hg==
=mrXV
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 2048/DD919C31 1996/12/24 sameer@c2.net
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQENAzK/QZIAAAEIALrsEjuGlt6wkHy8fx2wPSkH7paAqJHDCbO1W/GMVs41BsH1
xpyBi9lOtUXHsDC8Obx/TES4/xVPSsFKPQLa9Q/OsxjXmEPBvQ5PZdOXJ5zmRMI1
1cfUp2s8w6i+IS68IWRKdPMshGWFGar1YUPM1UpVME7U+uGD3wgdC4DrVJHzS5Eh
gEDyQ9FPb+8CpsRO3AvUPzsZGG8Iy/9GiLzmaJG34zZ5fv5X7sr89xiWJ21ehk+X
ePO9kvq+nzfOCCK6a3GZD4g3KJX/Pm3oKeaXeL8WSCCPzpNbtRJk3ofeN7Zm1K0L
yChPiyui+OO063/WASv52bxUIlmzbX82a92RnDEABRG0DXNhbWVlckBjMi5uZXSJ
ARUDBRAyv0GTbX82a92RnDEBAfqVB/9GSzADIVqY0faFOLN6+E3qqg3hPRLBvjgC
5cvTlwT7W64zI+aiSZuN+xAXq+3lnKtmzn45F3hD7gBxRPJbSKsObn2zU4UcqW/o
qoiYEnO9EhoBomwPUbVy8C00CWvDLfeF4L5r+2oXgilTsCojSaWJX0QoPCwRQao1
YwZ6CqAA78vdbBNkmA0WrPsVqwd3ijgFapcX671AqiT+pDbvK646I6uGPXJzN3ZU
vFuDim9D2uNk9CfvPhKGscr4qqP40TnNn5fjSsmrFyFxYsdwo7I4TFpnsEPOw226
GU+TR7zdwnByP72AxPEBJ/F22LwNyreuph+fRpWCnCf+9gVW9Heh
=jS5Z
-----END PGP PUBLIC KEY BLOCK-----
===========================
Rob Hartill <ro...@imdb.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzG6VfMAAAEEAOvtvphFG/D02vGLENBl5OVPgEJgP9E1xhUgKTZnJstv30kD
h1IqeIBkEAy5bpKapCbvvxukyQErhB0efTi2v5yTAlz5pVjgWM5Sa8CyTXJmXPHH
EuOfy1DqaiQSmZ6KWX0ygw3gKDZMiNMf06UURLLYtRlGKSYY3WVj2u2UCmS9AAUR
tB5Sb2JlcnQgSGFydGlsbCA8cm9iaEBpbWRiLmNvbT6JAJUDBRAx5eIAZWPa7ZQK
ZL0BAU2XBACXfopMzC8kW3KEqq+N9W9fkGNgy//8XqQ77FmfPQPbO4X7Zn3cyO46
MxvPP+92zSyN3dyj/xWZYoRLwll+ync9d4KUFwKw45DALAvz1CKHMOpQPD7dIWdE
9poJQrcbKeOqLcGZTu/hY90gWBUZ++9umR8X8lyh/WEgcUolfgYHew==
=upYh
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024/631B5749 1996/06/21 Randy Terbush <ra...@zyzzyva.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3
mQCNAzHLBS8AAAEEANGFXb9o0NPVfVjSLvQh1j3fN6cMeVNA5BGUJ6HZGP/NDxTE
i8hwejJqakkU4ux/g6Kqckrx3h8WR7OXZZ+R8CsA0bg9Sr42ndEQCUISgArg+lXZ
gRUniARPPA7tamTSq8v1mnxqy9s26Ht2rAG2D6IiK/7v0JlezKirDeBjG1dJAAUR
tCFSYW5keSBUZXJidXNoIDxyYW5keUB6eXp6eXZhLmNvbT6JAJUDBRAxywUwqKsN
4GMbV0kBAegnA/sH63WyfwMFmn3nWe8T/5IXO/QkMYoMGLS1i7IxMY9O8BVvKQM+
oxEcJdFAG7zPZkpgKzTBxmExz5hMZ9hwJ42XhrslWoP7JVvADJcdthrUAYW9W+jx
GcDYAW3qW5DpKsQchfvXq9QOBDxP+Kbbe2B8xGEyGUhLkacISFTrIhhQSg==
=8P8s
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024/49A563D9 1997/02/24 Mark Cox <ma...@awe.com>
Mark Cox <mc...@c2.net>
Mark Cox <ma...@ukweb.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzMRY/IAAAEEAOloTOU0f4w7FDRMM6kA/6XazXxJ/HH8dsmb6E7RuYfVlXsd
kCwxUBOkyW+AYhkHbYUwnB5qBoFUyLrbLGuwKHW1KnAwgbeZLTH5nqQLpA0RLGVZ
v3tzImKUdyyxBphZWC4IeEgUbl9cc+piOsEJ8QzF7gnqwWo/Ku6tTP1JpWPZAAUR
tBdNYXJrIENveCA8bWFya0Bhd2UuY29tPokAlQMFEDQvYTHurUz9SaVj2QEB/hMD
/ix6pAa+4ZgFQNRAc7fC+I4uGWvXoI8N8wtgiJi//8Kc1vjtvTylLPKVBDsy1ihs
bVOjD3NUEkH95TNI3QhVeCwJPl2e3GgFl253hj8Jai9snHj75pXjQXq0NxQ/JRSr
EAqrFM7+yRLPs7zDwsMoc2Ox5emq4joVa3syZUEwW7LxtBZNYXJrIENveCA8bWNv
eEBjMi5uZXQ+iQCVAwUQNHKlBO6tTP1JpWPZAQEA8QP9HSjVMLohfOVO0tHcLRDB
eDfnRnBxgTeF7P2u8qB+eOeLqBzHNmE/gROWuZXOpkxeCqT0GG3oXqmSEmVOtDsJ
K92sKvtTdJOAGq95UQI3t1Ix6iNHkVJfo11RkJyU2iL6XFR1953nS33xKGdbU6v7
5KVCu3JTe1kDEDOyMVDdRmW0GU1hcmsgQ294IDxtYXJrQHVrd2ViLmNvbT6JAJUD
BRAzEWPy7q1M/UmlY9kBAfN5A/43SdANs/NZ6ouyxAvKEWSPDnNkHI3rSPynbn7o
kSrtFeCQ3Vwe0B0fkszBEAZ9zbnx/s/1LKnriUfyzhdZhJfkZfxgDwy6s6smagYW
smz/LFaeDzG3Ej20VSe6ghseqcPscJL06PUg13LJC4LFlgYcCDEeGl81Nm37fe0x
IUhlNA==
=k8vP
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024/2F90A69D 1997/02/24 Paul Sutton <pa...@ukweb.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzMRsB0AAAEEAKj2XYYEGcZhT69x4gskQ3xz+KMTLn7gKSqqcyyeinJ0ZjLl
6AJjb1/68nGsF+IIY+IJS+5smq8do1qpC3UZcmw423Sg8F71GeqDO4HZXOAOieVy
rpVs6S5TaXlJOcrC7zZCx+iql97+xJFjUGkkS7j/jIkx1AajzMNkSr0vkKadAAUR
tBxQYXVsIFN1dHRvbiA8cGF1bEB1a3dlYi5jb20+iQCVAwUQMxGwHcNkSr0vkKad
AQGrigP9F43zbiOigYel+JCMiB0HK/UdqSrf3xWxHIKWKNhQNjhnyeF+jKQwFld6
7KQYsqZIpHsWLWmSk0AmKQOUIw+DxclDxBL2dT4p+CjgTgIAcbvPpahWkBAw/E+c
EGTiYbe+Y3sHJhhP+d0TOLmsETG9tpi7gFZ6FfNcWPxFMdxGrf4=
=0jQW
-----END PGP PUBLIC KEY BLOCK-----
Type bits/keyID Date User ID
pub 1024/BA20321D 1997/06/05 Chuck Murcko <ch...@topsail.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzOW7moAAAEEAMYZlNOxWCjLR/PosadbG+xsrB2unid2LiYoakTFiDIBaZjx
bu6hNmVZPYfKOXQcqrCu0EY3uVLP/L89bST5pfIZOzz8GTm33zrETgfzpXYyFdbX
eZ5vc6aa3+7zmI7h/aU567P9ruB2C/RBLl1A59wmPRRVvjEIAkI4bAO6IDIdAAUR
tCBDaHVjayBNdXJja28gPGNodWNrQHRvcHNhaWwub3JnPg==
=vUdL
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024/26BB437D 1997/04/28 Ralf S. Engelschall <rs...@engelschall.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzNko/QAAAEEANZ2kpN/oMkz4tqzxvKPZws/XwsD0Y+E5/y7P2DIw4uHS/4N
syQbgkdrZhPBlXDv68DQioHXWsb904qyr7iZB1LC5ItK9MgqlK+Z2mvPqsGbHM8J
+oYib8kf2zJ6HvrYrP7NYB0tN9YYum2ICtx+hIi6aKGXdB1ATA5erwYmu0N9AAUR
tClSYWxmIFMuIEVuZ2Vsc2NoYWxsIDxyc2VAZW5nZWxzY2hhbGwuY29tPokAlQMF
EDNko/QOXq8GJrtDfQEBKVoD/2K/+4pcwhxok+FkuLwC5Pnuh/1oeOYHiKYwx0Z3
p09RLvDtNldr6VD+aL9JltxdPTARzZ8M50UqoF9jMr25GifheFYhilww41OVZA3e
cLXlLgda1+t0vWs3Eg/i2b0arQQDaIq7PeRdjdEDgwnG4xBaqaAqfgxwOXJ+LPWF
hiXZ
=K7lL
-----END PGP PUBLIC KEY BLOCK-----
Type bits/keyID Date User ID
pub 1024/45B91DF1 1996/03/02 Doug MacEachern <do...@osf.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzE4lesAAAEEAKJYS1vL2iB3owwiZdCxp3JyvSNaC7h1p2jQXcJvY10gqyZm
VffDwFoSvJM1JdCx3o1mb3JpZ2OTV4SrDDkzcSpTXelgyh7k9O3HB7oG6pHTML9g
Dq9ZKydShMIvIJos7KuLWoM/eeeejtkv7r/gWsGHAyKbT8fs3r7nlmxFuR3xAAUX
tB9Eb3VnIE1hY0VhY2hlcm4gPGRvdWdtQG9zZi5vcmc+
=yaR9
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1023/163751F5 1997/08/18 Dean Gaudet <dg...@arctic.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a
mQCNAzP30QgAAAED/1k8hPKsJj8Il/TfhP1JIRGwnXuzfQ/etv+MZJMzeNeKa8OX
Kw0d4e1S/KdJ+AZwWQp3ZMDoX2ghZ79X4DDDLEAc/Fmy0Gg8t89CP+xJk7b4EHjk
F7HX69BRJp3On4aRTXRND3WviqEmn5ppzbBkTenF9WWudLRbqrc4NnoWN1H1AAUR
tCBEZWFuIEdhdWRldCA8ZGdhdWRldEBhcmN0aWMub3JnPokAlQMFEDP30Qm3ODZ6
FjdR9QEB9VQD/0+zumFj1zzYZ1+bS9Az36gijDUb8rlEVf/lBShx4VEvha8fsRRy
vkwnmJyupYvGtrSIYAwB0VK+GZPZa7XfZvUCM83AZY9vGpE0LwW2Vcz9kWZdJ0t+
B7zJElmBUrmj9aW6ICmSNbOBwVo1Y7hg6lPSFFMOOECFpT1WuTXXYpNA
=KWcF
-----END PGP PUBLIC KEY BLOCK-----
Type bits keyID Date User ID
RSA 1024 0xEE65E321 1998/10/22 Martin Kraemer <ma...@apache.org>
sig 0xEE65E321 Martin Kraemer <ma...@apache.org>
sig 0xBB1D9F6D ct magazine CERTIFICATE <pg...@ct.heise.de>
sig 0xE2449019 Martin Kraemer <Ma...@Fujitsu-Siemens.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.1i
mQCNAzYvawcAAAEEAO/lLOQVYsUS+l7yan+Rzr0ehfWRqlgeNsV4DQ0xTuQewD9K
5lm7ujRwutxlNaf5dXjE24mlsiRN8KDp+fKwm7Wtqv490xmhzS/6y8ekwB02P4fi
/JJNX1PbLS0cL6+bz2dFqLDhh03Ovz3G16Y9he5mrJ2PNOWa9Dfj9F/uZeMhAAUR
tCJNYXJ0aW4gS3JhZW1lciA8bWFydGluQGFwYWNoZS5vcmc+iQCVAwUQNi9rZzfj
9F/uZeMhAQFw1AQA6u3j6jYvBwKImnds4X1ZkyKukxBAkhKpcGeibevZ4H6TVr8m
KDWx49LM/Gd5b0SBYitaDQR8r67aQyC9MnKcNS7H3MviqcQKZlP4RISb4/ys8p55
w59QeAONCVNQKd45fmnRNt28mb5NwlWNeOhWti/qFmAidjD6OW8Xl7+x0jyJAJUD
BRA2RwBtRLjd1rsdn20BAVScA/4+sprdgUqn1dOsA2Y5F7HiQ7I2kzVp1LzMzptN
wfIiQfhaK0FvadFuo5065LBuHrnlpJK2W4jFjroJVqV4v7oTswISpD9SXPMxWZ1s
zJZJjAOWRXeBCSDe8TpuAWVaUsuvYeeSWVjchIQKENaHzHt9EovL7xkEZbz1lc4a
SEhv2YkAlQMFEDYva54rAsNF4kSQGQEBt4YEAIozUUKZALnzf8gfLDusOW+exkp4
q91tssZKeYk1Y7J/hWCQLw4IqbA+dYs44grjj8mxPZiieKHav7TgUGpijpKwyAGo
4EmoqS0e+3FsPdV9RSSRXyRniK255xZPHTOPU5rRCIKK/wce92yZAHSaPTuZZDPU
JqZc9LAdif6358k4
=Canj
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024/EC140B81 1997/04/10 Dirk-Willem van Gulik <di...@webweaving.org>
Dirk-Willem van Gulik <Di...@jrc.it>
Dirk-Willem van Gulik <di...@webweaving.nl>
Dirk-Willem van Gulik <di...@dds.nl>
Dirk-Willem van Gulik <di...@bigfoot.com>
Dirk-Willem van Gulik <di...@technologist.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQCNAzNNOsMAAAEEAJmwazRhNJB4mQkvp0rrxLkeOAxR9fGBXgJNa6HHdLv7YHwx
mwMorHYDCAMypO1yuznNTaMVT1z3cS+yqhOkTVxwNI1mxW6Zts1kOJB9pWuU33sk
sUuCkLHXMgyvP9cms6gcYgB5g3UP6M/aQ4T017+Gk/7crlH87DGmPZbsFAuBAAUR
tCxEaXJrLVdpbGxlbSB2YW4gR3VsaWsgPGRpcmt4QHdlYndlYXZpbmcub3JnPokA
lQMFEDRZ5+0xpj2W7BQLgQEB/KAD/1xniFNLHp+jxIVrEL6HcI06QZUYPvRuarWq
3aI2gdeXej59Ry96MOo2MU3MsuQ+wW+6gEJAuyCp2jyYfzF/8winNcFWc738s/hX
fRYCJe4bvtMcnhBV7GAlTgyw00fcrnaJaQ811+QwKnZvXXWb+QuoXC4ddTon25w4
XHLjtDZHtCxEaXJrLVdpbGxlbSB2YW4gR3VsaWsgPERpcmsudmFuR3VsaWtAanJj
Lml0PokAlQMFEDNNOsMxpj2W7BQLgQEBzW8EAItAEaeuIzPIVlKOk1LnHlYc4FyW
aiNJC2+rRmftYu2bIp/JFuXu3xC0U0byyHu0p+Y1pcAnt2YrqmYUfM0d2cx1b4+L
8RQR4SGKhq9jWKS3icfKoyMnGiD2CeI8/Xx8V6b8Xg0QqsdlS0kz//qGCDWMz0vi
oxzasVEvFjqAse03tCtEaXJrLVdpbGxlbSB2YW4gR3VsaWsgPGRpcmt4QHdlYndl
YXZpbmcubmw+iQCVAwUQNFnn1DGmPZbsFAuBAQE0vAP/aOb/rXsE256tpi0+CRp6
cd9b1oBmw894UK+Cf4DeNHWehPWJog4y0eNFUcAMdLIdubDzc6Kfxw5QyJt2EAXr
05XuJ2DJdG24S/aPzGq+6VzL7Nq7pylXuhrACTgeesaceEpUd/NeOCOyzNR7i8qM
zbGFtU7fH1ipfJjN6fXLo5K0JERpcmstV2lsbGVtIHZhbiBHdWxpayA8ZGlya3hA
ZGRzLm5sPokAlQMFEDRZ58Expj2W7BQLgQEBGRwD/jdUjCJXFcAbjx3Y2pWUkR7C
hwJTohM2TvhFp80Ffbhh1xT961XGuHL5l41fRAIg9FEHjQKNVfXeisLH68Qh73cF
5xuNE6c1x1VSqfDLl9fXZ6TA35qt0G599T67jmVai4F/LjHWDI1O6UvPRuZE3O7m
eRaCfbPLAJ1ztFujtS3btClEaXJrLVdpbGxlbSB2YW4gR3VsaWsgPGRpcmt4QGJp
Z2Zvb3QuY29tPokAlQMFEDRZ56Qxpj2W7BQLgQEBvOED/1LhhPP5OkeCCEMVnmyZ
jZexzv6XOH2I5qH0iuozsI987sSK+zfv8O0wEBwjUOQqBuzlvjKImYQ/oqR89egQ
AinPc4z1b3kgeGyqrmtea6ScmpKufcWUBbhH0qsXF41eU3ArKY4kB9znV+/PacCe
VrOD8roFaxIDZ2nW9FS0mriOtC5EaXJrLVdpbGxlbSB2YW4gR3VsaWsgPGRpcmt4
QHRlY2hub2xvZ2lzdC5jb20+iQCVAwUQNFnnjTGmPZbsFAuBAQEaHwP/Q2Rs6MIu
z8all/xildFOPfRAX73InwBeInr1O4UU4l6yWRvuLkg+m6O8eJSHo21SNZBCu9gM
FoQsd0jVOitUr8+w2WkypBlJo5wl1nCw/1sLU4AxtBb0jyADvJzxFCeje/FkxEvs
6Y3eLxpJRBylbg6KFOsmSY46DyGc49B6cZo=
=xUw/
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
sec+ 1024 0xF08E012A 1998-02-19 ---------- DSS Sign & Encrypt
sub 2048 0xD8F8125A 1998-02-19 ---------- Diffie-Hellman
uid Dean Gaudet <dg...@arctic.org>
uid Dean Gaudet <dg...@arctic.org>
uid Dean Gaudet <dg...@apache.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQGiBDTsCJkRBADJmDUiJL0xUaxg0yw7+VqqFUL6sjWxZeZ7kQZs4dyN3R1ilBUG
KmOXE6qSfb6Pi0qEmgCz1K7g1KaglMRrpANY4h1CjziEVmTH5s3ocxe77w2uaou1
gHJERIqQuC4/z0DwFqq61ZVf5dUQTD8OmfOwG4pFs51Si9WS03ueVEFQFwCg/9Z2
j6UzCLyUABpWeV1v4m0w82kEAK96GyKDcT20TymKJnMKuwya+ZwqrULH3Sdi2Mwi
1GOH7aomG2fK4D2yxWx5xTiYhmYNnRoopgu/Kv5a4x43tOKS3zeADMnHIw9dMSn9
4Kba8vfKbZnlOgt9veV+iWZv7N2aS2z7w/i53Y6LAlV1hAIMvGJ3zLfmShZs0LDI
Ya18A/wNcdJazUk9mLGIoycCYOk5YhWL9sCaCBdmdfDPu++rLnqROSWkmfYkOTt+
pG9SPnvv3XrX/SEwM8gYfpbZwrFDJFI9W63lc9hdSosFD+8xiRl6h2gKRwWvc1Ry
xIt3+gUrZxovNxBOv98BoSf/j3lkldU+ZjDGlCplRHSndxlN/bQgRGVhbiBHYXVk
ZXQgPGRnYXVkZXRAYXJjdGljLm9yZz6JAEsEEBECAAsFAjTsCJkECwMBAgAKCRB9
bb/R8I4BKqqzAKDc/4H9iOXJxVE0yCEHeTQ2gAHfhgCg7VSq7eNhiJhBgblQav/R
XOhaHj20JkRlYW4gR2F1ZGV0IDxkZ2F1ZGV0LWRqZzIwQGFyY3RpYy5vcmc+iQBL
BBARAgALBQI07AjSBAsDAQIACgkQfW2/0fCOASoWOACfb+8OVvy6FCqN2MxdCqp6
gffNbYgAoOxlTa4NjCUUO9dfLFFYpDfGrRy7tCBEZWFuIEdhdWRldCA8ZGdhdWRl
dEBhcGFjaGUub3JnPokASwQQEQIACwUCNOwI/gQLAwECAAoJEH1tv9HwjgEqiC8A
oJDu1HTuGOfChFSJJ31XvV8tnlo5AKCFceck4veIMP8pDC0f5UBGGC3mZLkCDQQ0
7AiZEAgA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV89AH
xstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50T8X8
dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknbzSC0
neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdXQ6Md
GGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbTCD1m
pF1Bn5x8vYlLIhkmuquiXsNV6TILOwACAggAhb3cBmR67H4+9Rj4FeTwJ8kflX6I
pp2AeXXZiffiPVBv5cGzGn2RkGPAZqbp2AkrCb4TrJH//1GPdR8VmPeEGsm6u0uT
0M404l/4IW1FFQ4JBpTENPn4NYBHkKBNkPcls/ip0lSjlmLGVQVOtDOaFD7n44xV
hT4WpptCripg/5kymDmK9c8hv6rPUvNoVrDdWR4//MCvNAZvGq2bZGdFTyd5Tn6D
AmwbvL/UwgiDnm95qBBfCZtmGkkFaoOePtBevWFaviFZM2pErPRcjY8A/1cZsycj
JPMFYqBKGDIk76ulDSjU0Q8dqhCEDf0o2oQEg6msjDtetVFEDw9yJe0AGIkAPwMF
GDTsCJl9bb/R8I4BKhECBKgAoNRtRaRMdYNwajSO7056eKazCGSDAKDShamaRjAe
ThQ1KefmJKyzfcosZQ==
=25Cv
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 999/F88341D9 1994/11/08 Lars Eilebrecht <sf...@unix-ag.org>
Lars Eilebrecht <La...@unix-ag.org>
Lars `SFX' Eilebrecht <SF...@unix-ag.uni-siegen.de>
Lars `SFX' Eilebrecht <SF...@appl2.hrz.uni-siegen.de>
Lars `SFX' Eilebrecht <SF...@appl1.hrz.uni-siegen.de>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a
mQCKAi6+wOsAAAED53PJgrIYS7iHbZn0ycrnzS03fwvwsDpoAVouoqqBSVNoVXH+
lL+8HzX/fADvNyk1lYi5kTiYR2meKB1p0qpvj4bQ8ZEmcBemhV0FbESJ4CxIgy6V
euxOD3v9gauyf1u4lkfyLIsCepuJqpkH+aOviE9VhTcE/D6Pt/L4g0HZAAURtCFM
YXJzIEVpbGVicmVjaHQgPHNmeEB1bml4LWFnLm9yZz6JAJUDBRA2KRwZms08wKmf
dd0BASoSA/9ZwyAWilXJNMWsV0KfyUeHZ7CsFA9/KQixLtpSH8ij4raLasr6rurc
Sckrd+OiQKPQG0/TSXSAEP7suatV6XTTLEFHJbmqchTZXMSapwxFWGLxdG+buCiO
uVxbpop4ZoKz2xb+GtdeyeDr+//gFL+wbEqlZMXfvwgzBCxcOM/tZYkAkgMFEDPN
Dtg+j7fy+INB2QEBxpcD527wocmN2jHxCkmImID+YMVF8g1Rij3CEy+oLAZiiNWS
Rxj2lWTHhsVZXtzF53+AD79rJqrFhZUCx+W6vG46uLMuu3/VpnEfq2QsD0d6zIUv
SDFIxsy/s4knyvgfMeXczHmb7vjGbGsyP9mqjAyN7MUcqgBBANH4HX9CSRN8tC1M
YXJzIEVpbGVicmVjaHQgPExhcnMuRWlsZWJyZWNodEB1bml4LWFnLm9yZz6JAJID
BRAzzQwFPo+38viDQdkBAa31A+dPvsRw1zWvyMDp2aQwqIawIi2wiFl56lYfpkwW
WjsdftuK0HHe+gek0aJ1vLwJFlrivroEukF1JaK3kS/ob2u/TNIZ4MKWjfhbkJW4
0Y7gCKCUJPzh6hDw1nYfc4N9XKnwubiRVdW2ig1HVoKZUN9Ad034m30jMHEzqXbO
4LQxTGFycyBgU0ZYJyBFaWxlYnJlY2h0IDxTRlhAdW5peC1hZy51bmktc2llZ2Vu
LmRlPokAdQMFEDMR9XVLXCU0Hmjw3QEBftADALeK5boLfjNzxZ7g1VPHw6k6QwSU
ESwiPJCmGTIT5f941YhHqohgwN5kGR9XDxWCCJAqQfFvbxhiZv0zu4HvQ7FYLVLO
2zwZrVvOfR259jvGDFpPqRBq1ccxTNXuvf2a44kAlQIFEDD5Hn++gkWXZmzJrQEB
WVYD/R4XFxImsJxzpaykt8Hl4kpQNWYWHd5ae81QFla/vfIplBqeVWr299pUbO1x
Bt4EFPi5aya8CGwXs8uRsHKn3u711jfTri1mKpiMBWt149BsUk5lFCnE9gVo5UxY
cpM2vb1I5DKeo/8/DuYz1FQhXwOxGqBqIr+ggQ1fN7Q0v5qziQEVAwUQMSxVdPCJ
hGMAVxgRAQFafAf+OZxiZqpgeA3iMZzbOr17v4YjL/J4N3phrcy8ssh0rmTBbNHW
OfRR0yzGlAXespCSLzBnSQMph2MXc3Al51LK4z487iAQxpu5k/ZKrg5ahZI7X5ok
viTcRjmXkpbbXp+sMs6J3ZOOjxO1tWytSXW5/3lKwbjzaURlbUbBA9QQSGAYPnsw
Z+CPKRNuUsk2EI3y4DWVjuabOcCeNy4TLfB9UIY81oXfXOyT+i2FwZ0f1befeZuu
PICGQIxlEFi3Hd3hDEAgNJ8Hu9C6XACnYieT7dVYtlYH14UTk6/CLKkbWNhd/I5S
QMPbijKK2zU5U3vPcolA1UalSBckftDQ2iTmmYkAlQMFEDD5QYseKXCPGoSZUQEB
yFYD/jqPx2u8D1aQzKHvZqS9PUYSsPMTgn10FR/tp2c9Ch60f+BQ96fOUCzmRt94
Iq1iMZsJ0oTyLLf6wf/Mdb1LhvsGf7rXFATh25OUpPx1qPUWstSToHSn0+Zf8e1B
0p6PJ96duI6rimoc8NKppOwSmRvqAD3ATCKpMiOSwWe9+mBZiQBVAwUQMPl9Sgk0
Yuy5gjk9AQEX2AIAlCphj4JI/yvodYIlpC2MPOs+hfTvaMPVhSCZZ0EVfZgTZpLQ
XQDiUolYBvTHJnjBZyXZozln/df4MBHQgKWwmIkAVQIFEDD5RPk+NMzsOfhZGwEB
5EoCAINMQWZZn+12r2nFScCScf5TaKpm+Y6MfEsvVg0trveEJ74ibbFDo8ABZ2g6
FgzfDxAMbxNsUQaMrhh0TaSC9EyJAJUCBRAw+O6OHdm2eHD917EBAfj1A/4/cYEE
a7jN8+ptmxZKsfZ0xOP2dxsPnicDT4VR16MHN6rkVrto782XSiRx3ZUsd9RjUmfH
ZA3mHoJIGo6JRFVOeyjg3LEASSSfZr4YFkhutnf0lDlJOeEKhqvIw/dSO7MDwdLx
hOqAFv9UzAlpOm4GLx9p1N61xDl1dIYEnY9cOIkAlQIFEDD5QnyFat0badac6QEB
CCMEAKV60AedWZyXWokcwWIbW/PLgNTCh8JL1vijXGnBvT2PuA0L7/rCXPhbb20A
rrq+P6xbGFxi42iWieeU2T5zN5IlPObT6cPeRWJkxPnaSf8ZD33Y1almcuhhYMUc
7lkL7yqSo1J8TRVCSxjQ4W0+QDUFIEvrigb5Scd7zYHGOqoSiQBVAgUQMPjN2pva
UYPwhBsRAQGNhQH/Z6IlBI4hdGb8teelMgY2kf3Iq08NByyygJAI48HqTe0cKIW6
BPcBkJqMooJtRJTX6Rkt8fRKe/IPGeHGqyW3eIkA7gMFEDDhUR6K3WTWEs11KQEB
TnkGwQEgJMk8SHR+2iBmOJQ2x+kv4LVmPp8hdaKCBdfvJDmrSpuEgrBWFI9PDpSw
F7NWLPqESPnWo5dd8YeynzYz3aCiIXAOUB0rG8tujF1dSn/kFUCMqgqvbPOU3sSv
6tVlECIAh67GTNHn61IIhLM0KG4v9elo0Lk/SpWwRRPJZW/ltQBApjtR+juFOiq6
86+eE9kKBCImCIthBeE/cf6JfwuS4+1ui+MmkkqrnO8+07bdjbkWTSzTL3l12v/t
M2p8Fwqps41y+3nIEOzq7Isf4zBjfw2ZKeXbEXq0M0xhcnMgYFNGWCcgRWlsZWJy
ZWNodCA8U0ZYQGFwcGwyLmhyei51bmktc2llZ2VuLmRlPokAlQIFEDD5Hv6+gkWX
ZmzJrQEBD9QD/iIIvOUqyKRBWjHgJD7zoskxDQH/YVhJu59zoCEOJGwXFPLlT3ce
meMCaVLa5XvoDnLYWZ/bfI5nFd9vF9GwwbmP8/x39Z3N2xKfJpD8eH5inu5AwtIs
kfXjmcZhSfDgv2XpAaFigz3wIBt+XbkPRxJJxfqD5oJ1ys0qNe0U6jjyiQEVAwUQ
MSxVrvCJhGMAVxgRAQHLVgf/cW6FlzmOeIvJ/3yB7vhSOlpivnY00iKnzzCpWLOa
saC4NPazhqNIewBa01KSuamIicYkzXk8MeaTq5EaQfJyA+NtdWSm/3/ivKWoO4Ka
qJbVPnxaDnB2KBH+2mq0BJ4rS4i2jVZuopbtMAHV+lQUHaVH826YaFPa+425A/H+
Oaqn2EdkL80fpIJsACsudYPDGCKS3zcMjspVK1cXqNRDzIOZ8I/XtyNEJpw1yRGf
t4jrn4lj9jU4y0v6sFOt6jpuvAmyRN/pebwjYJw1Ye697MMkn0nEafH55Et+XfdB
OYNm3Sb/J2g8j2JVVhN6JKuFYyM1kvK13Rky3SiLPUzD94kAlQIFEDD5QqqFat0b
adac6QEB6HsD/RooPR6pFnSisCerTlPhSvDI2gl2HUMFw0CZJ5JKVlj5GFDZp5jl
0yhgCFCweFuE7RUgMOkvGeEoEPZeyipacsrVIcO26aCQyerLTQd6JTgOuCEeEvkj
BwiqOrVNSEPM5TWPzQc7Q7IDtKTsCT+xNGtO6Pi2+ArZaodZTtp4tXkCiQBVAgUQ
MPjOC5vaUYPwhBsRAQHdVAH/eIgCk6fo3/Mvxu7IESdDLM/ozh14yvZz6FvC/VKt
Sp51goqsV5jI9wKANIjonLeO7GJubjO+lqHvsEVsGQ+wpIkA7gMFEDDhUjOK3WTW
Es11KQEBgTUGwQGH8Ic7zNaUlRmYm5J8R375iP8CrJ/xILbET69VsR2aDG2MA2z8
NBBkV1ARrAC2YWa9sO91yCyf3NAI6I1oqtbv/09Im/s0bTu66dWrqRAiuTB3Ou+g
HJ0fc85gTWcBd9/xS/mNlZb1/ZXjkBaYdl0Bzm72c3+HqZjHzT3nlxVY5HCi15J4
iDgCuCPzeo1r8QgGmsbP7fD+0Hka7tlXb87WxPZt+nkjGS9xmLrNHw5/vJpcN4+f
zevzhTQD8IcsUr0QcZUH9jZpm6xWpibPF5z7FzXTorguf+W0M0xhcnMgYFNGWCcg
RWlsZWJyZWNodCA8U0ZYQGFwcGwxLmhyei51bmktc2llZ2VuLmRlPokAlQIFEDD5
Htq+gkWXZmzJrQEBjswD/1Nwm7yoV6sj7qTiKaW9S3DQD3LKXtweiDdYF0lp961I
WkuyBur4aYBNROQK82zFQqKNKfsm+FXu+N6AYQ2zEUJEUkT9RQgmsrfU1q067Zoo
+dck5T2zuH+/kqmF9t28Gv4jjxVTit6C92NEhciutNO48kK32BT2mgX2w7tds6G4
iQEVAwUQMSxVvPCJhGMAVxgRAQFUKgf/Y4Djeo18+ZAfr0BKl14P29dKK3p8OLcn
qXh6juBfTRiWnFJtrQfGH9w3pQvpi2RRuDZTTQzhO4eOq2g5gy9MytU1htLRVpVw
BnmmjLRWz0WGqr4y4ZULbg3ha5NsfBppdgHKk5Y+BptvIL/37ZBkztkiBXfs0Zbc
3fZR4bSU1xDOE+HS0BofOxubqfZrCZvAjMCC5NJ4R13H8xnYg6NKQCAqOfeCOVWk
Gnc/BK7VArMXjC8o/9nQDzY2fRPINPnCb4f/4PunwOrEza6zLxXfgNraQJ19boPb
/o9DBlvNOWkq9gSmVnTEkqrEMtiXd31KAU/LVCRH/70mx7XZkF5/N4kAVQMFEDD5
fY4JNGLsuYI5PQEBW0kB/0s9AqawHqJ/0rO9jsMhk3vuHNgwVF4DoKTL5EDIORET
ccAf4UZVJo+JzmjYxc1f2RkwkMkk/N9afKZmcNSYzteJAFUCBRAw+UUZPjTM7Dn4
WRsBAah7AgCIWR/HNt+V20bDueCO9mhwGirq5E7TJU+C9xT+3BeZXmyy/AR7tWJd
KnC6laGDLnMko3CWr/XRKD+rC050nNsriQCVAgUQMPju3R3Ztnhw/dexAQF0awP/
cXwIBaEAj4D/ShzMna3NQ/EM4aTniAHdVIH4d6Uh2RwDCoYt6HwEP11xfBwI6bDW
lQhdUgDzGOXmOxKxv/Xti4viHOwO1KqjRtHOyDf4hI/ou2p0bntXMZ5yVv0WakyW
7kYd7KxTbYd/CTKe8HB+8wkj8h1pb31JJoXzWsgmwXiJAJUCBRAw+ULYhWrdG2nW
nOkBAQUwA/9AUqFQsXW9kMi5RooITiQbRynunPh2aqadVnuLZoAhxp16c+EQYpc4
Qi6jLPBVemHdS4PW8vJegF1pJtDZ4VfLNwwkIxj7Y0hU8A4BcHUIfFdOER7SwbW/
i7QTU8u3vNHfmgIodv19D7rFxEzqqPxMHRpIs8/IOG9L3zc3kV8rnYkAVQIFEDD4
ziyb2lGD8IQbEQEBg6kCANj9mr20gcYRZ4eDfnuTSkSvtjvKox0EtM+UnAAgihxU
q5vNCZDEeohZSZBR/p2pktcSu+cdk5bBFHtzkaNTt82JAFUCBRAv0u2cmTVOo2j9
/00BAdubAgCcmQl3gvdeQuA2zSmqHNrCEXdmjIIltOWc8WFCPJjDt6c2cBdmuwoO
YknWWGDMKXvTlh6lPgIVx3fhlhobxxFKiQCVAgUQL9M+R0axifvg3qptAQF7tAP7
B78y93gaojDMC8NwfiNKh7l5cBh0ONA+W1g3O7YLE5W7Z/fOg4H3pOujnqU7H3Ns
ChmDxtBKQIIiZXpnNg4Nt3F765t8EPrMmjjQJ4a6+8CHfmXmfNSWqPMdjgJW4ykM
nUasGhgF1Z8flNNkfH5gfW9Gr8UcClgKqa5xvkhC5cyJAFUDBRAv0zvKQwZ3Rx/t
AzsBAVs0Af91cEjH3oZPIaydSZxPUjF1SE3p93NnY6A3mKZR1vkewG6sRqVa4MO4
lw8w8AU7ge2rvwupF3weF1Z9DG2bauGmiQCVAgUQL9M4SuXLhgyrRKDJAQH/vQQA
jGM370MwcIfmtQ9e/0j0nztQwQ18dXMA+dMyNHiGrc+JC71u5zjxwmO7R1Vv7ZSA
af9PslF/118wS6fFg9BP+LO5T4D44wMJTfiMMv30Q4Sfxn9DX9N3iYzL1PTHmlCO
fCQQqvC451XbcXECqmqWHEqII8//4w/h9yrl/5F/uXmJAFUCBRAv0lcf/ZhK+bLW
8KUBAc/rAf9rmJ56O40QVD803+bU1zSiSE1x+FURt+ceAsozqo9taFoRIGXTa8Mp
swStyALnJKpyDkGEnTfRdARVQtcEzYJniQBVAgUQL9JDvxEZCRz6lM9/AQG2xwH+
IQAJZEvldNHzeikez18Txy12EnJ9k+za2rjPVnlX7+teIY3VNO1homUgwqjoOHpZ
kdGgdOdmufOglT3Rqrk5FYkAlQIFEC/Rt+1JSaYsE52Q4QEBzUYEAMonc3UFNjGo
n8F/omc0PPA3rfH2IS6G31FN6fRarW1Pwk7CWlx3wgHm6gO9xfV5lDjBJ+lVmbmL
z/1MZhg646eFRbugtBYbOXwE6zmNrKBhchVueVONzwWPIA8BZtR2Lw6CikAOhKgl
4ndg8PO8UUg8gh0VUKGTPDK0MKR7ZCpGiQBVAgUQL9IXPnmMGAx7t12JAQGpIAH/
Zrl16ULw3/gl7T11EbnbA9T3LjXuD4TG3IGeEV3z1wbRp227yN12a3PbavEKJj1m
fWrZaT89Xt1smYBaIwX4aokAlQIFEC8YGepIX6svI9kr4wEBnO0D/1R4HlUM43CU
jxdinzcijOJxRNe7ieXpp7xNn9SuJotDVeCLDRFSpmF2EFb0KDyoX2bY18xPT9sW
tIMYv4XigSBwfuR+Sp+J1CLdP+zzmIZbZBc+3G5xM6nipvaKl1DkhSlLqedW4dmg
1rKgCOXYKHdzHUcaneNE4rkoWlVwG5rhiQCVAgUQLs1+vx4pcI8ahJlRAQHwXAP8
CKLDWFLJ7Fc3JZ0MnuPxW79M9nRQwL2TI/Vd4lCUSiDOUdEvjU45MLmLgU+4OZNP
eXaBSLkN4z8PUkxGEEvSeCFE7u04VNq1GJ2aC+fHVFzuWbp0LsezqDSnm6xvBxz4
0yEaZnkXu3+66kXZV/E4BNIkCaB5V2qXxrBIg0D10iCJAJQCBRAux7auD0cvWzTX
TcEBATNVA/jU+bTUqnlZdrf6KgCv+hDOs6VO538cExQNsBl7x82Djbp8Q5t21YEV
8LiFN1imuLYqHXqDEHt7qtroNaBYXgnR24QjI3urel+kYMibZWxGrq382C2apRea
EDmQ1qtEzP+kXexaawAzKMo8VKWMnXjQYBLZohuUqfciE9A7OQF1iQBFAgUQLr7F
rZXTi1FmcalVAQFOLQF/WCuTfcsEc7z1WK5BMQltCgnNvuz0himNP2FxPl4g5rq3
u8i03dqPbuVwfrxSzy+m
=tg0D
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024/28AA55C5 2000/03/02 Daniel Lopez Ridruejo <ri...@apache.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzi+5mgAAAEEAKRyfbHaGoNuWwHVSa/5mRbWdhDTkR26z3Uwq4KdCZ2Wp+b0
VF4Tfh6d4IoK2jXKBUlUfq+v7FYzSzYdPCmwB9L9cHlaU/ItfcWD2G7rIHyO/lGn
VXK/BGUPoOhT2yeO8tf6oe81hmN5VzqqhG/SWEkwlJASRX3ApyanqCooqlXFAAUR
tCtEYW5pZWwgTG9wZXogUmlkcnVlam8gPHJpZHJ1ZWpvQGFwYWNoZS5vcmc+iQCV
AwUQOMAjHyanqCooqlXFAQF9swQAnVrUersSbO/SrT+nnwgRPL/xRMjGCQe93gUe
JPcOOYU2be1tFGynJl842SIDPTHcJVg1hHReO93K4jvQKsbmT5zrzIlQ7hVB2u48
WNcgsIKWIxcGaMp4+qsDOhN7Fh7vIEZdRRYhL7YcGKZ2WnXOZnGsKSD8VZenycwQ
cAA4xkA=
=3hIM
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
sec+ 2048 0xC808A7BF 2000-03-09 ---------- RSA Sign & Encrypt
uid rbb@apache.org
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQENAzjHNiMAAAEIAK+iTnKRHymuUYmRRe6JlH3oN4GfpakM6CITpS0aM/piJBX8
MNgcCUK2tz8MSCqAlfF+2r0hGRMSQ+UpXqLXcJaCkGIvXtlKmxCcCX6R+LDCnzoa
QvOar3+rKFFJyiauyV7VPucZZhFKesReG6o53uoOAd0jyzcV9TdpAIn4Xl8W617T
L98GdODY9jK0zfgGo2bSgPpo2YswlDCGbYzRX6bfEGmAbP4t4UnP1ikVCE3NTIyz
gT4kywMb5AT1Tm3FbwTx7rXc/nL20t22VTJMjyCxqPrOTs91PxdXyTAQUKY82x+U
ZgW39f6aKrJHDEJtxOyym+B5NpYgeP5QQsgIp78ABRG0DnJiYkBhcGFjaGUub3Jn
iQEVAwUQOMc2I3j+UELICKe/AQE4yAgAkNXkalNn8Xi+v3BFCmHLlB7PKlItzlS2
PnMcTJPgzO8w+PyXc5lzS3dnqLEBoCwRazEZh8ncVbeBJz1LjQU67gvCBqyFl+3n
r+Z8k6cJYw1AzSK9FLAgOEtG8IdE+jsPq39xORpu6Dhsuln++G1xaK6fePeAEgR3
qH7gog/SFCa9QXQd85wsGRlQlmMwe/HDyoRd/iHg3X7mr4yB+zYkxYKDD+TKlSqq
V23n0H4n3oTI10PfaB8LDYVuPiQvIRn08XKUv0Att1KPH6iJTIJ/KRbZyGb2J+1r
RO1nBGw+qaOAw4wUQXOpJyXVUeanIt1tSe8Gczlf/uxJZdCNSpgeqIkAPwMFEDjH
OY/9b4jGIdCnGxECdl8AnAvSwMQ2v2ryh2NLL4FgfVLCjb40AJoDu0jaEqUinZnp
oMBmjFgtsDYp+w==
=5ByY
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzjJAagAAAEEAKkko/H+E4+c7OXgiNfBCwlU/PrxPovDS3/JCKuILnflbNtC
Lxbqvf7LccZ4LoiHOKd3+G4V8BgaTndqADx4crEsS0BpNrJdshPmXajzkdQeo6jN
nts6QJ8/mlL4Q+s2/8dnleCrgDkzP4DpAIRGK9OARE/TKmUFUonO2YYGoUwFAAUR
tA5yYmJAYXBhY2hlLm9yZw==
=dGNO
-----END PGP PUBLIC KEY BLOCK-----
Type Bits KeyID Created Expires Algorithm Use
sec+ 1024 0x00ADEBF5 2000-01-25 ---------- RSA Sign & Encrypt
uid Marc Slemko <ma...@znep.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
mQCNAziM6n8AAAEEAODTLW2h2homp9NCjlsNdQQQACaUgrEm0sO0Lr1BVSp35fFQ
a6XtrIxQXwcvBqM0py1ea2zcmYqnv6vY+7i6sBnxiNNugH3ShBnOYeCaO6AzQNaN
2OvLkB7+1AoDmbU4a/+APtLrhzYzUj4DmwSmr7wTwdO06PsdM1Qv/g4Arev1AAUR
tBxNYXJjIFNsZW1rbyA8bWFyY3NAem5lcC5jb20+iQCVAwUQOIzqf1Qv/g4Arev1
AQFTZgP/Q+/pcNsCncKr4x39f/N5zXine0zQaKY46ek+PCUrhDm5N8cFTyijE7V0
huRDVENAFkwtznz/H7BN0vtMRlvUQJOPFa2UaN8zIbcMIzSbiNEx5nvfFeT/Gr52
GtnrQ+BvczfaauJ0Zw4p5uq6na/+0iyEf17d4qrhIBftlO3Ti+M=
=+laC
-----END PGP PUBLIC KEY BLOCK-----
Type bits keyID Date User ID
RSA 1024 0x62C48B29 1996/01/22 *** DEFAULT SIGNING KEY ***
Ask Bjoern Hansen <as...@netcetera.dk>
Ask Bjoern Hansen <as...@plys.net>
Ask Bjoern Hansen <as...@perl.org>
Ask Bjoern Hansen <as...@apache.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.1
mQCNAjEC6XcAAAEEALdrW5rH+2XOKX2zAPQmgomvHGADJedG4Dxf3Ci3HpGmKazV
Uoo/f7Vf21ldvBBYC2CMpJU5uiMstNdrJ8Rx0KDBH2pLXsfE4XvVm8cGLbHcJycj
cZsYl4yppOufL/76kmpP7q0Jni/pXrkYg2mLG3lCN3JoZqX9tvkoKP1ixIspAAUR
tCRBc2sgQmpvZXJuIEhhbnNlbiA8YXNrQG5ldGNldGVyYS5kaz6JAJUDBRA1eczx
+Sgo/WLEiykBAZIjA/4+uCJi5WD0p3EFzOnmkZRxf8egjQlFdBDVR7sixVToZCze
oZZ9EVianFbwv8XU0McA7FLSUala0FIxRtmOs8/yN96rhBqJnYfLxu3b/ZRpBf4Z
UExXQbussUX7AsPUmFim9Xp8mTy7xDEpcfiBnGY9Dtx+nmSvyLO38W5VvKP1qYkA
PwMFEDV7CdYJPTjw/8ByixECHSsAoKUySg0ht56Rjsct6ViXjWfVEF1xAKCldK5x
LXMjefgsiuW3n5seRVogQokARgQQEQIABgUCNgEYdgAKCRBoqAGJariS5S72AJ9N
JsXpts88tCq7uZiirWlL54vTUwCg4A2urEUCEPuSz5deMyMX4lpjN5GJAJUDBRA5
Ix6ndTAZgHu8twkBAZDHA/0fiaJSxGAxIdgYQY1KqYJGWg/E7Gwn87kZyiRHKUaJ
gP4IA4PVnh0rMtTTo+CWyzcqMPjRAZNDW4ECWymrqqNrYgqy/NrcN4h7LZC5wmnW
hXF3HdgAgxIn7m2YQOLluNqIrhVKga5G9/xytZLsF15qZbvjyX4mqToOsRqAtUBI
ALQgQXNrIEJqb2VybiBIYW5zZW4gPGFza0BwbHlzLm5ldD6JAJUDBRAz6gMS+Sgo
/WLEiykBAd9fA/9YdBn26x/7DE0by/Zzelfxu8o4AgZOV0AuWqZJebXKjeFmkJ0B
lZRaC+NUcvpXOcANP6berJknvAMjNfTD1wi89XUVlbisDSW3UMR7Op8EpYjqLTo5
u+KmyS+ehhQjA3somcJc8fBdnGJZ17cKWEbzJK+oJBvnzpjtgtvw6/oH/okAlQMF
EDV5zQX5KCj9YsSLKQEBbk0EAJ+CwSbR4QQ2pgyXV7U4P4+1xSXa8U6IuI7AX9Fm
LNlDu7a8DnJt8trZxjBcEMZcfoSNmbjIzMotzl0vvtDpqYgKfJ5Dd3eUTRCDYYS7
8DoYcuB0cunBoGijkHS/2IkucAZGgcnNjPdhm7EnDJ/4F5VR9ZByqXiAIhZ746bs
Z+nrtCBBc2sgQmpvZXJuIEhhbnNlbiA8YXNrQHBlcmwub3JnPokAlQMFEDkjD+v5
KCj9YsSLKQEBEK0EAJBYAopnB9/dun1G0t+TKWVwGQUi56sWd5bwLypHklf/fy2V
QPjCz9QoI0L/jAguBrqCfwtlIHRHMwzvvNWLRtuA8oiTDl4w2gO2vjy7V3Y4qneA
3U5CYRT/ekvK42d+aHA6yMeHSPlNEQg09Idmee5Lub7kV8ejjtRZ8s3jcZ0utCJB
c2sgQmpvZXJuIEhhbnNlbiA8YXNrQGFwYWNoZS5vcmc+iQCVAwUQOSMQB/koKP1i
xIspAQGtCwP9FFWCZN2540lomDAY6tXt7Q3AhP/CkAec5i/lsv21sUl09jlZQnr/
Kc8hL1lPOuAlLFGqso3zL7KMVlrOIng+R/E5fcYpE60QhhIoHdvlxFKTJ5GZq7DG
stCrR34q2A4OWtoC7tF0Uu+Ew2ontVgvqsrgq4qt0h3yh/kABp/8mRw=
=GGxP
-----END PGP PUBLIC KEY BLOCK-----
Type bits keyID Date User ID
RSA 2048 0x10FDE075 2000/10/09 *** DEFAULT SIGNING KEY ***
William A. Rowe, Jr. <wr...@rowe-clan.net>
wrowe@apache.org
wrowe@lnd.com
wrowe@covalent.net
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.8
mQENAznhOVsAAAEIAKuVs0grRRD6sNsgkr78WHvgpxf7ExaKI/bWEtS7eiFwJ+JE
qP/ceM/zpot1wzUyNAVC+wiOJaj8CXyFrrmsjRM6zO5hRE/Hkf4me4ZviDP2lJTH
suoTIcmSRdY6q3dIFQJVWPeDU2JhjAE313R/U6G/uJ9yVK86YPEC/b5Wr1XIDwDR
GE9X58tZgMTDftYM/1wxeQNNF9kyFQky/45H/iXOirj52RI+gchkZfgRbfTSbF8r
zSvs+JTHJBiSv4SpcPMq/ZTsxju6BIxb+PVaRVthIGcgRrgSgjPyTQYuPzcw0Zi3
W3zfhlXCYngtumV9AM1uv5teiKlP9xOoeRD94HUABRG0KldpbGxpYW0gQS4gUm93
ZSwgSnIuIDx3cm93ZUByb3dlLWNsYW4ubmV0PokBFQMFEDnhOVv3E6h5EP3gdQEB
jLMH+QF/daZ3aqh2/EtFuIOMNUQw+sF4mxgp7HQvhvwgfbOzT3uczqgtLlVd/a4r
cPd6LxD4j7HdNXCJaOn3ANgaZkqUyNOMyS5Z3Fiyjq8o1t4lFcFo6Vk5Y24G78On
Z19Dvw/KayiYFcVVoEJX9WssFmq6VwKJyx68pg2tMfDKiCOG2tZ+LWZnsQd60ceB
p3MyKKAHMQQu3B2mo0xm603JeobTxBydxrJ7b9LXYAcqcm7CdJ3ELutUQr7oQu/b
cDhnphdlEjqZqWDQ6I06lxU9MSxdO1hpM0bShzmXZwKXClDP3w0+2DG/Udy2Qj/6
F7RUNmUkBfiC5HQEb8seFF18pja0EHdyb3dlQGFwYWNoZS5vcmeJARUDBRA54Twh
9xOoeRD94HUBAR68CACL2MB+LvmGljFOSeJXp+jnHsW117bORlnicyjbi8ySIRA5
xIa/z8isBgVY6tQ9EHA9M8f0DNxIiWtb2UBgSoo6ez/VC9rpp1TcQn/9BjXXPNpP
cASn+uC50giwhR4aKwmAY5tLPWU605/oAd012F9HoZXVIouHmGuxTYaL/FW85Quf
2+FcZ7jZX7w550I/031SDEAiC+PGIgUL+Px5kkHl2CGVyS0yz9m+ixTrIXjjLNy+
Tm1/bkxIkaWeQhO44Gfd/1FOhaRcONGOxNdl+EWNg3/ZkacJKzWIke4TtRa+ovip
yMjeTNotxPjJVa7C8LXgnktqDh8pbCJpBDs7xUZxtA13cm93ZUBsbmQuY29tiQEV
AwUQOeE8RPcTqHkQ/eB1AQHjrgf/dtXuLwcUz3unBUeRJwScX03q1UpLVRlap/9N
D1WI5WdtRCBdgBv/KNM5yD1wcVHBgv60Yv6xfm57J3+D9azw/MDBKXeltTDgUM1c
0N9w2OWuAwWpLSsCtOrxGbiW0wkyx+9U11YK+EsK40xSxlJzBwdcZzOuty2y/35y
y6TmNUbO/XU1LLkm5AoGJwOHV8B5c04VhkqcHNHRMMG3TTs3oLP70ldHtn5OhyQd
rZ3zmLJsrzx05S6HGonKv/yOFpdwsdqLq7hduNTf5zU1zFNdnpvRtXE7tuNbYqXZ
V180pYUIaKismO9qkaWINR3gNfBpiIxNm3ilhOBr+yKpTVNZaLQSd3Jvd2VAY292
YWxlbnQubmV0iQEVAwUQOeE+rPcTqHkQ/eB1AQFpfgf/T23qlkH//oxtKHZPeZyo
bAy4jury203tMp+2uvcUJ3WrAOZ4ci17nIB0WwQSNpHd0YMEx37jrpqrx1cgfUQW
5bf9zPY2go9mCvqBEXkxeaG/uLBoifxdAlxT5jBI7CycI5rGmu3nq9ZfdtmxM9Xz
JzOJX8Y0b+nM4BMtG1B5P0fAHryS4wSEHZNbEX/twp8aE4bK9+9sWQxJESfcgAVQ
mYNNTI9ibexdCcWLlu0kCjmOs1CG/jAjxPMgkYQ3IXhVuwKE+agRQOv2LCUgC+tB
dH7qif8zXKR4td/wEgwcxzCJCril5zmVZhhsRMPC2Hf3f9bAMGTUM568+aKglxGg
RQ==
=0+H3
-----END PGP PUBLIC KEY BLOCK-----
Type bits keyID Date User ID
RSA 2048 0xB96CD0C7 2001/01/04 *** DEFAULT SIGNING KEY ***
Bill Stoddard <bi...@wstoddard.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.8
mQENAzpT47cAAAEIALLL4JXm/9vHTouYSWrdDvAvNNxa6UwOZ1Sp6urCgGtuRLz3
ysFFY4hlfIhSUvMdBuLMY5X73Tzg0+LpzCBuvRHasSUWO/5UMlTdS4LnI6oIS+7T
Nc//iwPQaH+P3CU2QScftyI0kS6kxr49Ejf4UZrJwMXsgvk+oDzRIdx1X8F4A5oW
oAUl2njrqVodbO9nPifBPlooHg84Cm3r1xgMK8OPPSEiVnmypmwTXE0fMsxAmW/6
AqPf6x54tKmAyFY6UWM1bX/XhjVlwUu0Ax7ndBTKgw2ZCZA3TY3GQTPNbiK7eOpr
PUYN69EIKwtyFZHDSalkVpaZB44/nZygsbls0McABRG0IkJpbGwgU3RvZGRhcmQg
PGJpbGxAd3N0b2RkYXJkLmNvbT6JARUDBRA6U+O3nZygsbls0McBAazZCACW0+ss
3zAcpJNVI8rBZGwRSCEHW+NVRCQvrT4WiXQmb0fcTMJD8WD7kkMrYxaDuRzx4Iqr
nwdTqzc0MieM8j0lqa7zaoncxYFh/iLeeZKvK1988UIrVmFDslRQpnzeSXLjUWnF
1JYsS9+sYt8NBJGSIGXALji8QwcjpjRagzNjyO9YEs3TkGqdNslTQo1LJ2ZNIH6T
aIWoTdnoU9WUUldsSQEbYB6JNNP67eiFTRZZnKradoQ0PVBXtYZAw1zOp5y/xPH+
72vhKLk7+Tt3zaV/SmoB52ssE7AXazdQtHfH3N5XXtZJvjIIf/Y/Svw+OaJ2nD3n
Jn3b7QtvWvkY2geD
=0D9G
-----END PGP PUBLIC KEY BLOCK-----
Type bits keyID Date User ID
RSA 2048 0x423FF2F1 2001/03/16 *** DEFAULT SIGNING KEY ***
Paul J. Reder <re...@raleigh.ibm.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.8
mQENAzqyerAAAAEIAMPeottLIzgSNklzro66gEnshbRLeb8MRwlivgOMxl5MgDpx
sH44MPaYKaB1owFQdVSSA+k8ARrxSbki46mQvK53+t1yUeVtaPu85GBta4Q2paXJ
+2/JVB83Qt8ZdkR7bA3Rxet+Poye4wqZcNQW271FS+sUkTvhAF6nb+5nWFNyKkTe
ApG9eudukksFd4Uh6ekMjpOX0HPUXoyzf7CmwSERZIny+qwK0dkKkr6qKvZZOEXu
wjnFgQoqcj242usLpGUfrGZCDQsOheGmaWH+RxrmccOqqqfmjo/EoHNjmEvfRSDP
Mviq9p574VRsKdt3smkyo63DcaguX/FV7EI/8vEABRG0J1BhdWwgSi4gUmVkZXIg
PHJlZGVycGpAcmFsZWlnaC5pYm0uY29tPokBFQMFEDqyerBf8VXsQj/y8QEBX5AH
/iGMf93L2+1NP2MHZzuggQrcRcf7fkOdVRfx0GcMUFuet4G/0Qg/NKy24J2xMVLI
E03//bn99c47BmGWlSrsuKM3nHXDtLHfmX9ajWB2x5TGLsQqCubfvGyxviFKyUKr
tVLrvOmfiOGZkbRjD1r1mjNKWONKgUcjgFmSqsZPnZsclNjOMnqENVwOtSS14r0K
YMquMP/sk7xDNZlRVUPEVn2TlLSBJp0NiAzwzbafbszX6xHLRJzE23hCGjl0ZnX+
zkBusLpUGkuRkK6phJO6pg0E41D5QRnts3pHaDQ4EI6jEnWwlIsavrHh0mAw6ocf
oO+6PlKrPkqjgRSHYewLqnU=
=WB/Q
-----END PGP PUBLIC KEY BLOCK-----
Type bits keyID Date User ID
DSS 1024 0xB0D5F771 2001/07/24 *** DEFAULT SIGNING KEY ***
Cliff Woolley <jw...@virginia.edu>
Key fingerprint = 3D E0 24 AF DA 7A 4B 15
CB 6C 14 41 0F 81 AA 8A
B0 D5 F7 71
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.8
mQGiBDteBSwRBADAFBGWcqz40R9Ne7jX6zyk1XMqVsab4LNZMzd67n9J/Qni34Wq
5ZMHKUUqMYgIgKjUB4J7J56XVoPEujGBxG7kb5HOi4Vt8C8jg3FF551yM2WgamVT
cvEKwHeltYeIyYdq4DLCBt5GENA+/amakMS8LiHWPSz9+/RLzOUJABLuuQCg/y5p
WzAw0lIO0OoFz2U1RLQ+RZkEAL33hMq4C9yfGsEKkSp7od8koJ7Uw6SvZEbRLaiv
pxjDCeqM0Kd4CNyVgprdnnYmMxtsQQ8B1Hu9NE4///h1Gk1LWZnXw1/aTbZZKL21
JPqkxdjRnqAztOuFo5pO0+EGG6Tg9euTjr4rZ9VhAYaO53Yhv+uDDaVB14HXtMMl
bw+1BACNRHYjHxJPrRTF4u8lwgEsUC15hPUQZyqCOtYrWcu/FcfEluduA9E/7OTj
+DblPWViPLb3+9ojjwA9A3MRFA80nJTMbloSdNsTvMq+UFmk2MkKS7qsAMjLRC9P
nbHA5tzzHuVscDZDLp7otIKaAGAqrxLXPc0DMM0JB6WG0A5N2bQlQ2xpZmYgV29v
bGxleSA8andvb2xsZXlAdmlyZ2luaWEuZWR1PokATgQQEQIADgUCO14FLAQLAwEC
AhkBAAoJEA+Bqoqw1fdxNb4AoNLFL4QgmbCEZhyVk1PwtC4oqmujAKCjymGdDhbi
SruZ7t/Qo0bvGpDa3A==
=4uWN
-----END PGP PUBLIC KEY BLOCK-----
Type Bits/KeyID Date User ID
pub 1024D/6D791A41 2001-10-26 Greg Ames <gr...@apache.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
mQGiBDvZp3cRBACm75cSDrKQCCGZIv8QL/AvcNMidSpnuZn1Huvxq28bgl1eh3br
2JHBb8CYh1ijUNk9EQeB/fl6go8NiuWeLLVZkJGnqQRZSVGe+ukpZFLPFGb3mgGS
lBmO/88gQ3gld5Cfumy7VRmMA3EtLCQlI25h74RcPIw5Gzil7pSj9N4JywCgsLDR
olk/+Y4kTdHW1PTt0YbBETED+waq/aICopOLAtEC8W/G2uexi/m+FPXWwM80Mkxh
K+2tjZX9oxzQQ+/GDeFId3q5NbSndscAFMq57ZI9/daenkdGLQqG8gaO0Hto24dG
YNft/w92i5beYG0CPJoIFspCY46GeYaV0HoKaRkLVfcxXqN9UKvKmH18HhO6GO27
idRMA/4l24wu/Qbp20PvEKTEAsPWQSfUjtbMECUdpmzC3/ZG6SWO1cICV/b+QlSC
p5agjTesvno7GJC5IVs09RAkW6NmX4wVLY1LROPIzCriJKoKfgEeJcEqXPZu8q2R
S3U2UPe0PEzzHjdWZlwps+iSr1qafaxRfZsnUXMU8X5KsV6GFbQfR3JlZyBBbWVz
IDxncmVnYW1lc0BhcGFjaGUub3JnPohdBBMRAgAdBQI72ad3BQkSzAMABQsHCgME
AxUDAgMWAgECF4AACgkQYF4WWm15GkGFuwCfaWyKPP8/CtIqgZkIBxUB4QqYwiMA
niSB7MFpia1iTSSLg7e9dum5wrasuQENBDvZp4UQBACBHtkysTqPXCHqzsr75CSL
7SbdmLQQamlMxw0crksTfDZyPIr6AVfZcojd+EHO/6bHU270FxuIwfR5n2NejIIx
oZzjkTJ/TAa2r5qFy1XoUMnodF4qSNPq/JTajIaHXTSgNtPfuw098h3ommZ8XGSh
OMEovonFFjNNXYCHeY5EBwAECwP+OJdDyBkt9r4Zr/5mbhsQJ78TlKhDpDy094zW
/pHgULSEsVKbGbRGcDLYnTZ8Hjs7pCuyGy7uaCuWArRrnAzP40LNHEao7svl1VmR
wZFsisZ10D5kRB8MRVh7ckdOqxq/lSC8AfMBaTmN81Z2ljMWQ7SEvdCGq5OU2wn7
O59wAOmITAQYEQIADAUCO9mnhQUJEswDAAAKCRBgXhZabXkaQSHkAKCUveQ2Ews0
yTd8V9Co3kVUq0E02QCfccreS0fXB9D57p8qPvXRWvJGiRs=
=SVx5
-----END PGP PUBLIC KEY BLOCK-----
1.1 httpd-site/xdocs/dev/dist/README.html
Index: README.html
===================================================================
<H3>
Please use the latest <A HREF="http://httpd.apache.org/">released version</A> to avoid disappointment.
</H3>
1.1 httpd-site/xdocs/dev/private/.cvsignore
Index: .cvsignore
===================================================================
bugdb.cgi
1.1 httpd-site/xdocs/dev/private/bugdb-todo.txt
Index: bugdb-todo.txt
===================================================================
1) Allow editing of priority in edit-pr interface
2) Sort bugs in viewing interface by priority, state, or category.
1.1 httpd-site/xdocs/dev/private/test/works
Index: works
===================================================================
it works!
1.1 httpd-site/xdocs/info/aol-http.html
Index: aol-http.html
===================================================================
<HTML><HEAD>
<TITLE>AOL Rewrites the HTTP Specs</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<DIV ALIGN="CENTER">
<IMG
SRC="../images/apache_sub.gif"
ALT="[APACHE DOCUMENTATION]"
>
</DIV>
<H1 ALIGN="CENTER">AOL Rewrites the HTTP Specs</H1>
<EM>Note: As of 25/12/96 AOL has reversed their decision and the problem appears to be resolved.</EM><P>
<ADDRESS>Written by <A HREF="../contributors/#terbush">Randy
Terbush</A>, <A HREF="mailto:ed@organic.com">Ed Korthof</A>, and <A
HREF="../contributors/#behlendorf">Brian Behlendorf</A></ADDRESS>
<HR>
<P><EM>Shortcut to: <A HREF="#bigdeal">What's the Big Deal?</A></EM>
<P>After battling with AOL's decision to dictate their interpretation
of the <A
HREF="ftp://ietf.org/internet-drafts/draft-ietf-http-v11-spec-07.txt">HTTP/1.1
spec</A>, we have these findings to share with the public.
<P>This past Sunday (15/12/1996), AOL appeared to have "upgraded" their proxy
software. As the upgrade progressed, it became apparent that the new AOL
proxy software refused to communicate with webservers sending HTTP/1.1
response headers, and answered their customer's request with the
following message:
<PRE>
<H1>UNSUPPORTED WEB VERSION</H1>
<H2>The Web address you requested is not available in a version supported
by AOL. This is an issue with the Web site, and not with AOL. The owner
of this site is using an unsupported HTTP language. If you receive this
message frequently, you may want to set your web graphics preferences to
COMPRESSED at Keyword: PREFERENCES</H2>
</PRE>
<P>As near as we can tell, the proxy address is hardcoded into the AOL
browsers, and at first this changed seemed to only affect Win95
versions of the AOL browser. However, after a couple days of work, AOL
seems to have progressed further with their upgrade and the results
now seem to affect every platform and version of the AOL browsers.
Netscape and MSIE used over AOL connections appear to work fine,
probably since they are not configured (by default) to use the AOL
proxy servers.
<P>Since many Apache group members provide services to clients whose
content must be servable to AOL users, several of us had to take some
action with our Apache 1.2 servers and implement a <A
HREF="../docs/mod/mod_browser.html">BrowserMatch</A> change that is at
this time handling the AOL requests by sending an HTTP/1.0 response
header. AOL appeared yesterday to still be holding in cache the failure
message above for failed attempts made since the Sunday deployment of the
proxy upgrade. It appears that this morning most of these messages
have expired on previously failed connections.
<P>We can confirm that the problem is the HTTP/1.1 response header and
nothing else. Other Apache 1.2 servers that we are running, which don't
care if AOL ever sees them, are still responding with HTTP/1.1 responses
and are unreachable from AOL browsers. One of these is the <A
HREF="http://www.apache.org">Apache web site itself.</A>
<P>AOL's response has been as follows:
<PRE>
> ---------------- Begin Forwarded Message ----------------
> This message comes from sites that do not issue explicit HTTP/1.0
> responses to HTTP/1.0 requests. In the past we've had problems with
> sites returning HTTP/0.9 responses and only the "compressed" side was
> able to filter them out (issuing "cannot retreive..." messages. Now
> those sites can be caught on both compressed and uncompressed sides of
> the house.
>
> However, a new problem was emerging on the horizon. New HTTP/1.1 web
> servers are starting to generate HTTP/1.1 responses to HTTP/1.0 requests
> when they should be generating only HTTP/1.0 responses. We wanted to
> stem the tide of those faults proliferating and becoming a de facto
> standard by blocking them now. Hopefully the authors of those web
> servers will change their software to only generate HTTP/1.1 responses
> when an HTTP/1.1 request is submitted.
> ----------------- End Forwarded Message -----------------
</PRE>
<P>This is completely incorrect: the HTTP spec states that
minor-version-number revisions are backwards compatible, that giving a
1.1 response to a 1.0 client is completely acceptable, since the changes
made are additive in nature. Section 3.1 of the <A
HREF="ftp://ietf.org/internet-drafts/draft-ietf-http-v11-spec-07.txt">HTTP
specification</A> states:
<BLOCKQUOTE> The <minor> number is incremented when the changes
made to the protocol add features which do not change the general message
parsing algorithm, but which may add to the message semantics and imply
additional capabilities of the sender. The <major> number is
incremented when the format of a message within the protocol is changed.
</BLOCKQUOTE>
<P>Even if the developers of the AOL proxy were unaware of HTTP/1.1, the <A
HREF="http://ds.internic.net/rfc/rfc1945.txt">HTTP/1.0 specification</A>
states exactly the same thing, section 3.1. In order for their proxy to
be <STRONG>minimally compliant with HTTP/1.0</STRONG>, they must allow the behavior
Apache is showing.
<P><HR>
<P><STRONG><A NAME="bigdeal">What's the big deal?</A>
The big deal is that if HTTP/1.1 servers had to
pretend to be broken for HTTP/1.0 clients, the rate of graceful technological
evolution of the web would slow, and the much-much-needed improvements in HTTP/1.1
would be delayed. But an even bigger deal is that we have a large
company which is publicly snubbing <A
HREF="http://www.ietf.org/">consensus-developed Internet standards</A>
- a process they have been <A
HREF="http://www.w3.org/pub/WWW/Consortium/Member/List.html">a party
to</A>, so they have no excuse for ignorance. If a large company can
single-handedly prevent interoperability between their software (used
by 8 million people on a daily basis) and <A
HREF="http://www.netcraft.com/Survey/Changes/ALL/">the most widely used
web server in the world</A>, what hope do public Internet standards
have?</STRONG>
<P><HR>
<P>Some more thoughts on the subject:
<P>First, we should emphasize that responding with an HTTP/1.1 version identifier
does not mean that the message header will use HTTP/1.1 features. This is in
the specification; the version identifier is designed to identify the
capabilities of the server. When Apache sends a response to an HTTP/1.0
request, it responds with a valid HTTP/1.0 response -- the only thing which
might be surprising to an HTTP/1.0 client is the version identifier.
<P>Both HTTP/1.0 and HTTP/1.1 specifications describe the version identifier in
the following way: "...The protocol versioning policy is intended to allow the
sender to indicate the format of a message and its capacity for understanding
further HTTP communication, rather than the features obtained via that
communication..."
<P>Further, the specification for both requires that an HTTP/1.1
message (either the client's or the server's) must be comprehensible
to an HTTP/1.0 client or server. So what we're looking at isn't
whether or not we should send comprehensible responses, but whether or
not we should tell the remote server what version of HTTP we're
capable of speaking.
<P>Sending a version number which indicates the capabilities of the sender
provides another opportunity to negotiate a transition from HTTP/1.0 to
HTTP/1.1, for HTTP/1.1-capable clients. It also correctly identifies the
version of HTTP which the server uses.
<P>We could also partition the logic so that only clients ever initiate a
transition from HTTP/1.0 to HTTP/1.1, but that creates an equally large
possibility for failure, namely that HTTP/1.0 servers will reject such
requests. Along those lines, it is worth noting that this 'problem' started
several days after releasing Apache 1.2b2, when AOL decided to start dropping
HTTP/1.1 responses -- not because there they caused any problems, but rather
because someone (or some people) decided it was appropriate.
<P>It would be preferable to have either client or server be able to offer a
transition to another protocol.
<P><HR>
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/apache_books.html
Index: apache_books.html
===================================================================
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Books written about Apache</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<DIV ALIGN="CENTER">
<IMG
SRC="../images/apache_sub.gif"
ALT="[APACHE BOOKS]"
>
</DIV>
<H1 ALIGN="CENTER">Books written about Apache</H1>
<P>This is a list of all known books about Apache sorted by the year when
they where published and in alphabetical order.</P>
<HR>
<H2>2001</H2>
<UL>
<LI>
<DL>
<DT><A HREF="http://vig.pearsoned.com/store/product/0,,store-562_banner-0_isbn-0130898732,00.html"
><STRONG>Apache Web Server Administration and e-Commerce Handbook</STRONG></A>
</DT>
<DD>Author: Scott Hawkins
<BR>
Published by: Prentice Hall PTR
<BR>
ISBN: 0-13-089873-2
<BR>
Language: English
</DD>
</DL>
</LI>
</UL>
<H2>2000</H2>
<UL>
<LI>
<DL>
<DT><A HREF="http://www.administeringapache.com/"
><STRONG>Administering Apache</STRONG></A>
</DT>
<DD>Author: Mark A. Arnold, Jeff Ameida, Clint LeMon Miller III, James D. Sheetz, Gwen R. Rhine
<BR>
Published by: McGraw-Hill
<BR>
ISBN: 0072122919
<BR>
Language: English
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A HREF="http://www.oreilly.com/catalog/apachepr/"
><STRONG>Apache Pocket Reference</STRONG></A>
</DT>
<DD>Author: Andrew Ford
<BR>
Published by: O'Reilly & Associates
<BR>
ISBN: 1-56592-706-0
<BR>
Language: English
</DD>
</DL>
</LI>
<li>
<dl>
<dt><a href="http://ApacheUnleashed.Com/"
><b>Apache Server Unleashed</b></a>
</dt>
<dd>Author: Rich Bowen, Ken Coar, Patrik Grip-Jansson, Slava Kozlov,
Didimo Emilio Grimaldo Tuñon, Matthew Marlowe
<br>
Published by: Sams Publishing
<br>
ISBN: 0-672-31808-3
<br>
Language: English
<br>
Note: includes CD-ROM
</dd>
</dl>
</li>
<LI>
<DL>
<DT><A HREF="http://www.mitp.de/linux/0612/0612.html"
><STRONG>Apache Web-Server</STRONG></A> - 3<SUP>rd</SUP> Edition
</DT>
<DD>Author: Lars Eilebrecht
<BR>
Published by: MITP-Verlag GmbH, Germany
<BR>
ISBN: 3-8266-0612-4
<BR>
Language: German
<BR>
Note: includes CD-ROM, expanded and upated edition
</DD>
</DL>
</LI>
</UL>
<H2>1999</H2>
<UL>
<LI>
<DL>
<DT><A HREF="http://www.oreilly.de/catalog/apacheger/"
><STRONG>Apache: Das umfassende Referenzwerk.</STRONG></A>
</DT>
<DD>Author: Ben Laurie, Peter Laurie
<BR>
Published by: O'Reilly and Associates, Germany
<BR>
ISBN: 3-89721-127-0
<BR>
Language: German
<BR>
Note: Includes CD-ROM
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A href="http://www.refcards.com/about/apache.html"
><STRONG>Apache Quick Reference Card</STRONG></A>
</DT>
<DD>Author: Andrew Ford
<BR>
Published by: Ford & Mason Ltd
<BR>
ISBN: 0-9534897-0-1
<BR>
Language: English
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A HREF="http://isbn.nu/0764533061"
><STRONG>Apache Server Administrators Handbook</STRONG></A>
</DT>
<DD>Author: Mohammed J. Kabir
<BR>
Published by: IDG Books Worldwide
<BR>
ISBN: 0-7645-3306-1
<BR>
Language: English
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A href="http://www.coriolis.com/bookstore/bookdetail.cfm?id=1576104680"
><STRONG>Apache Server Commentary</STRONG></A>
</DT>
<DD>Author: Greg Holden, Matthew Keller, and Nick Wells
<BR>
Published by: The Coriolis Group
<BR>
ISBN: 1-57610-468-0
<BR>
Language: English
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A href="http://www.coriolis.com/bookstore/bookdetail.cfm?id=1576103919"
><STRONG>Apache Server for Windows Little Black Book</STRONG></A>
</DT>
<DD>Author: Greg Holden with Matthew Keller
<BR>
Published by: The Coriolis Group
<BR>
ISBN: 1-57610-391-9
<BR>
Language: English
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A HREF="http://www.oreilly.com/catalog/apache2/index.html">
<STRONG>Apache: The Definitive Guide, 2nd Edition</STRONG></A></DT>
<DD>Author: Ben Laurie, Peter Laurie
<BR>
Published by: O'Reilly and Associates
<BR>
ISBN: 1-56592-528-9
<BR>
Language: English
<BR>
Note: Includes CD-ROM
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A HREF="http://www.mitp.de/linux/0554/0554.htm"
><STRONG>Die Apache Administration Bibel</STRONG></A></DT>
<DD>Author: Mohammed J. Kabir
<BR>
Published by: MITP-Verlag GmbH, Germany
<BR>
ISBN: 3-8266-0554-3
<BR>
Language: German
<BR>
Note: Includes CD-ROM
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A HREF="http://www.wrox.com/Consumer/Store/Details.asp?ISBN=1861003021"
><STRONG>Professional Apache</STRONG></A></DT>
<DD>Author: Peter Wainwright, Lars Eilebrecht, Ari Halberstadt, Brian Moon
<BR>
Published by: Wrox Press Ltd.
<BR>
ISBN: 1-861003-02-1
<BR>
Language: English
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A HREF="http://www.dpunkt.de/webserver_betreiben/"
><STRONG>Webserver betreiben</STRONG></A> -- HTTP und Apache
</DT>
<DD>Author: Jacob Schröder, Martin Müller
<BR>
Published by: dpunkt Verlag, Heidelberg, Germany
<BR>
ISBN: 3-932588-00-2
<BR>
Language: German
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A HREF="http://www.oreilly.com/catalog/wrapmod/index.html">
<STRONG>Writing Apache Modules with Perl and C</STRONG></A></DT>
<DD>Author: Lincoln Stein & Doug MacEachern
<BR>
Published by: O'Reilly and Associates
<BR>
ISBN: 1-56592-567-X
<BR>
Language: English
<BR>
Note: <a href="http://www.apachemod.com/">companion site</a>
</DD>
</DL>
</LI>
</UL>
<HR>
<H2>1998</H2>
<UL>
<LI>
<DL>
<DT><A HREF="http://www.ascii.co.jp/books/detail/4-7561/4-7561-2024-5.html"
><STRONG>Apache</STRONG></A></DT>
<DD>Author: Youichirou Koga
<BR>
Published by: ASCII Corporation
<BR>
ISBN: 4-7561-2024-5
<BR>
Language: Japanese
<BR>
Note: includes CD-ROM
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A HREF="http://www.idgbooks.com/cgi/fill_out_template.pl?idgbook:0-7645-3218-9:book-idg"
><STRONG>Apache Server Bible</STRONG></A>
</DT>
<DD>Author: Mohammed J. Kabir
<BR>
Published by: IDG Books Worldwide
<BR>
ISBN: 0-7645-3218-9
<BR>
Language: English
<BR>
Note: includes CD-ROM
</DD>
</DL>
</LI>
<li>
<dl>
<dt><a href="http://Apache-Server.Com/"
><b>Apache Server for Dummies</b></a></dt>
<dd>Author: Ken Coar
<br>
Published by: IDG Books Worldwide
<br>
ISBN: 0-7645-0291-3
<br>
Language: English
<br>
Note: includes CD-ROM
</dd>
</dl>
</li>
<LI>
<DL>
<DT><A HREF="http://www.mitp.de/online/0438/0438.html"><STRONG>Apache Web-Server</STRONG></A>
- 2<SUP>nd</SUP> Edition
</DT>
<DD>Author: Lars Eilebrecht
<BR>
Published by: MITP-Verlag GmbH, Germany
<BR>
ISBN: 3-8266-0438-5
<BR>
Language: German
<BR>
Note: includes CD-ROM, expanded and upated edition
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><STRONG>Der Apache Webserver</STRONG></DT>
<DD>Author: Stephan Ro�bach
<BR>
Published by: Addison-Wesley
<BR>
ISBN: 3-8273-1328-7
<BR>
Language: German
<BR>
Note: Includes CD-ROM
</DD>
</DL>
</LI>
</UL>
<HR>
<H2>1997</H2>
<UL>
<LI>
<DL>
<DT><A HREF="http://www.oreilly.com/catalog/apache/"
><STRONG>Apache: The Definitive Guide</STRONG></A>
</DT>
<DD>Authors: Ben Laurie, Peter Laurie
<BR>
Published by: O'Reilly & Associates
<BR>
ISBN: 1-56592-250-6
<BR>
Language: English
<BR>
Note: No longer in print.
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A HREF="http://www.itp.de/online/0347/0347.html"
><STRONG>Apache Web-Server</STRONG></A>
- 1<SUP>st</SUP> Edition
</DT>
<DD>Author: Lars Eilebrecht
<BR>
Published by: International Thomson Publishing
<BR>
ISBN: 3-8266-0347-8
<BR>
Language: German
<BR>
Note: includes CD-ROM, (<EM>sold out</EM>)
</DD>
</DL>
</LI>
</UL>
<HR>
<H2>1996</H2>
<UL>
<LI>
<DL>
<DT><STRONG>Running a Perfect Web Site With Apache</STRONG>
</DT>
<DD>Authors: Brian Behlendorf, David M. Chandler, Lee Brintle, Rich
Casselberry
<BR>
Published by: Que Education & Training
<BR>
ISBN: 0-7897-0745-4
<BR>
Language: English
<BR>
Note: includes CD-ROM
</DD>
</DL>
</LI>
<LI>
<DL>
<DT><A HREF="http://merchant.superlibrary.com:8000/catalog/hg/PRODUCT/PAGE/15752/bud/1575211750.html"
><STRONG>Apache Server Survival Guide</STRONG></A>
</DT>
<DD>Author: Manuel Alberto Ricart
<BR>
Published by: Sams
<BR>
ISBN: 1-5752-1175-0
<BR>
Language: English
<BR>
Note: includes CD-ROM
</DD>
</DL>
</LI>
</UL>
<HR>
<P>Send additions to <A HREF="mailto:lars@apache.org">Lars Eilebrecht</A>.</P>
<HR>
<P ALIGN="CENTER">
<A HREF="/"><IMG SRC="../images/apache_home.gif" ALT="Home"></A>
</P>
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/apache_nt.html
Index: apache_nt.html
===================================================================
<HTML><HEAD>
<TITLE>Status of Apache on Windows NT</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<DIV ALIGN="CENTER">
<IMG
SRC="../images/apache_sub.gif"
ALT="[APACHE DOCUMENTATION]"
>
</DIV>
<H1 ALIGN="CENTER">What's the Status of Apache on Windows NT?</H1>
<EM>May 31st, 1998</EM><P>
Beta versions of Apache 1.3 are available for Windows NT in source
form and as a easy-to-install binary for Windows NT.
A separate document describes
<a href="../docs/windows.html">how to install, configure and run Apache 1.3b6 (or later) under Microsoft Windows.</a>
<p>
<EM>August 11th, 1997</EM><P>
The next non-maintenance release of Apache will be version 1.3. This
will work on Windows NT and Windows 95. Apache 1.3 is currently in
alpha testing and available <EM>only</EM> as source. When it is released
it will be distributed as a real Windows application, precompiled and
with an easy install procedure.
<P>
In addition to the new features in 1.3 common to both Unix and Windows, the
Windows version will add the following Windows-specific capabilities:
<UL>
<LI>Proper Windows-style install procedure with pre-compiled binaries
</LI>
<LI>Ability to run ISAPI server extensions (apart from filters)
</LI>
<LI>Use of multithreading on Windows
</LI>
<LI>Ability to load modules as "dll" files specified in the configuration
files at runtime. So there will be no need to recompiled Apache
to add modules.
</LI>
</UL>
<EM>December 22nd, 1996</EM>
<P>Apache has been ported to a very wide array of Unix boxes - in fact,
we're not aware of any Unix boxes which Apache <EM>can't</EM> run on.
This has been possible by making conservative architecture decisions,
by modularizing the code as much as possible, and sticking to POSIX
and ANSI wherever possible (and functional).
<P>However, due to the code's legacy, and use of metaphors and systems
which are Unix-specific (such as, having multiple processes all
accept()ing connections to the same port), the road to porting to
Windows NT has not been a pretty one. Several attempts have been
made, both by Apache Group members and outside folks, but due to a
lack of stability and a clear consensus on how to manage a true
cross-platform development project, NT is not yet a standard platform
supported by Apache.
<P>This could change - in fact, our current plan for Apache 2.0 is to
include compatibility with Windows NT, as well as other design changes
to enable other ports to other platforms as well. As well as Windows
NT, we are considering versions of Apache that run on the MacOS and
others.
<P>When will 2.0 come out? Not for a while yet - 1.2 is on its way to
being finalized, and while 2.0 work has begun it'll be awhile before
it's got all the features in 1.2, since we're working with a
significantly revamped code base to allow for multithreading. But
sometime in the first half of 1997, we hope - we have test versions of
it running already.
<P>In the meantime, folks interested in working on an NT port can send
mail to apache@apache.org - when 2.0 work begins in earnest we'll
probably start an NT-specific list to address porting issues.
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/apache_on_linux.html
Index: apache_on_linux.html
===================================================================
<HTML>
<HEAD>
<TITLE>Configuring linux to run Apache 0.8 +</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<DIV ALIGN="CENTER">
<IMG
SRC="../images/apache_sub.gif"
ALT="[APACHE DOCUMENTATION]"
>
</DIV>
<H3>Warning: this document has been unmaintained for a very long time.</H3>
<P>
<H1 ALIGN="CENTER">Configuring linux to run Apache 0.8 + with virtual hosts</H1>
<P>Some advice on configuring Linux so that it can run <A HREF="/">Apache</A>
and <A HREF="../docs/vhosts/">virtual hosts</A></P>
<OL>
<LI>You'll need linux kernel <STRONG>1.2.x</STRONG> ( >=5 recommended) and compile with the following options:
<PRE>
CONFIG_MODVERSIONS=y
CONFIG_NETDEVICES=y
# CONFIG_DUMMY is not set ( say no when configuring )</PRE>
<BR><BR></LI>
<LI>make dep ; make zImage ; make modules ; make modules_install<BR><BR></LI>
<LI>cp /usr/src/linux/arch/i386/boot/zImage /vmlinuz<BR><BR></LI>
<LI>rdev -R /vmlinuz 1 ; lilo<BR><BR></LI>
<LI>reboot system <BR><BR></LI>
<LI>insmod -o dummy0 /lib/modules/1.2.x/net/dummy.o<BR><BR></LI>
<LI>ifconfig dummy0 200.200.200.50 up<BR>
NOTE: Make sure the IP address you choice is a valid one,
and not being used.
<BR><BR></LI>
<LI>arp -s <ethernet address> 200.200.200.50 netmask 255.255.255.255 pub<BR>
NOTE: the ethernet address of your ethernet card can be found if you
type ifconfig eth0. First line, there are 6 hex numbers sepearted by
':'. Use that.
<BR><BR></LI>
<LI>route add 200.200.200.50 dummy0<BR><BR></LI>
<LI>Add <virtual host 200.200.200.50> ..... < /virtualhost> to your httpd.conf file.<BR><BR></LI>
<LI>Add 200.200.200.50 to your /etc/hosts or DNS database files.<BR><BR></LI>
<LI>Repeat from <STRONG>Step 1.</STRONG> with dummy1 if so desired.<BR><BR></LI>
</OL>
<P>Good luck.</P>
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/apache_users.html
Index: apache_users.html
===================================================================
<HTML>
<HEAD>
<TITLE>Users of Apache</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<DIV ALIGN="CENTER">
<IMG
SRC="../images/apache_sub.gif"
ALT="[APACHE DOCUMENTATION]"
>
</DIV>
<H1 ALIGN="CENTER">
The<BR>"Proud to run <A HREF="/">Apache</A>"<BR>list</H1>
<P>
This is a list of sites that <STRONG>asked</STRONG> to be recorded
as running Apache.
</P>
<P>
The list represents only a small fraction of the total number of sites
that run Apache. See the link(s) at the bottom of this page for pointers
to much larger lists.
</P>
<DL>
<DT><A HREF="http://www.apache.org/">The Apache Project</A></DT>
<DD>The developers trust it :-)</DD>
<HR WIDTH="20%">
<HR><P>
<STRONG>
<A HREF="#ahook">A</A> | <A HREF="#bhook">B</A> | <A HREF="#chook">C</A> | <A HREF="#dhook">D</A> | <A HREF="#ehook">E</A> | <A HREF="#fhook">F</A> | <A HREF="#ghook">G</A> | <A HREF="#hhook">H</A> | <A HREF="#ihook">I</A> | <A HREF="#jhook">J</A> | <A HREF="#khook">K</A> | <A HREF="#lhook">L</A> | <A HREF="#mhook">M</A> | <A HREF="#nhook">N</A> | <A HREF="#ohook">O</A> | <A HREF="#phook">P</A> | <A HREF="#qhook">Q</A> | <A HREF="#rhook">R</A> | <A HREF="#shook">S</A> | <A HREF="#thook">T</A> | <A HREF="#uhook">U</A> | <A HREF="#vhook">V</A> | <A HREF="#whook">W</A> | <A HREF="#xhook">X</A> | <A HREF="#yhook">Y</A> | <A HREF="#zhook">Z</A>
</STRONG>
<P><HR>
<P><DT><STRONG>A...</STRONG></DT>
<A NAME="ahook"></A>
<DT><A HREF="http://www.abast.es/">Abast Systems, S.A.</A></DT>
<DD>An HP service provider at Barcelona</DD>
<DT><A HREF="http://www.achilles.net/">Achilles Internet Ltd.</A></DT>
<DD>Internet Service and Presence Provider in Ottawa, Ontario, Canada.</DD>
<DT><A HREF="http://www.adnet.ie/">Adnet - Ireland's Interactive Resource Directory</A></DT>
<DD>Fred Hanna's Bookstore, U2 Interview, Knickerbox Lingerie, the Explorer magazine, and much more...</DD>
<DT><A HREF="http://www.adsweb.com/">ADSweb</A></DT>
<DD>A webspace provider in St. Louis, MO</DD>
<DT><A HREF="http://www.advcs.com/">Advanced Computing Solutions</A></DT>
<DD>The best prices on software, hardware and related accessories on the 'Net!</DD>
<DT><A HREF="http://nz.com/">Akiko International</A></DT>
<DD>New Zealand on the Web</DD>
<DT><A HREF="http://ugweb.cs.ualberta.ca">University of Alberta Computing Science</A></DT>
<DD>University of Alberta Undergraduate Computing Science Labs</DD>
<DT><A HREF="http://www.algonet.se">Algonet</A></DT>
<DD>Algonet - Your Internetsupplier in Sweden.</DD>
<DT><A HREF="http://www.aros.net/">ArosNet</A></DT>
<DD>An ISP in Salt Lake City, UT. Complete solutions for business.</DD>
<DT><A HREF="http://www.atlantic.com/">Atlantic Computing Technology Corporation</A></DT>
<DD>An Internet consulting firm in Connecticut</DD>
<DT><A HREF="http://www.nla.gov.au">National Library of Australia</A></DT>
<DT><A HREF="http://ftp.ua.pt/">University of Aveiro Software Archive</A></DT>
<DD>The biggest software archive in Portugal</DD>
<DT><A HREF="http://www.axxel.nl/">The Home of AXXEL.NL Internet</A></DT>
<DD>We trust the developers who trust Apache...:-)</DD>
<A NAME="bhook"></A>
<P><DT><STRONG>B...</STRONG></DT>
<DT><A HREF="http://www.bns.ee/">Baltic News Service</A></DT>
<DD>Newswire about Baltics</DD>
<DT><A HREF="http://www.blackhills.com/">Internet Services of the Black Hills</A></DT>
<DD>3 websites up, more to come ;-)</DD>
<DT><A HREF="http://www.bayscenes.com/">BayScenes</A></DT>
<DD>Unique products and services of Northern California</DD>
<DT><A HREF="http://BowlingGreen.KY.net/">Bowling Green, KY</A></DT>
<DD>Bowling Green's Internet presence (<A HREF="http://www.KY.net/kiwi/">KIWI</A>)</DD>
<DT><A HREF="http://www.telescope.org/">Bradford Robotic Telescope</A></DT>
<DD>An autonomous telescope controlled by the Web</DD>
<DT><A HREF="http://www.buzznet.com/">Buzznet</A></DT>
<DD>The cultural voice of the online generation</DD>
<A NAME="chook"></A>
<P><DT><STRONG>C...</STRONG></DT>
<DT><A HREF="http://www.epibiostat.ucsf.edu/">University of California San Francisco Department of Epidemiology and Biostatistics</A></DT>
<DD>Maintainers of the World Wide Web Virtual Library: Epidemiology Page</DD>
<DT><A HREF="http://ucsee.EECS.Berkeley.EDU/">University of California Society of Electrical Engineers</A></DT>
<DD>Student-run server at the University of California at Berkeley.</DD>
<DT><A HREF="http://www.caprica.com/">Caprica Internet Services</A></DT>
<DD>Southern California's Original Internet Provider!</DD>
<DT><A HREF="http://www.cm.cf.ac.uk/">Cardiff University Computer Science</A></DT>
<DD>Home for the Interenet Movie Database and more.</DD>
<DT><A HREF="http://www.careersite.com/">Virtual Resources' <EM>CareerSite</EM> employment service</A></DT>
<DD>Concept­based profile matching helps job hunters & human resources.</DD>
<DT><A HREF="http://www.cetlink.net/">CetLink.Net</A></DT>
<DD>South Carolina ISP and advanced networking services company.</DD>
<DT><A HREF="http://www.cistron.nl/">Cistron Internet Services</A></DT>
<DD>An independent Dutch Internet provider.</DD>
<DT><A HREF="http://www.cityline.it">CityLine</A></DT>
<DD>Internet business service in Brescia (Italy)</DD>
<DT><A HREF="http://www.dom.de/">DOM ->Cologne - where else?</A></DT>
<DD>The best smelling machine on the WEB 8-()</DD>
<DT><A HREF="http://www.cts.richmond.va.us/">Commonwealth Technical Services</A></DT>
<DD>Custom built computers, Web services, netowrking, etc...</DD>
<DT><A HREF="http://www.c2.org/">Community ConneXion</A></DT>
<DD>ISP in Berkeley, CA. Specializes in privacy.</DD>
<DT><A HREF="http://www.tcp.com/">The Commnet Projetc</A></DT>
<DD>Anime Archives, e-zines and personal web pages</DD>
<DT><A HREF="http://www.compusult.nf.ca/">Compusult Limited</A></DT>
<DD>Software Development and Systems Integration</DD>
<DT><A HREF="http://www.cdepot.net/">The Computer Depot</A></DT>
<DD>Amador County, California, Internet Provider</DD>
<DT><A HREF="http://www.cforc.com/">Computers For Christ</A></DT>
<DD>Christian Computer Ministry</DD>
<DT><A HREF="http://www.cst.com.au/">Creative Software Technologies</A></DT>
<DD>Videoconferencing and multimedia applications</DD>
<DT><A HREF="http://www.univ-rennes1.fr/">CRI Universite de Rennes 1 (France)</A></DT>
<DD>Many thanks to the APACHE team.</DD>
<DT><A HREF="http://cyberspc.mb.ca/">Cyberspace Online Information Services</A></DT>
<DD>ISP - Winnipeg, Manitoba, Canada</DD>
<A NAME="dhook"></A>
<P><DT><STRONG>D...</STRONG></DT>
<DT><A HREF="http://www.dal.net/">The DALnet IRC Network</A></DT>
<DD>Friendly, easy-to-use, secure, fun Internet communication.</DD>
<DT><A HREF="http://www.dataway.ch/">dataway</A></DT>
<DD>An Internet Service and WWW Provider in Winterthur, Switzerland.</DD>
<DT><A HREF="http://www.davidbowie.com/">David Bowie Outside</A></DT>
<DD>Tour info, sound samples, concepts and other happenings<DD>
<DT><A HREF="http://www.cardinal.wisc.edu/">The Digital Cardinal at the
UW-Madison</A></DT>
<DD>The UW-Madison's student newspaper</DD>
<DT><A HREF="http://www.digimark.net/">Digital Marketing, Inc.</A></DT>
<DD>Comprehensive Internet Presence Services.</DD>
<DT><A HREF="http://www.reflections.com.au">Digital Reflections</A></DT>
<DD>Giving YOU an Internet Presence.</DD>
<DT><A HREF="http://www.daft.com/">Discordian Alliance For Teaching</A></DT>
<DD>Installation, maintenance and training for Information Publishing on the N
et.</DD>
<DT><A HREF="http://www.discpro.org/">DISCovery Productions</A></DT>
<DD>Dedicated to regional and ethnic folk music (emphasis on Flamenco and Andean)</DD>
<DT><A HREF="http://www.dragon.net.au/">Dragon Net</A></DT>
<DD>Internet Service Provider and Web Developers in Syndey, AUSTRALIA.
<A NAME="ehook"></A>
<P><DT><STRONG>E...</STRONG></DT>
<DT><A HREF="http://www.ecstatic.com/">Ecstatic Communications</A></DT>
<DD>Multimedia Productions (Apache on MachTen 2.2 Unix on MacOs 7.5.1 Rules!)</DD>
<DT><A HREF="http://www.ekspress.ee/">Eesti Ekspress</A></DT>
<DD>Estonian Ekspress - largest weekly newspaper in Estonia</DD>
<DT><A HREF="http://www.efrei.fr/">EFREI</A></DT>
<DD>Ecole Francaise d'Electronique et d'Informatique - PARIS</DD>
<DT><A HREF="http://www.empire.net/">Empire.Net, Inc.</A></DT>
<DD>Full Service WWW Hosting and Design Internet Provider</DD>
<DT><A HREF="http://equinet.com/">EQUINET - Horses! on the Internet</A></DT>
<DD>Premier site for equestrian products, services and the buying & selling horses.</DD>
<DT><A HREF="http://www.esquadro.com.br/">Esquadro ISP</A></DT>
<DD>Internet Acess and Service Provider in Rio de Janeiro, Brazil:-)</DD>
<DT><A HREF="http://travel.digit.ee/">Estonian Travel Guide</A></DT>
<DD>Your source to Estonian travel information</DD>
<DT><A HREF="http://www.efi.joensuu.fi/">European Forest Institute</A></DT>
<DD>An independent non-governmental organization conducting European forest research</DD>
<DT><A HREF="http://www.imec.be/europractice/europractice.html">The EUROPRACTICE Project</A></DT>
<DD>The Small Volume and Prototype Silicon Processing Initiative of the EEC</DD>
<DT><A HREF="http://www.xtc.net/">Expanding Technologies</A></DT>
<DD>NorthEast Tennessee's hottest ISP / Web Developer</DD>
<A NAME="fhook"></A>
<P><DT><STRONG>F...</STRONG></DT>
<DT><A HREF="http://www.flora.ottawa.on.ca/">Flora St. Community WEB</A></DT>
<DD>Home/volunteer site of consultant: Flora St,Ottawa,Canada.</DD>
<DT><A HREF="http://www.teaser.fr/">France-Teaser</A><DT>
<DD>French Internet Service Provider</DD>
<DT><A HREF="http://www.frankfurt.de/">Frankfurt Digital Marketplace</A></DT>
<DD>The Frankfurt server</DD>
<DT><A HREF="http://www.freebsd.org/">FreeBSD</A></DT>
<DD>FreeBSD Web Site</DD>
<A NAME="ghook"></A>
<P><DT><STRONG>G...</STRONG></DT>
<DT><A HREF="http://www.galaxy.net/">Galaxy Networks</A></DT>
<DD>Internet Service Provider and Web Site in New Jersey</DD>
<DT><A HREF="http://www.getnet.com/">GetNet International</A></DT>
<DD>Internet Service/Network/Presence Provider, Phoenix, AZ</DD>
<DT><A HREF="http://www.gospelcom.net/">Gospel Communications Network</A></DT>
<DD>Online Christian Resources</DD>
<DT><A HREF="http://bull.got.kth.se">BULL.GOT.KTH.SE</A></DT>
<DD>The student's server at the Gotland College of Higher Education</DD>
<DT><A HREF="http://www.greyhawkes.com/">Greyhawkes Cyberservices</A></DT>
<DD> Web Services, Consulting & Training</DD>
<A NAME="hhook"></A>
<P><DT><STRONG>H...</STRONG></DT>
<DT><A HREF="http://www.rvs.uni-hannover.de/">University of Hannover, RVS</A></DT>
<DD>Lehrgebiet Rechnernetze und Verteilte Systeme</DD>
<DT><A HREF="http://harvard.net/">HarvardNET</A></DT>
<DD>Internet Service Provider in Boston, 5 BSDI Web Servers, 100+ virtual domains</DD>
<DT><A HREF="http://www.hway.com/">Hiway Technologies, Inc.</A></DT>
<DD>Specializing in virtual domain web space rental.</DD>
<DT><A HREF="http://www.ci.houston.tx.us">The City of Houston, Texas</A></DT>
<DD>The City of Houston, Texas WWW Server</DD>
<DT> <A HREF="http://www.uth.tmc.edu/">The UT Houston Health Science Center</A>
<DD>Information Resources for UTH faculty, staff and students.
<DT><A HREF="http://www.nightflight.com/">Home Page Services, Free Classified Ads</A></DT>
<DD>Low cost, high quality :-)</DD>
<DT><A HREF="http://www.station.net/">Hong Kong Internet Station</A></DT>
<DD>A ISP in Hong Kong. We run both Apache and Apache+SSL.</DD>
<DT><A HREF="http://www.hotwired.com/">HotWired</A></DT>
<DD>No description necessary.</DD>
<DT><A HREF="http://www.hyperreal.org/">Hyperreal</A></DT>
<DD>The Techno/Ambient/Alternative Culture Archives</DD>
<DT><A HREF="http://www.hypersurf.com/">Hypersurf Internet Services</A></DT>
<DD>Hypersurf provides dialup, as well as web hosting to the East SF Bay Area</DD>
<A NAME="ihook"></A>
<P><DT><STRONG>I...</STRONG></DT>
<DT><A HREF="http://www.IdeaCafe.com/">Idea Cafe</A></DT>
<DD>The Small Business Gathering Place...</DD>
<DT><A HREF="http://www.io.com">Illuminati Online</A></DT>
<DD>The online services division of Steve Jackson Games</DD>
<DT><A HREF="http://www.indra.com/">Indra's Net, Inc </A></DT>
<DD>An Internet access and Web presence provider based in Boulder,Colorado</DD>
<DT><A HREF="http://www.InfoStreet.com/">InfoStreet, Inc.</A></DT>
<DD>Commercial Web Weaving and Web Hosting Provider specializing in turn key solutions</DD>
<DT><A HREF="http://www.infinityweb.com/">InfinityWeb Communications</A></DT>
<DD>Design and/or Hosting with offices in Honolulu, Tampa, and Tucson.</DD>
<DT><A HREF="http://www.InstantWeb.com/">Instant Web Sites</A></DT>
<DD>Fill in a simple form and instantly get your own Web site.</DD>
<DT><A HREF="http://www.mineral.tu-freiberg.de/">Institute of Mineralogy</A></DT>
<DD>Freiberg University of Mining and Technology (Germany)</DD>
<DT><A HREF="http://www.inta.net/">IntaNET Communications</A></DT>
<DD>After testing several servers, IntaNET chose Apache for its versatility and reliability.</DD>
<DT><A HREF="http://www.nfld.com/">InterActions</A></DT>
<DD>Internet Service Provider, Mount Pearl, NF, Canada</DD>
<DT><A HREF="http://www.icsi.net/">Internet Connect Services, Inc.</A></DT>
<DD>ICSI's Primary WWW Server - Running 40+ Virtual Domains</DD>
<DT><A HREF="http://www.netdoor.com/">Internet Doorway, Inc</A></DT>
<DD>Internet Service Provider in Jackson, Mississippi</DD>
<DT><A HREF="http://www.webnet.com.au/">Internet Interface Systems</A></DT>
<DD>ISP in Melbourne, Australia</DD>
<DT><A HREF="http://uk.imdb.com/">Internet Movie Database (UK)</A></DT>
<DD>The web's biggest and best movie resource.</DD>
<DT><A HREF="http://us.imdb.com/">Internet Movie Database (US)</A></DT>
<DD>The web's biggest and best movie resource.</DD>
<DT><A HREF="http://www.spies.com/">The Internet Wiretap</A></DT>
<DD><A HREF="http://wiretap.spies.com">Electronic texts</A> and personal publishing.</DD>
<DT><A HREF="http://www.interpac.net/">Inter-Pacific Networks</A></DT>
<DD>Big Island of Hawaii Premire Internet Service Provider</DD>
<DT><A HREF="http://www.is.kiruna.se/">Information Society, Kiruna, Sweden</A></DT>
<DD>Information should be free (and powered by Apache)</DD>
<A NAME="jhook"></A>
<P><DT><STRONG>J...</STRONG></DT>
<DT><A HREF="http://www.ju.edu/">Jacksonville University</A></DT>
<DD>Making changes in College Education!</DD>
<DT><A HREF="http://www.sjis.com">South Jersey Internet Services</A></DT>
<DD>Webmaster/Web Service Providers. We love Apache!</DD>
<A NAME="khook"></A>
<P><DT><STRONG>K...</STRONG></DT>
<DT><A HREF="http://www.kemmunet.net.mt/">Kemmunet Ltd</A></DT>
<DD>Kemmunet is an Internet Service Provider in the island.</DD>
<DT> <A HREF="http://www.dbnet.ece.ntua.gr"> Knowledge and Data Base Systems Laboratory </A></DT>
<DD> based at the National Technical University of Athens, GREECE </DD>
<A NAME="lhook"></A>
<P><DT><STRONG>L...</STRONG></DT>
<DT><A HREF="http://www.lansoft.com/">LANsoft U.S.A.</A></DT>
<DD>Commercial Email To Internet Provider</DD>
<DT><A HREF="http://www.lls.se/">Lightning Line Service</A></DT>
<DD>Swedish Internet provider & WWW hotel located in Gothenburg</DD>
<DT><A HREF="http://www.links.net/">Links from the Underground</A></DT>
<DD>A collection of writings and pointers from net.superstar Justin Hall</DD>
<DT><A HREF="http://www.littleblue.com">Little Blue Productions</A></DT>
<DD>Web space provider in Kansas City, powered by Apache on Silcon Graphics.</DD>
<DT><A HREF="http://xxx.lanl.gov/">XXX e-print archives at Los Alamos National Lab</A></DT>
<DD>Repository for electronic publishing in the fields of physics, math and more.</DD>
<DT><A HREF="http://www.louisville.edu/">The University of Louisville</A></DT>
<DD>Univ. of Lou. Louisville, KY. Main WWW server.</DD>
<DT><A HREF="http://www.lth.se/">Lund Institute of Technology</A></DT>
<DD>The technical faculty at Lund University in the south of Sweden</DD>
<A NAME="mhook"></A>
<P><DT><STRONG>M...</STRONG></DT>
<DT><A HREF="http://www.madcap.com/">MadCap</A><DT>
<DD>A San Francisco Geek Arcology/Consulting Group</DD>
<DT><A HREF="http://www.magpage.com/">The Magnetic Page</A></DT>
<DD>An internet service provider for Delaware, Maryland, and Pennsylvania.</DD>
<DT><A HREF="http://WWW.Zmall.Com/">Mall of Cyberspace</A></DT>
<DD>Your Storefront on the Information Superhighway</DD>
<DT><A HREF="http://www.mediabridge.com">Mediabridge Infosystems</A></DT>
<DD>Custom Web and other Internet servers</DD>
<DT><A HREF="http://www.metwest.com/">Metwest.com</A></DT>
<DD>Commercial low cost web services Serving Metro-West/Boston.</DD>
<DT><A HREF="http://www.ml.ee/">Microlink</A></DT>
<DD>Microlink computer manufacturer</DD>
<DT><A HREF="http://www.mwci.net/">Midwest Communications Inc.</A></DT>
<DD>Nationwide Internet and Web Service Provider</DD>
<DT><A HREF="http://www.state.net/">Minnesota OnLine</A></DT>
<DD>Minnesota's Premier Access Provider</DD>
<DT><A HREF="http://www.msstate.edu/">Mississippi State University</A></DT>
<DD>US mirror of the Internet Movie Database and Fineart Forum online</DD>
<DT><A HREF="http://www.modcomp.com/">MODCOMP</A></DT>
<DD>A vendor of realtime low-latency computer systems</DD>
<DT><A HREF="http://jamcha.witness.com/">More Email BBS</A><DT>
<DT><A HREF="http://www.musicblvd.com/">Music Boulevard</A></DT>
<DD>Music CDs, samples, magazines, and more</DD>
<A NAME="nhook"></A>
<P><DT><STRONG>N...</STRONG></DT>
<DT><A HREF="http://www.netaxis.com/">NETAXIS</A></DT>
<DD>Your On-line Marketing and Communications Resource</DD>
<DT><A HREF="http://Nettvik.no/">Nettvik</A></DT>
<DD>Norway's fastest growing town.</DD>
<DT><A HREF="http://www.netway.it/">Netway Italia S.r.l.</A></DT>
<DD>Full Internet Service Provider, Naples, Italy</DD>
<DT><A HREF="http://www.gatewy.net/"> New Orleans Gateway</A></DT>
<DD>New Orleans most affordable Full Internet Service. Come visit us.</DD>
<DT><A HREF="http://www.next.com.au">Next Online</A></DT>
<DD>Internet Presence Provider, Sydney, Australia</DD>
<DT><A HREF="http://www.northsea.com/">North Sea, Ltd.</A></DT>
<DD>Internet-Based Health Care Analyis and Provider Management Systems.</DD>
<DT><A HREF="http://marg.ntu.ac.uk/">Nottingham Trent University,Department of Manufacturing Engineering</A></DT>
<DD>Web server run by the Manufacturing Automation Research Group</DD>
<DT><A HREF="http://nps.venture-web.or.jp">NPS Inc.</A></DT>
<DD>A Japanese trading company with anb internet twist.</DD>
<DT><A HREF="http://www.cas.unt.edu/">The University of North Texas College of A
rts and Sciences</A></DT>
<DD>Running under FreeBSD v2.x since apache_0.6.5.</DD>
<DT><A HREF="http://www.nucleus.com/">Nucleus Inc.</A></DT>
<DD>Specializing in Web Advertising. Internet Provider for the Calgary Area</DD>
<DT><A HREF="http://www.nueva.pvt.k12.ca.us/">The Nueva School</A></DT>
<DD>An independent K-8 school in Hillsborough, California.</DD>
<A NAME="ohook"></A>
<P><DT><STRONG>O...</STRONG></DT>
<DT><A HREF="http://oasi.shiny.it/">OASI Association - Asti, Italy</A></DT>
<DD>The one and only I.T. power group in our town. Linux + little RAM = Apache :)</DD>
<DT><A HREF="http://www.omnes.net/">Omnes</A></DT>
<DD>Omnes - global communications solutions</DD>
<DT><A HREF="http://www.opencad.com/">OpenCAD International, Inc.</A></DT>
<DD>Web Prescence Providers in Santa Monica, California</DD>
<DT><A HREF="http://www.organic.com/">Organic Online</A></DT>
<DD>Web Site Developers/Networked Hypermedia Designers</DD>
<DT><A HREF="http://www.lib.ox.ac.uk/">Oxford University Libraries Automation Service</A></DT>
<DD>Running Apache under FreeBSD</DD>
<A NAME="phook"></A>
<P><DT><STRONG>P...</STRONG></DT>
<DT><A HREF="http://www.pacinfo.com/">PacInfo</A></DT>
<DD>Internet Service Provider in Eugene, Oregon</DD>
<DT><A HREF="http://www.pasadena.net/">Network Pasadena</A></DT>
<DD>Wide area network services, domestic and international.</DD>
<DT><A HREF="http://www.passageway.com/">Passageway Communications</A></DT>
<DD>Calgary's Presence Provider</DD>
<DT><A HREF="http://www.pair.com/">pair Networks</A></DT>
<DD>Web presence provider</DD>
<DT><A HREF="http://www.pcug.co.uk/">PC User Group (UK)</A></DT>
<DD>The PC Users' Group in the UK</DD>
<DT><A HREF="http://www.Phoenix.Volant.ORG">Phoenix Volant</A></DT>
<DD>A consulting service/personal site/webspace provider.</DD>
<DT><A HREF="http://www.pindar.co.uk">Pindar plc</A></DT>
<DD>Printing company based in York, UK.</DD>
<DT><A HREF="http://planet-hawaii.com/">Planet Hawaii</A></DT>
<DD>Hawaii's web site for travel, culture, business, and shopping information</DD>
<DT><A HREF="http://pleasure.com/">Pleasure Unlimited</A></DT>
<DD>Your run of the mill adult site</DD>
<DT><A HREF="http://www.programmers.net/">Programmer's WEB</A></DT>
<DD>The first italian WEB for developers</DD>
<DT><A HREF="http://www.glue.umd.edu/">Project Glue</A></DT>
<DD>University of Maryland at College Park</DD>
<A NAME="qhook"></A>
<P><DT><STRONG>Q...</STRONG></DT>
<DT><A HREF="http://www.quake.net/">QuakeNet Internet Services</A></DT>
<DD>We use Apache and CyberCash to make Internet Commerce a reality.</DD>
<A NAME="rhook"></A>
<P><DT><STRONG>R...</STRONG></DT>
<DT><A HREF="http://www.ravens-nest.com/">The Raven's Nest</A></DT>
<DD>Design & develop corporate internet strategies and solutions</DD>
<DT><A HREF="http://www.module.vympel.msk.ru/">Research Centre "Module"</A></DT>
<DD>Internet Service Provider in Moscow, Russia. Apache Project HTTP-mirror.</DD>
<DT><A HREF="http://www.rsp.com.au/">Rising Sun Pictures</A></DT>
<DD>3D Animation and Visual Effects for Film and Television</DD>
<DT><A HREF="http://inet-unx.unisys.nl/robegids/html/US/home.htm">The Robé Directory</A></DT>
<DD>The on-line database containing more than 110,000 companies in The Netherlands</DD>
<A NAME="shook"></A>
<P><DT><STRONG>S...</STRONG></DT>
<DT><A HREF="http://sapo.ua.pt/">SAPO - Servidor de Apontadores Portugueses</A></DT>
<DD>Exhaustive list of Pointers to Portuguese Servers</DD>
<DT><A HREF="http://www.pbm.com/">Shadow Island Games</A></DT>
<DD>A play-by-net gaming company</DD>
<DT><A HREF="http://www.siam.net/">SiamGuide to Thailand</A></DT>
<DD>Commercial Web Development service in Thailand :-)</DD>
<DT><A HREF="http://www.sierraclub.org/">Sierra Club</A></DT>
<DD>A non-profit organization promoting conservation of the environment</DD>
<DT><A HREF="http://skynet.ul.ie/">Skynet</A></DT>
<DD>The University of Limerick Comp. Soc., appreciating Apache's performance</DD>
<DT><A HREF="http://soilcrop.tamu.edu">Soil & Crop Sciences, TAMU</A></DT>
<DD>The departmental WWW server of Soil & Crop Sciences dept. at Texas A&M</DD>
<DT><A HREF="http://www.sonoma.net/">Sonoma.Net</A></DT>
<DD>An ISP hosting a growing list of different Websites...</DD>
<DT><A HREF="http://www.stel.com">Stanford Telecommunications Inc.,</A></DT>
<DD>Bringing you the world of communications through wireless and Web services.</DD>
<DT><A HREF="http://www.Stardot.com/">Stardot Consulting</A></DT>
<DD>Political resources and consulting on the Web</DD>
<DT><A HREF="http://www.stonesworld.com/">Stones World</A></DT>
<DD>Tour info, sound samples, audio/video streams, and happenings<DD>
<DT><A HREF="http://www.dis.strath.ac.uk/">Information Science at Strathclyde University</A></DT>
<DD>A surprisingly busy little site in Scotland.</DD>
<DT><A HREF="http://www.suck.com/">Suck</A></DT>
<DD>Hindenburg. Titanic. Edsel. Suck.</DD>
<DT><A HREF="http://www.ee.ethz.ch/">Department of Electrical Engineering, Swiss Federal Institute of Technology Zurich</A></DT>
<DD>Only the best is good enough ...</DD>
<DT><A HREF="http://www.sjs.com/">sjs.com</A></DT>
<DD>Systems & Network Consultant in Central Massachusetts</DD>
<DT><A HREF="http://www.skl.com/">Systems Knowledge Link</A></DT>
<DD>A full service Internet Provider in West Hill, Ontario :-)</DD>
<A NAME="thook"></A>
<P><DT><STRONG>T...</STRONG></DT>
<DT><A HREF="http://www.tbi.net/">Tampa Bay Interactive</A></DT>
<DD>Quality Counts!</DD>
<DT><A HREF="http://www.ton.tut.fi/"></A></DT>
<DD>Tampere District Student Housing Foundation (TOAS)</DD>
<DT><A HREF="http://www.targed.org.uk">TARGED North West Wales Training & Enterprise Council Ltd</A></DT>
<DD>Linux based Apache server.</DD>
<DT><A HREF="http://www.tecnet.com/">TECNET</A></DT>
<DD>The Worldwide Classifieds for New and Used Hi-Tech Equipment</DD>
<DT><A HREF="http://www.teksouth.com/">Teksouth Corporation</A></DT>
<DD>Network printing products and high-tech personnel services.</DD>
<DT><A HREF="http://www.telebase.com/">Telebase Systems</A></DT>
<DD>Information providers to the world</DD>
<DT><A HREF="http://www.tembel.org/">Tembel's Hedonic Commune</A></DT>
<DD>Tembel's Hedonic Commune external server (also used internally).</DD>
<DT><A HREF="http://stimpy.music.ua.edu/">TEMPUS - The University of Alabama Sch
ool of Music</A></DT>
<DD>Perhaps the oldest web server in the state of Alabama</DD>
<DT><A HREF="http://www.terraware.net/">TerraWare Systems</A></DT>
<DD>Making software that is biodegradable and containing no Phosphates!</DD>
<DT><A HREF="http://www.metronet.com/">Texas Metronet</A></DT>
<DD>Internet Service Provider for Dallas/Fort Worth</DD>
<DT><A HREF="http://trex.org">Trex, The place to visit</A></DT>
<DD>a Full Service BBS and much more. Runs on a Solbourn 5e/602</DD>
<DT><A HREF="http://troubador.com/">Troubador Systems Web Sites and Business Packages</A></DT>
<DD>Personalized Service!!! for real... :-)</DD>
<DT><A HREF="http://www.uniserve.com/">TVS-UNIServe</A></DT>
<DD>ISP and Web site developer for Vancouver</DD>
<A NAME="uhook"></A>
<P><DT><STRONG>U...</STRONG></DT>
<DT><A HREF="http://xweb.com">Universal Algorithms, Inc.</A></DT>
<DD>CollegeNET, Precision Guides, Schedule25, Equinet</DD>
<DT><A HREF="http://wwwedms.redstone.army.mil">US Army JEDMICS EDMS Program Office</A></DT>
<DD>Engineering Data Management Systems, Redstone Arsenal, Alabama</DD>
<DT><A HREF="http://www.uu.net">UUNET/AlterNet technologies</A></DT>
<DD>Internet Service Provider</DD>
<A NAME="vhook"></A>
<P><DT><STRONG>V...</STRONG></DT>
<DT><A HREF="http://www.vicksburg.com/">Vicksburg Online</A></DT>
<DD>Vicksburg, MS. Internet Service Provider</DD>
<DT><A HREF="http://iuinfo.tuwien.ac.at/">Univ. of Technology Vienna, Dept's Support</A></DT>
<DD>IU Info Service, Campus Software Service, Goodie Domain Service, Platform Support S.</DD>
<DT><A HREF="http://www.v-site.net/">Virtual Sites</A></DT>
<DD>A sense of Place in Cyberspace </DD>
<DT><A HREF="http://www.vrx.net/">VRx Network Services INC.</A></DT>
<DD>Internet Solutions Provider in Toronto, CANADA</DD>
<A NAME="whook"></A>
<P><DT><STRONG>W...</STRONG></DT>
<DT><A HREF="http://www.law.washington.edu/">The University of Washington School of Law</A></DT>
<DD>Linux-based Apache server since 0.6.2...</DD>
<DT><A HREF="http://www.wadesign.co.uk/">WebArt Design</A></DT>
<DD>Providing Internet and Web solutions to business. Located in the UK</DD>
<DT><A HREF="http://www.webpub.com/">Web Publishers</A></DT>
<DD>A Commercial Web Service Provider specializing in high-end clients.</DD>
<DT><A HREF="http://websmith.ca/">The WebSmith Group</A></DT>
<DD>Web site hosting and authoring, located in Ottawa, Ontario</DD>
<DT><A HREF="http://www.win-uk.net/">WinNET Communications Ltd</A></DT>
<DD>Internet Provider in the UK</DD>
<DT><A HREF="http://wwns.com/wwns/">World Wide Network Services</A><DT>
<DD>An Internet Presence Provider. "Creating Your Image For The World" </DD>
<A NAME="xhook"></A>
<P><DT><STRONG>X...</STRONG></DT>
<DT><A HREF="http://www.xensei.com/">Xensei</A></DT>
<DD>The Xensei Corp. Webmasters/ISP who love Apache.</DD>
<A NAME="yhook"></A>
<A NAME="zhook"></A>
<P><DT><STRONG>Z...</STRONG></DT>
<DT><A HREF="http://www.zycad.com/">Zycad</A></DT>
<DD>Suppliers of EDA acceleration products</DD>
<DT><A HREF="http://www.zyzzyva.com/">Zyzzyva Enterprises</A></DT>
<DD>Commercial Web Development Services</DD>
</DL>
<HR><P>
<STRONG>
<A HREF="#ahook">A</A> | <A HREF="#bhook">B</A> | <A HREF="#chook">C</A> | <A HREF="#dhook">D</A> | <A HREF="#ehook">E</A> | <A HREF="#fhook">F</A> | <A HREF="#ghook">G</A> | <A HREF="#hhook">H</A> | <A HREF="#ihook">I</A> | <A HREF="#jhook">J</A> | <A HREF="#khook">K</A> | <A HREF="#lhook">L</A> | <A HREF="#mhook">M</A> | <A HREF="#nhook">N</A> | <A HREF="#ohook">O</A> | <A HREF="#phook">P</A> | <A HREF="#qhook">Q</A> | <A HREF="#rhook">R</A> | <A HREF="#shook">S</A> | <A HREF="#thook">T</A> | <A HREF="#uhook">U</A> | <A HREF="#vhook">V</A> | <A HREF="#whook">W</A> | <A HREF="#xhook">X</A> | <A HREF="#yhook">Y</A> | <A HREF="#zhook">Z</A>
</STRONG>
<P><HR>
<P>Send additions to <A HREF="mailto:running-apache@zyzzyva.com">running-apache@zyzzyva.com</A>,
in the form of HTML <DT> and <DD> entries, e.g.
<PRE>
<DT><A HREF="http://www.apache.org/">The Apache Project</A></DT>
<DD>The developers trust it :-)</DD>
</PRE>
<P>Any description over 80 characters will be truncated.</P>
<P>See <A HREF="http://www.netcraft.com/Survey">http://www.netcraft.com/Survey</A> for Netcraft's survey of Apache (and other servers) usage.</P>
<HR>
<P><STRONG>Disclaimer</STRONG>: just because these sites run Apache, doesn't
imply they offer good services, or that the Apache Project associates
themsleves with the companies/organizations we list.</P>
<HR>
<P>Help spread the word... feel free to use the "Powered by Apache" logo (below) on your pages.</P>
<P ALIGN="CENTER"><A HREF="../images/apache_pb.gif"><IMG BORDER=0
SRC="../images/apache_pb.gif" ALT="Powered by Apache" WIDTH="259" HEIGHT="32"></A>
</P>
<HR>
<P ALIGN="CENTER">
<A HREF="/"><IMG SRC="../images/apache_home.gif" ALT="Home"></A>
</P>
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/how-to-mirror.html
Index: how-to-mirror.html
===================================================================
<HTML>
<HEAD>
<TITLE>How to Become a Mirror of the Apache Web Site</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<DIV ALIGN="CENTER">
<IMG SRC="../images/apache_sub.gif" ALT="[APACHE DOCUMENTATION]">
</DIV>
<H1 ALIGN="CENTER">How to Become a Mirror of the Apache Web Site</H1>
Apache has over 150 different mirror sites around the world. If you
are in a part of the world which seems poory served by any existing
mirror, we would encourage you to set up a local mirror of the
www.apache.org web site for you and others in your part of the world to
use. So that others may find it, we'll list it on our "mirrors" web
page, too.
<H2>Requirements</H2>
We have a few requirements for those wishing to run a mirror:
<UL>
<LI>You must carry the complete site, with no "local" changes.
<LI>You must do an update-check at least twice a week.
<LI>You must subscribe to the mailing list for mirror maintainers.
<LI>Set the configuration <CODE>DocumentIndex index.html</CODE>.
<LI>Enable server-side includes, i.e. <CODE>Options Includes</CODE> or
<CODE>Options IncludesNoExec</CODE>.
</UL>
Note that the site, as of this writing (June 2000) is approximately 360
megabytes.
<P>
More requirements may be placed at some point in the future, but for
now that's all there is. There are a couple things which are highly
recommended:
<UL>
<LI>Run your mirroring software between midnight and 4am Pacific Standard Time
(8am-noon GMT) when traffic to www.apache.org is at its lowest.
<LI>Consider also making the "dist" subdirectory.
</UL>
<H2>Mirroring Techniques</H2>
There are a couple different ways to mirror the Apache web site. Here
is the list of ways we make available, in order of decreasing preference:
<OL>
<LI>Use Rsync. Rsync is similar to cvsup, but (in theory) more widely
ported, and uses hashes rather than CVS versions to watch for
differences. You can find details on rsync at <A
HREF="http://rsync.samba.org/"> http://rsync.samba.org/</A>. You
might want to call it using the following arguments, for example:
<P><UL><CODE>rsync -rtlzv --delete --exclude incoming
dev.apache.org::apache-site /local/path/to/mirror</CODE></UL>
<P>You can also just do a <CODE>rsync dev.apache.org::</CODE> to get a
list of rsync modules available.
<P>
<LI>Use the "CVSup" package. This is a package which uses the
versioning scheme in CVS to determine exactly which parts of which
files changed between accesses, and is thus by far the most efficient
mechanism for transferring files. The best place to find out more
about CVSup is at the CVSup FAQ, at <A
HREF="http://www.polstra.com/projects/freeware/CVSup/faq.html">
http://www.polstra.com/projects/freeware/CVSup/faq.html</A>. There
are binaries for Linux, *BSD, Solaris, SunOS, Alpha/OSF-1, HPPA-10.20,
and Irix 6.
<P>After you've set up the client binary, use the following as a "supfile":
<BLOCKQUOTE><PRE>
*default host=dev.apache.org
*default base=(wherever you want)
*default prefix=(wherever you want)
*default release=cvs
apache-fullsite
</BLOCKQUOTE></PRE>
<P>
Of course, you can also fetch the Apache 1.2 and 1.3 CVS trees
(<CODE>apache-1.2</CODE> or <CODE>apache-1.3</CODE>), just the docs
for each of those (<CODE>apache-1.2-docs</CODE> or
<CODE>apache-1.3-docs</CODE>), the binary distributions
(<CODE>apache-dist</CODE>) and even the mod_perl CVS tree
(<CODE>modperl</CODE>).
<P>
<LI>Use the <A
HREF="http://www.apache.org/docs/mod/mod_proxy.html">proxy module</A>
in Apache to "pass-through" requests to the central Apache web site.
Set up the following in the configuration for your mirror:
<PRE>
ProxyPass / http://www.apache.org/
CacheDefaultExpire 24
</PRE>
Every request which then comes into this server will be passed along
to www.apache.org, unless the object is already in your local cache
and is less than 24 hours old.
</OL>
We do not recommend the use of Web spiders, or HTTP equivalents to the
"mirror.pl" package, as every object needs to get a HEAD request every
time it is checked, which is a very inefficient mechanism for seeing
what's been updated on an entire site.
<p>
It is not possible to mirror via ftp. The other methods are also far
more efficient so you will be pleased after setting them up.
<H2>Inform us!</H2>
Once the site is set up, send mail to <A
HREF="mailto:mirror-submit@apache.org">mirror-submit@apache.org</A> to let us know
it's been set up, and we'll add it to the list of mirrors. Please be
patient if it takes a little while to respond.
<P>
The mailing list for mirror maintainers can be joined by sending mail
to "mirrors-subscribe@apache.org".
<P>
Good luck!
</BODY></HTML>
1.1 httpd-site/xdocs/info/in_the_news.xml
Index: in_the_news.xml
===================================================================
<?xml version="1.0"?>
<?xml-stylesheet href="http://www.apacheweek.com/inthenews/inthenews.apache.org.xsl" type="text/xsl"?>
<!--
*** Data for Apache "in the news" pages. Collected from the old in_the_news
*** page together with news articles run in Apache Week. Order in this file
*** doesn't matter, but the "date" field should be present (6 or 8 digits)
***
*** mjc@apache.org,mjc@redhat.com March 2001
-->
<news>
<item>
<title>Brian Behlendorf: Apache co-founder talks about open source</title>
<publication>InfoWorld.com</publication>
<url>http://www.infoworld.com/articles/hn/xml/00/11/17/001117hnapache.xml</url>
<date>20001117</date>
<quote>"the fact that we don't have a multibillion-dollar marketing organization means that, sure, Microsoft is going to be able to claim
things or do things that we can't, but that hasn't hurt us so far." </quote>
</item>
<item>
<title>Apache founders hit Vegas in search of cash</title>
<url>http://www.infoworld.com/articles/hn/xml/00/11/13/001113hnapache.xml</url>
<publication>InfoWorld.com</publication>
<date>20001113</date>
<quote>"Behlendorf said the ASF may need to look for a little cash to keep up with the demands that developing the leading Web server requires"</quote>
</item>
<item>
<title>Report from ApacheCon Europe 2000</title>
<publication>Apache Week</publication>
<url>http://www.apacheweek.com/features/apachecon2000eu</url>
<date>20001103</date>
<quote>"
As in all conferences, there were various technical glitches when presentation laptops froze and batteries ran out, some
inexperienced speakers, and not enough seats but these were all minor issues considering the excellent detailed technical
knowledge that was imparted by the speakers."</quote>
</item>
<item>
<title>Apache Guide: ApacheCon Europe</title>
<publication>Apache Today</publication>
<url>http://apachetoday.com/news_story.php3?ltsn=2000-10-30-002-01-NW-CY-LF</url>
<date>20001030</date>
<quote>"Last week, I was in London for ApacheCon 2000. In a break from my usual subjects,
this will be a brief overview of the conference, touching on the highlights and some of
the things that were talked about there."</quote>
</item>
<item>
<title>Tips on pitching Apache to the big wigs</title>
<url>http://www.nwfusion.com/news/2000/1026apacheadvice.html</url>
<publication>NetworkWorldFusion</publication>
<date>20001026</date>
<quote>
"Apache cares about trademarks and it's helped us maintain a pretty good
product," Behlendorf said.
</quote>
</item>
<item>
<title>IBM pitches its open source side</title>
<url>http://www.nwfusion.com/news/2000/1025ibmopen.html</url>
<publication>NetworkWorldFusion</publication>
<date>20001025</date>
<quote>
"IBM Tuesday set out its open source agenda at ApacheCon
Europe 2000. The message seemed to boil down to the notion
that in a networked world, open source is good and IBM not only
knows that but embraces the open-source programming
community."</quote>
</item>
<item>
<title>Sun says Java moving towards full
open source</title>
<url>http://www.nwfusion.com/news/2000/1024javasource.html</url>
<publication>NetworkWorldFusion</publication>
<date>20001024</date>
<quote>"Sun is moving toward making its Java technology fully open
source, a company executive said Tuesday, addressing an
audience of programmers here at the ApacheCon Europe 2000."
</quote>
</item>
<item>
<title>The 10 Most Important Products of the Decade</title>
<publication>Network Computing</publication>
<date>200010</date>
<quote>"...Apache Web Server earns its place for changing the rules on the server side. The future of Apache hinges on its ability to function as
an e-commerce server. If the past five years are any indication, Apache Web Server will deliver the whole shopping cart--and
probably sooner than its competitors do." </quote>
</item>
<item>
<title>E-business innovators</title>
<publication>InfoWorld</publication>
<date>200010</date>
<quote>"By general acclaim, it has done more to stimulate Web development -- and therefore e-commerce -- than any other Web-based
server." </quote>
</item>
<item>
<title>Dynamics of the Apache XML Project</title>
<url>http://weblogs.oreillynet.com/edd/discuss/msgReader$88</url>
<publication>Edd Dumbill's Weblog (O'Reilly) </publication>
<date>20000710</date>
<quote>
"IBM and Lotus in particular are responsible for the XML parser, Xerces, and the XSLT processor, Xalan. Sun also play a significant part in Apache's Java projects. Though nobody has suggested that Apache is in any way in the sway of these organizations as a consequence of their donations, it seems inevitable that the corporate and hacker cultures may well clash. This weekend seems a good example of this."
</quote>
<comment>
Edd Dumbill, editor of XML.com, writes about the "Dynamics of the Apache Group" in his Weblog. The focus of the article is on news that the Apache XML project could create another parser and looks at the the internal dynamics of the group members and some of the conflicts.
</comment>
</item>
<item>
<title>AOLserver faster than Apache?</title>
<url>http://weblogs.userland.com/qube/2000/06/26</url>
<publication>Qube Corner</publication>
<date>20000626</date>
<comment>
Qube Quorner reveal that Apache 1.3.12 comes second to AOLserver 3.0 in terms of requests/second and transfer speeds. Benchmarks do not give a true picture of the speed of a web server, since they provide an environment unlike the real use of the software. Commercial software is often tuned to perform well in benchmarks, so a good performance simply indicates that the software works well for that benchmark, not that it has good real-world performance.
</comment>
</item>
<item>
<title>US Toyota and Lexus dealers adopt Apache technology</title>
<url>http://www.newsalert.com/bin/story?StoryId=Cou7SqbKbytaYndK&FQ=Apache&Nav=na-search-&StoryTitle=Apache</url>
<publication>News Alert</publication>
<date>20000620</date>
<comment>
Over the last week, there have been a large number of stories about Internet Appliances for both home and business use. An increasing number of these units are now being run on open source platforms such as Linux. Dell have announced that Toyota in the US are to be equipped with Dell PowerApp.web servers to provide customised content to their dealer network.
</comment>
</item>
<item>
<title>Brian Behlendorf on the Apache name</title>
<url>http://www.linux-mag.com/2000-04/behlendorf_01.html</url>
<publication>Linux Magazine</publication>
<date>200004</date>
<quote>
"While there would still be a World Wide Web without the Apache Web server, pundits have suggested that it would belong to Microsoft. Since drawing up the plan for the Apache project in 1993, Apache Software Foundation President Brian Behlendorf has helped lead the volunteer development team that proved that you can take on Microsoft and win -- just so long as you change the rules."
</quote>
<comment>
Linux magazine have an interview with Brian Behlendorf, one of the initial Apache group founders. In addition to talking about the founding and sucess of Apache, Brian explains that the Apache name never meant "A patchy server", instead it "just sort of connoted: 'Take no prisoners. Be kind of aggressive and kick some ass.'"
</comment>
</item>
<item>
<title>IBM donates Net communications technology </title>
<url>http://news.cnet.com/news/0-1003-200-1993071.html?tag=st.ne.1002.thed.ni</url>
<publication>C|Net News.com</publication>
<date>20000601</date>
<quote>
"We want to move at Internet speed and respond to the needs of the developer community by making it available to the open-source community," said Marie Wieck, IBM's director of e-markets infrastructure. "It's valuable to further adoption."
</quote>
<comment>
As reported by C|Net, the Apache Software Foundation has received technology from IBM which will help developers create services using an open, vendor-neutral process. IBM's Java-built Simple Object Access Protocol (SOAP) will be contributed to the open source Apache XML project. The system provides a simple method of using XML to send message and access web services across distributed networks.
</comment>
</item>
<item>
<title>Apache Software Foundation join Java commmittee</title>
<url>http://www.cnetinvestor.com/newsitem-investor.asp?symbol=89538820&Ticker=AAPL</url>
<publication>CNet Investor</publication>
<date>20000601</date>
<quote>
"As is evident by the depth, diversity and strength of the JCP program's Executive Committee members, the future of Java technology specifications is in capable and caring hands," said George Paolini, vice president of Java Community Development at Sun Microsystems, Inc.
</quote>
<comment>
CNet Investor reported that Sun Microsystems have set up two executive committees to oversee their Java Community Process(SM) community-based Java technology development programmes. The first committee will oversee the Java technologies for the desktop/server space and the other will oversee the Java technologies for the consumer/embedded space.
</comment>
</item>
<item>
<title>Red Hat Leads The Way To IA-64 Itanium Linux</title>
<url>http://www.zdnet.com/sp/stories/news/0,4538,2571379,00.html</url>
<publication>ZD Net</publication>
<date>20000518</date>
<quote>
"On May 17, Red Hat Inc. released an alpha version of a complete IA-64 Linux distribution to developers. This edition, built within the Trillian Project, is the first alpha public code release of a full IA-64 Linux from kernel to drivers to such popular applications as Apache."
</quote>
<comment>
Red Hat Inc. this week released public alpha code of a full version of Linux for Intel's new IA-64 Itanium processor. The release of the software combined with the release of Intel's "Itanium Processor Microarchitecture Reference" gives developers access to all the information they need to start working on Itanium development.
</comment>
</item>
<item>
<title>April Web Server Survey</title>
<url>http://www.securityspace.com/s_survey/data/index.html</url>
<publication>SecuritySpace.com</publication>
<date>20000501</date>
<quote>
"The Apache module report documents the market share of Apache, internet's most popular web server, for a variety of add-on modules. Since most add on modules modify the web server "signature" that is returned on each web page, we are able to see who's using PHP, perl, SSL mods, language converters, language mods, etc."
</quote>
<comment>
If you are a regular reader of Apache Week you'll know that Apache has been the top web server in all the probe-based web surveys for some time, now with over 60% market share. The April survey from E-Soft also gives some other interesting statistics for modules in use; the most popular being the PHP scripting language in use on 29% of Apache sites.
</comment>
</item>
<item>
<title>Picking The Right Web Server Is Key</title>
<url>http://www.zdnet.com/products/stories/reviews/0,4161,2562342,00.html</url>
<publication>ZDNet</publication>
<date>20000504</date>
<quote>
"There are other compelling reasons to choose Linux/Apache. For one thing, you'll never find a back door, as with the recent IIS debacle, in open-source code. And it's getting so easy to install that the hardcore Linux gurus are grumbling about dumbing down."
</quote>
<comment>
ZDNet examine web server platforms in their article, "Picking the Right Server is Key". They compare Windows 2000 Advanced Server, Netware 5.1, Red Hat Linux using Apache, Solaris using iPlanet, and Solaris using Apache.
</comment>
</item>
<item>
<title>Scripting News / Manila</title>
<url>http://scriptingnews.userland.com/backissues/2000/04/24</url>
<publication>Userland</publication>
<date>20000424</date>
<quote>
"Apache is like MS-DOS. Lots of people use it, we do too. But where's the Lotus 1-2-3? Apache is boring! Where's the revolution for writers and thinkers?"
</quote>
<comment>
UserLand hosts an interesting open forum about commercial software, which originally started as an email discussion between Dave Winer and Brian Behlendorf. In Dave's own comments he picks out some of the discussion and his own point of view, accusing Apache of being boring.
</comment>
</item>
<item>
<title>VNU Net: Apache Server Commentary [Book Review]</title>
<url>http://linuxtoday.com/stories/20558.html</url>
<publication>Linux Today</publication>
<date>20000421</date>
<quote>
"This is one in a series of books which sets out to give an insight into the various Open Source products currently on the market. It is aimed at those who either want to write extension modules to Apache or customise the underlying code. In fact, Apache Server Commentary appears to be little more than a reference guide for those who already understand the concept of Apache and just want help on specific modules. It certainly isn't the architectural document I was expecting."
</quote>
<comment>
A short review of the new book "Apache Server Commentary" is available. The book is aimed at developers and contains source code listings of the Apache server.
</comment>
</item>
<item>
<title>A Conversation With the Man Behind the Animal Books</title>
<url>http://www.linux-mag.com/2000-02/oreilly_01.html</url>
<publication>Linux Magazine</publication>
<date>200004</date>
<quote>
"I think Apache plays an enormously important role here. Because it has dominant market share, it keeps the Internet open. I think it's more important for Apache to have dominant market share than for Linux. If Linux is dominant too, that's better, but I'd hate to see us lose Apache. That's a really important battleground."
</quote>
<comment>
The article discusses the evolving open source industry and pays particular attention to Apache.
</comment>
</item>
<item>
<title>Open Source Moves To The Mainstream</title>
<url>http://www.informationweek.com/781/open.htm</url>
<publication>InformationWeek.com</publication>
<date>20000410</date>
<quote>
"One of the leading open-source success stories is the Apache Web server, which for many sites is the backbone of Web applications. Apache is a flagship open-source project, continually developed by a self-selected group of coordinated volunteer programmers. It costs nothing to use. As of March, Apache is deployed on more than 7.8 million domains, or some 60% of Internet Web sites."
</quote>
<comment>
The article discusses the secure server survey from e-soft which shows Apache with 63% market share but notes that the "battle over E-commerce territory has been a little more difficult for open source, perhaps an indication that security-minded companies prefer to use commercial products".
</comment>
</item>
<item>
<title>The Netware Version Of Apache</title>
<url>http://www.nwfusion.com/newsletters/netware/0313nw2.html</url>
<publication>NetWorldFusion</publication>
<date>20000313</date>
<quote>
"The NetWare version of Apache 1.3 is still in the "experimental" stage, and it (so far) only runs on NetWare 5 or 5.1. Nevertheless, if you support a major Web site and ... if you want to take advantage of the hundreds of Web server applications available (also for free) for Apache - it would be worth your effort to download and test the new Apache in your environment."
</quote>
<comment>
The NetWare version of Apache is examined in a Network World Fusion Newsletter. Over the past few years Novell have shipped a couple of different Web servers with NetWare, but now Apache is available for this system.
</comment>
</item>
<item>
<title>Elliptic Curve Discrete Logarithms: ECC2K-108 - SOLVED!</title>
<url>http://cristal.inria.fr/~harley/ecdl7/readMe.html</url>
<publication>INRIA</publication>
<date>20000404</date>
<quote>
"The biggest public-key crypto crack ever has just finished! Certicom have confirmed that the solution is correct."
</quote>
<comment>
Apache Week reported in issue 180 on the attempt to solve the Elliptic Curve Challenge from Certicom. The solution was found at the end of March, and the Apache Software Foundation will receive a donation of US$8000 from the prize.
</comment>
</item>
<item>
<title>Solaris 8 weds reliability to must-have upgrades</title>
<url>http://www.zdnet.com/eweek/stories/general/0,11011,2470275,00.html</url>
<publication>ZD Net - EWeek</publication>
<date>20000320</date>
<quote>
"Apache Web server is also bundled with Solaris 8, but neither PC Week Labs nor Sun recommends its use in high-transaction environments."
</quote>
<comment>
PC Week mention Apache being bundled with Solaris in Solaris 8 weds reliability to must-have upgrades.
</comment>
</item>
<item>
<title>Reflections On ApacheCon 2000</title>
<url>http://slashdot.org/apache/00/03/18/1141205.shtml</url>
<publication>Slashdot</publication>
<date>20000318</date>
<quote>
"It's been a week now since ApacheCon 2000 ended. There's been some discussion over the events, with the release of Apache 2.0a being the main topic of conversation. But AC2K was more than just the venue that 2.0a was announced. It was an important and noteworthy conference in it's own right."
</quote>
<comment>
ASF member Jim Jagielski gives his personal opinion of ApacheCon 2000 in "Reflections on ApacheCon 2000".
</comment>
</item>
<item>
<title>Report from ApacheCon 2000</title>
<url>http://www.apacheweek.com/features/apachecon2000</url>
<publication>Apache Week</publication>
<date>20000310</date>
<quote>"
In total, just
over 1000 people attended the conference and this included a large number of Apache Software Foundation members.
At the very first session of the conference, the opening plenary, the previous record for the most Apache developers in
the same place at the same time was broken."</quote>
</item>
<item>
<title>The Buzz At Apache Conference: World Domination</title>
<url>http://opensourceit.earthweb.com/news/031300_apachecon.html</url>
<publication>Open Source IT</publication>
<date>200003</date>
<quote>
"More than 1,000 Apache developers and users gathered at ApacheCon 2000 in Orlando last week to discuss -- among other things -- the progress the Apache Web server is making towards World Domination."
</quote>
<comment>
ApacheCon 2000 is still in the news as Open Source IT reports on ApacheCon 2000 in "The Buzz at Apache Conference: World Domination".
</comment>
</item>
<item>
<title>ApacheCon 2000: Day One, Day Two, DayThree</title>
<url>http://web.oreilly.com/news/apachecon_day1.html</url>
<publication>O'Reilly</publication>
<date>200003</date>
<quote>
"The conference is being held at the Caribe Royale Resort Suites, which despite a strong conference turnout, is mainly inhabited by lots of parents and their young children, due to the proximity to Disney World."
</quote>
<comment>
O'Reilly published a detailed report on each day of the conference; Wednesday, Thursday, and Friday.
</comment>
</item>
<item>
<title>ApacheCon 2000</title>
<url>http://www.mlinux.org/events/acon2000/</url>
<publication>Melbourne Linux Users Group Inc</publication>
<date>20000310</date>
<quote>
"The ApacheCon show was very well done. The exhibit floor featured many cool companies and the keynote and PHP presentations I attended were very informative. Here are some pics of the event."
</quote>
<comment>
The Melbourne Linux Users Group posted a number of pictures from the conference.
</comment>
</item>
<item>
<title>ApacheCon: Fuelling The Web Revolution</title>
<url>http://www.linuxplanet.com/linuxplanet/reports/1580/1/</url>
<publication>LinuxPlanet</publication>
<date>200003</date>
<quote>
"ApacheCon is the yearly convention dedicated to Apache and Apache products. There are over 1,000 visitors this year, and the show creators were sitting around saying things to me like, "Wow, this is going so mainstream so fast." God, I hope so. It'd be a terrible thing for something that has captured 60 percent of the Internet Web-server market share to not be mainstream."
</quote>
<comment>
The article gives a brief overview of the conference and highlights one of the popular talks on open source from IBM.
</comment>
</item>
<item>
<title>A Patchy Start: Apache's Strong</title>
<url>http://www.wired.com/news/business/0,1367,34302,00.html</url>
<publication>Wired.com News</publication>
<date>20000214</date>
<quote>
"Apache is the Web's most widely used and -- outside of the Nerd Zone -- its most unknown application.
It has achieved dominance in a crucial market that Microsoft and Netscape have struggled mightily to conquer. Both companies have invested massive amounts of money and programming skills into server software programs -- and yet it's Apache, a freeware application, that is installed on just over half of all publicly accessible Web servers."
</quote>
<comment>
The article examines why Apache is not as well known as other projects such as Linux and finds that the companies providing support and services based on Apache are not as visible.
</comment>
</item>
</news>
1.1 httpd-site/xdocs/info/in_the_news_1997.html
Index: in_the_news_1997.html
===================================================================
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>Apache in the News</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<IMG SRC="../images/apache_sub.gif" ALT="">
<H2>Apache in the News: 1996, 1997</H2>
Apache has featured in a large number of reviews and articles.
This page lists just some
of the stories that appeared on-line up to the end of 1997. It is likely
that the links to some of these stories may no longer be available.
<p>
Apache in the News: <a href="../in_the_news.html">2001,2000</a> |
<a href="in_the_news_1999.html">1999,1998</a> |
1997,1996
<HR>
<P>
<STRONG>Internet World Daily, 24 Dec 1997</STRONG>
<A name="http://www.internetworld.com/reviews/1997/12/2401-apache.html">
<STRONG><CITE>At Last: Apache Runs on Windows</CITE></STRONG></A>
(no longer available)
<BR>
<BLOCKQUOTE>
<EM>
"There's no secret why Apache is the most popular Web server on the
Internet, running on almost 50 percent of all Web servers: It rarely
crashes and, once set up, Apache doesn't require much in the way of
maintenance. Plus, the price is right: it's free."
</EM>
</BLOCKQUOTE>
<P>
<STRONG>San Jose Mercury News, December 12th 1997</STRONG>
<A HREF="http://www1.sjmercury.com/columnists/gillmor/docs/dg121297.htm">
<STRONG><CITE>There's money to be made in freeware</CITE></STRONG></A>
<BR>
<BLOCKQUOTE>
<EM>
"If some cosmic force caused all of the free software at work on
today's Internet to suddenly stop running, major portions of the Net
would come to a grinding halt -- because free software, sometimes
called freeware, is at the heart of the action."
</EM>
</BLOCKQUOTE>
<P>
<STRONG>BYTE Magazine, December 1997 issue</STRONG>
<A HREF="http://www.byte.com/art/9712/sec8/art1.htm">
<STRONG><CITE>The Value of Free Software</CITE></STRONG></A>
<BR>
<BLOCKQUOTE>
<EM>
"The Apache project runs differently than most freeware
projects. Perl, for example, continues to evolve under the watchful
eye of its creator, Larry Wall. Likewise, Linux does the same under
Linus Torvalds. But Apache is governed by 13 co-equal developers who
share permission to commit changes to the Apache source tree."
</EM>
</BLOCKQUOTE>
<P>
<STRONG>C|Net, Nov. 25th 1997</STRONG>
<A HREF="http://builder.cnet.com/Business/Paul/112597/">
<STRONG><CITE>Top Ten Things to be Thankful For, #10</CITE></STRONG></A>
<BR>
<BLOCKQUOTE>
<EM>
"The Apache Group and the free Apache HTTP server stand
as an appealing throwback to the early, less-commercial,
days of the Net when things seemed to be done for love,
not for money. Free and open standards supported and
maintained by the people who use them are still a good
thing for the Web. And, hey, Apache is a damn fine server,
too."
</EM>
</BLOCKQUOTE>
<P>
<STRONG>Salon Magazine, 20 November 1997</STRONG>
<A HREF="http://www.salonmagazine.com/21st/feature/1997/11/cov_20feature.html">
<STRONG><CITE>Apache's Free Software Warriors</CITE></STRONG></A>
<BR>
<BLOCKQUOTE>
<EM>
"A red feather resting against the words "Powered by Apache": On the
Web, the logo is everywhere. And for good reason -- the Apache Web
server, a piece of software that transforms ordinary computers into
sites on the World Wide Web, is by far the most popular choice for
Webmasters everywhere."
</EM>
</BLOCKQUOTE>
<P>
<STRONG>InternetWeek, 13 October 1997</STRONG>
<A HREF="http://techweb.cmp.com/internetwk/reviews/rev1013.htm">
<STRONG><CITE>Unix Web Servers: Unhyped But Not Forgotten </CITE></STRONG></A>
<BR>
<BLOCKQUOTE>
<EM>
"Apache excels as a well-designed, flexible server. As your needs
grow, you will find that the Apache development team has probably
anticipated your growth and already implemented the features you
need."
</EM>
</BLOCKQUOTE>
<P>
<STRONG>Net Insider, 30 September 1997</STRONG>
<A HREF="http://www.techweb.com/internet/news/features/1997/09/webserver1.html">
<STRONG><CITE>Apache Dominates Web Server Market</CITE></STRONG></A>
<BR>
<BLOCKQUOTE>
<EM>
"Although Microsoft and Netscape
have spent a lot of marketing muscle promoting their browsers
and servers, ... Apache ... is far more popular on today's
Internet than products from either vendor."
</EM>
</BLOCKQUOTE>
<P>
<STRONG>ZDNet, Jesse Berst's Anchordesk, 26 September 1997</STRONG>
<A HREF="http://www.zdnet.com/anchordesk/story/story_1284.html">
<STRONG><CITE>The World's Cheapest Web Server. The World's Most Popular Web
Server. (Psst! It's the Same One!)</CITE></STRONG></A>
<BR>
<BLOCKQUOTE>
<EM>
"Apache's main draw isn't that it's free. Discerning Webmasters choose
Apache for these three reasons: flexibility, scalability, [and]
cutting edge features."
</EM>
</BLOCKQUOTE>
<P>
<STRONG>The New York CyberTimes "<SAMP>undeveloped</SAMP>", 13
August 1997:</STRONG>
<A
HREF="http://www.nytimes.com/library/cyber/under/081397under-tacy.html"
><STRONG><CITE>Maligning Free Software Is a Growing Web
Tradition</CITE></STRONG></A>
(login required)
<BR>
<BLOCKQUOTE>
<EM>
"While people can argue the merits of Perl forever, you aren't going to
get a lot of people claiming that Apache is an inferior product."
</EM>
</BLOCKQUOTE>
<P>
<STRONG>IEEE Internet Computing, July-August 1997:</STRONG>
<A
HREF="http://pascal.computer.org/ic/books/ic1997/pdf/w4088.pdf"
><STRONG><CITE>Collaborative Work: The Apache HTTPD Server
Project</CITE></STRONG></A>
(Acrobat PDF file)
<br>restricted to IEEE Computer Society members with a valid E-Account.
<BR>
<BLOCKQUOTE>
<EM>
"The Apache HTTP Server Project ...
collaborative software development effort has created
a robust, feature-rich HTTP server software package that
currently dominates the public Internet market..."
</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>La Nacion</CITE>, 1 July 1997:
"<A HREF="http://www.lanacion.com/suples/infor/00notas/05-apache/nota.htm"
>apache! con el calor del viejo espíritu</A>"
</STRONG>
(Spanish)
</P>
<BLOCKQUOTE>
<EM>"la historia del servidor más popular de Internet"</EM>
</BLOCKQUOTE>
<P><STRONG>Wired, June 28th 1997:
<A HREF="http://www.wired.com/news/news/wiredview/story/4753.html">Software Wants to Be Free</A></STRONG>
<BR><BLOCKQUOTE><EM>
"It's no secret that Apache is the most powerful, the most flexible, and the best Web-server software on the market."</EM></BLOCKQUOTE>
<P><STRONG>
<A HREF="http://www8.zdnet.com/pcweek/news/0609/09apache.html">
PC Week, June 9th 1997, "Fort Apache"</A></STRONG>
<BR><BLOCKQUOTE><EM>
"`The whole motivation was to fix some bugs in NCSA,' said Brian
Behlendorf, an Apache coordinator and chief technology officer at
Organic Online, in San Francisco. `We just found each other over
the Internet.'"
</EM></BLOCKQUOTE>
<P><STRONG>Informationweek, June 2nd 1997:
<A HREF="http://www.techweb.com/se/directlink.cgi?IWK19970602S0051">
Web servers -- Apache:Freely Successful --
The Net's Web server shareware continues to gain popularity</A></STRONG>
<BR><BLOCKQUOTE><EM>
"The Apache Group has accomplished a feat that should make it the envy
of commercial software developers everywhere. Without spending a cent on
research, marketing, or advertising, this group of volunteer programmers
created Apache-Web server software that may be the most widely used
product on the Internet today."
</EM></BLOCKQUOTE>
<P><STRONG>WebWeek, March 17th, 1997:
<A HREF="http://www.internetworld.com/print/1997/03/17/infrastructure/blasts.html">
New Web Server Blasts Pages Across the Net</A></STRONG>
<BR><BLOCKQUOTE><EM>
"HTTP/1.1 support improves web speed by two to eight times - Apache support
for HTTP/1.1 complete."
</EM></BLOCKQUOTE>
<P><STRONG>PC Week, December 16th, 1996:
<A HREF="http://www.zdnet.com/pcweek/sr/1216/16labs.html">
The Net sires many of year's best products, technologies</A></STRONG>
<BR><BLOCKQUOTE>
Apache named in PC Week's Top Ten for 1996
</BLOCKQUOTE>
<P><STRONG>ix Multiuser Multitasking Magazin, Dezember 1996:
<A HREF="http://www.heise.de/ix/artikel/E/9612149/">
Forwarded -- URL manipulation with Apache</A></STRONG>
<BR><BLOCKQUOTE>
A six page featuring article about the new URL rewriting module (mod_rewrite)
which was contributed to Apache 1.2. Original article was written in german
and published in the print version #12/96 of iX. The translated version was
published on the Web, only.
</BLOCKQUOTE>
<P><STRONG>Interactive Week, November 11th 1996:
<A HREF="http://www.zdnet.com/intweek/daily/a961111.html">
Wagons Circle, But Apache Server Still Alive</A></STRONG>
<BR><BLOCKQUOTE><EM>
"Apache increases its lead throughout October". </EM>IW interviews several Apache
users to find out why.
</BLOCKQUOTE>
<P><STRONG>Computer Currents, 2nd August 1996:
<A NAME="http://www.currents.net/newstoday/96/08/02/news.html">
Apache Consolidates Lead In Web Server Market</A></STRONG><BR>(Text no longer available)
<BR><BLOCKQUOTE><EM>
The August survey of World Wide Web servers has found the number running the Apache software
have continued to grow with the gap widening against the competition
</EM></BLOCKQUOTE>
<P><STRONG>C|Net, 1st August 1996:
<A HREF="http://www.news.com/News/Item/0,4,2009,00.html">
Gates: Explorer will be huge</A></STRONG>
<BR><BLOCKQUOTE><EM>
"On the Web server side, however, Gates doesn't see Netscape as his
chief competitor. `Apache [free Web server software distributed over
the Net] is our biggest competitor. It's gaining share faster than
Netscape.'"</EM></BLOCKQUOTE>
<P><STRONG>Netscape World, July 1996:
<A HREF="http://www.netscapeworld.com/netscapeworld/nw-07-1996/nw-07-apache.html">
Apache on the warpath, NCSA getting scalped</A></STRONG>
<BR><BLOCKQUOTE><EM>
"Apache retains the lion's share of the server
software market, and its numbers are growing as the NCSA server falls from favor."
</EM></BLOCKQUOTE>
<P><STRONG>Websmith, July 1996:
<A HREF="http://www.ssc.com/websmith/issues/i4/ws57.html">
How to hack your server</A></STRONG>
<BR>
<BLOCKQUOTE><EM>
"Many times faster than CGI, the Apache API gives developers direct access to the server core. This is the first in a series of articles dealing with the Apache API."
</EM></BLOCKQUOTE>
<P><STRONG>C|Net, 6th June 1996:
<A HREF="http://www.news.com/News/Item/0,4,1504,00.html">
Netscape fixes Apache in its sights</A></STRONG>
<BR>
<BLOCKQUOTE><EM>
"While Netscape Communications has by far the largest piece of the browser
market, the company's Web server software lags well behind its freeware
counterparts. Now, Netscape has started trying harder to figure out why."
</EM></BLOCKQUOTE>
<P><STRONG>WebWeek, 20th May 1996:
<A HREF="http://www.internetworld.com/print/1996/05/20/products/apache.html">
Apache Leads Web Server Pack</A></STRONG>
<BR>
<BLOCKQUOTE><EM>
"Apache users are a fiercely loyal bunch who report that
the development team behind Apache has done a great job in quickly
adding features and addressing bugs in the platform."
</EM></BLOCKQUOTE>
<P><STRONG>SunWorld Online, May 1996:
<A HREF="http://www.sun.com/sunworldonline/swol-05-1996/swol-05-webservers.html">
What to Look for in a Web Server</A></STRONG>
<BR><BLOCKQUOTE><EM>
"...if you're willing to invest a little time and want excellent support from
the best minds in the industry, Apache is the clear winner. "
</EM></BLOCKQUOTE>
<P><STRONG>Apache Group, 4th April 1996:
<A HREF="http://www.apache.org/press/04apr96.txt">
Apache Group announces the world's most popular Webserver
</A></STRONG>
<BR><BLOCKQUOTE><EM>
"The Apache Group today announced that their
popular webserver, Apache, was found by the Netcraft Web Server Survey
to be the most popular server on the Internet"
</EM></BLOCKQUOTE>
<P>
<HR>
</BODY></HTML>
1.1 httpd-site/xdocs/info/in_the_news_1999.html
Index: in_the_news_1999.html
===================================================================
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML>
<HEAD>
<TITLE>Apache in the News</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<IMG SRC="../images/apache_sub.gif" ALT="">
<H2>Apache in the News: 1998, 1999</H2>
<P>
Since becoming the #1 Web server, Apache has featured in a number
of reviews and articles.
This page lists just some
of the stories that appeared on-line up to the end of 1999. It is likely
that the links to some of these stories may no longer be available.
<P>
Apache in the News: <a href="../in_the_news.html">2001,2000</a> |
1999,1998 |
<a href="in_the_news_1997.html">1997,1996</a>
</P>
<HR>
<P>
<STRONG>
<CITE>CNN.com / IDG.net / LinuxWorld</CITE>, December 1999:
"<A HREF="http://www.cnn.com/1999/TECH/computing/12/28/covalent.idg/index.html">
Does Covalent have a recipe for open source success?</A>"
</STRONG>
<BLOCKQUOTE>
<EM>"Today, [Covalent Technologies] is focused exclusively on
providing support and products for the Apache server... The goal will
be an enterprise-level Apache solution that can compete successfully
with Microsoft and Netscape for use by the largest ecommerce sites."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>CNN.com / IDG.net / The Industry Standard</CITE>, November 1999:
"<A HREF="http://www.cnn.com/TECH/computing/9911/24/top10.hardware.tis.idg/index.html">
10 companies that will make the Web grow </A>"
</STRONG>
<BLOCKQUOTE>
<EM>"Expect the software to make significant inroads into
enterprise, as IBM slowly meshes the software into its Web server
and transforms its global consultants into Apache experts."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>Dr. Dobbs Journal</CITE>, September 1999:
"<A HREF="http://www.ddj.com/articles/1999/9909/9909o/9909o.htm">
The Negotiator</A>"
</STRONG>
<BLOCKQUOTE>
<EM>"The Apache Group earned the right to lead the way in
server-side Java by proving to Sun and the rest of the world that
volunteer programmers working together can deliver high-quality code
on predetermined schedules."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>PC Magazine</CITE>, March 23, 1999 Issue:
"<A HREF="http://www.zdnet.com/pcmag/features/opensource/390830.html">
Apache Rules The Web</A>"
</STRONG>
<BLOCKQUOTE>
<EM>"No program has done more to dispel the notion that open-source
can't survive in the real world than the Web server Apache."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>Apple Computer, Inc.</CITE>, January 5, 1999, Press Release:
"<A HREF="http://www.apple.com/pr/library/1999/jan/05osxserver.html"
>Apple Mac OS X Server Uses Apache</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"Apple has chosen to include the Apache HTTP Server
in their new Mac OS X Server OS."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>NewMedia</CITE>, January 1999, vol. 9.1, cover story:
"<A HREF="http://newmedia.com/newmedia/99/01/feature/Set_Free.html"
>Set Your Code Free</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"We use Apache because it's the best Web server
currently available and we can customize it to suit our
needs, again because the source code is there."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>Forbes</CITE>, August 10 1998, cover story:
"<A HREF="http://www.forbes.com/forbes/98/0810/6203094a.htm"
>For the love of Hacking</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"Apache knocked Netscape's closed-source Web
server out of the running for the cornerstone
of IBM's Web commerce package. "</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>IBM News</CITE>, 22 June 1998:
"<A HREF="http://www.ibm.com/News/1998/06/223.phtml"
>IBM ... Bundles leading-edge tools and technologies from
Apache and NetObjects into IBM WebSphere Application Server</A>"
</STRONG>
<BLOCKQUOTE>
<EM>"IBM will ship the Apache HTTP server with the IBM WebSphere Application
Server, helping current Apache users to evolve to e-business solutions.
As part of the WebSphere Application Server package, IBM will provide
commercial, enterprise-level support for the Apache HTTP Server. In addition,
IBM will be a full participant in the Apache HTTP Server Project,
a collaborative development effort, and will make contributions to
enhance the capabilities of the Apache HTTP Server."</EM>
</BLOCKQUOTE>
<P>
Other press about this announcement:
</P>
<UL>
<LI><A HREF="http://www.apache.org/press/22Jun98.html">Apache Group press release</A>
</LI>
<LI><CITE>The Industry Standard</CITE>:
"<A HREF="http://www.thestandard.net/articles/article_display/0,1449,720,00.html?01"
>IBM to Adopt Apache as Preferred E-commerce Web Server</A>"
</LI>
<LI><CITE>PC Week</CITE>:
"<A HREF="http://www.zdnet.com/pcweek/news/0615/19mibm.html"
>IBM backs freeware Apache in new app server</A>"
</LI>
<LI><CITE>Wired News</CITE>:
"<A HREF="http://www.wired.com/news/news/business/story/13117.html"
>IBM Picks Apache</A>"
</LI>
<LI>C|Net's <CITE>News.com</CITE>:
"<A HREF="http://www.news.com/News/Item/0,4,23364,00.html?st.ne.fd.gif.f"
>IBM fuels 'freeware' efforts</A>"
</LI>
<LI><CITE>Jesse Berst's AnchorDesk</CITE>:
"<A HREF="http://www.zdnet.com/anchordesk/story/story_2240.html"
>Freeware Gains Momentum with IBM Support</A>"
</LI>
</UL>
<P>
<STRONG>
<CITE>Software Development</CITE>, June 1998:
"Apache: An Open-Source Software Success Story,"
by Warren Keuffel
</STRONG>
</P>
<P>
<STRONG>
<CITE>Fast Company</CITE>, May 1998, Issue 14, page 38:
"<A HREF="http://www.fastcompany.com/online/14/rftf.html"
>The Best Things in Life Are Free</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"Apache's real miracle is not so much its success in the software market
as its magnetic draw in the talent market. No single company could hope
to hire the diverse programming team that came together to create Apache.
Even more amazingly, this global collection of brainpower received no
compensation for its effort. Sure, the product is free. But so is the
labor."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>Performance Computing</CITE>, May 1998:
"<A HREF="http://www.performancecomputing.com/columns/web/9805.shtml"
>The Apache HTTP Server</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"it's no secret that an Apache-UNIX combination
for a Web server yields the most in terms of performance
and stability, since Apache servers are optimized for
efficient Web transactions while simultaneously being
more stable than the commercial Microsoft and Netscape
offerings."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>WEBTechniques</CITE>, May 1998, Volume 3, Issue 5:
"<A HREF="http://www.WebTechniques.com/features/1998/05/engelschall/engelschall.shtml"
>Load Balancing Your Web Site</A>"
</STRONG>
</P>
<BLOCKQUOTE>
Article from Apache Group member
<A HREF="contributors/#rse">Ralf S. Engelschall</A>
about two practical approaches for distributing HTTP traffic between websites:
A DNS-based round-robin method and an Apache-based random-choice method.
<EM>"The Apache-based method presents a solution where a heavily
stripped down Apache 1.3 webserver is configured as a reverse proxy in
front of backend webservers via a tricky mod_rewrite/mod_proxy
combination."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>Network Magazine</CITE>, April 1998:
"<A HREF="http://www.networkmagazine.com/magazine/archive/1998/04/9804poy.htm#Web_Server"
>The 1998 Products of the Year</A>" (registration required)
</STRONG>
</P>
<BLOCKQUOTE>
Apache wins the 1998 product of the Year award in the "Web Server"
category.
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>ZDNet</CITE>, April 1998:
"<A HREF="http://www.zdnet.com/zdnn/content/inwk/0512/303374.html"
>Web Servers: Offering More Services</A>"
</STRONG>
</P>
<BLOCKQUOTE>
A report on the divergence between embedded web servers and servers
for traditional operating systems. It also covers the multiprocess versus
multithreaded issue for web servers:
<EM>"Apache is an example of a
multiprocess Web server. IIS from Microsoft
and Enterprise Server from Netscape use a multithreaded
approach."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>C|Net</CITE>, 9 Mar 1998:
"<A HREF="http://www.cnet.com/Content/Reviews/Special/Iawards98/ss02.html"
>C|Net Award for Internet Excellence goes to Apache</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"Part of Apache's charm is that it costs nothing and that its source
code is freely available for anyone to take and customize or
extend. Of course, free wouldn't count for much if the software
didn't work, but the Apache Project has built a stable, speedy Web
server that runs on almost all flavors of Unix, OS/2, and even
Windows."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>Computer Currents</CITE>, 3 Mar 1998:
"<A HREF="http://www.currents.net/magazine/national/1605/inet1605.html"
>Intranet Explorer: Free Service</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"All in all, the latest releases of Apache are attractive solutions for
anyone who wants to run a Web site. You get cross-platform support,
adherence to the important standards, and a fast, powerful Web server
that's easy to set up and maintain. And the price is right. If you're
looking for a Web server, definitely take a look at Apache."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
C|Net's <CITE>BUILDER.COM</CITE>, 24 Feb 1998:
"<A HREF="http://builder.cnet.com/Servers/NtWeb/ss05.html"
>Running on NT: 5 Web servers compared - Apache 1.3b3</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"Apache is the ultimate in minimalist server software. There's
no fancy Windows- or HTML-based administration interface,
just a few text configuration files that you edit in your
favorite text editor. For people weaned on fancy GUIs, the
text files take a bit of getting used to. After a while,
though, you'll appreciate the absolute control they offer.
With a GUI, you can never really be sure what's happening
behind the scenes. With Apache you know, because you're
the one editing all the configuration information by hand."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>Wired News</CITE>, 9 Feb 1998:
"<A HREF="http://www.wired.com/news/news/technology/story/10136.html"
>Filename Bug Leaves Servers Open to Snoops</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"Marc Slemko, a Canadian university student and
member of the Apache Web Project, discovered the
bug in January while testing the new Windows NT
version of the Apache web server for potential
security problems."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
C|Net's <CITE>News.com</CITE>, 1 Feb 1998:
"<A HREF="http://www.news.com/SpecialFeatures/0,5,18652,00.html"
>Source Code for the Masses</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"The freeware philosophy
places the responsibility of creating, changing,
and debugging complex systems in the hands
of complete strangers linked only by the
Internet and their love of technology."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>ABCNews.com</CITE>, 29 Jan 1998:
"<A HREF="http://more.abcnews.go.com/sections/business/apache_0129/index.html"
>Apache: Peaceful Web Warrior</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"Most of the people in the Apache Group are old
Web veterans," says Apache member Jim Jagielski. "We
love the Web and we love Apache. Its very similar to
how things used to be in the early days."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
Various, 22 Jan 1998: Netscape Releases Source to Navigator 5.0
</STRONG>
</P>
<BLOCKQUOTE>
Netscape has decided to release source code to their Navigator
product line; a move that has been compared favorably to the methods
by which Apache is developed. Here are some links to stories on the
announcement which mentioned Apache:
<UL>
<LI><STRONG><CITE>Wired News</CITE>:
"<A HREF="http://www.wired.com/news/news/technology/story/9813.html"
>Netscape Frees Communicator 5.0 Code</A>"</STRONG>
</LI>
<LI><STRONG><CITE>ZDNews</CITE>:
"<A NAME="http://headlines.yahoo.com/zdnews/stories/885575313.html"
>Netscape's harshest critic: A 'brilliant move'</A>"</STRONG>
(no longer available)
</LI>
<LI><STRONG>C|Net's <CITE>News.com</CITE>:
"<A HREF="http://www.news.com/News/Item/0,4,18392,00.html"
>Netscape's play: Bold or desperate?</A>"</STRONG>
</LI>
<LI><STRONG><CITE>MSNBC</CITE>:
"<A HREF="http://www.msnbc.com/news/139296.asp"
>A Titanic challenge to Microsoft</A>"</STRONG>
</LI>
</UL>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>CNN Custom News</CITE>, 6 Jan 1998:
"<A NAME="http://customnews.cnn.com/cnews/pna.show_story?p_art_id=2216942&p_section_name=S"
>Apache Servers Pass 50% in Web Server Survey</A>"
</STRONG>
(no longer available)
<P>
<BLOCKQUOTE>
<EM>"The Apache Web server, and its related versions, can now be found on
over half of all servers on the open Internet, according to the
January Web server survey of Britain's Netcraft. The company
automatically polled 1,834,710 Web sites for its latest survey."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
<CITE>Internetnews.com</CITE>, 5 Jan 1998:
"<A HREF="http://www.internetnews.com/wd-news/1998/01/0501-apache.html"
>Apache Server Still the King</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"The Apache Web Server initially got its start as a set of patches to
the original NCSA Web Server in 1995. It was one of the first servers
to implement the HTTP/1.1 protocol, and has since established itself
as the leading Web server, far surpassing both Microsoft and Netscape
Web servers."</EM>
</BLOCKQUOTE>
<P>
<STRONG>
Apache Group Press Release, 5 Jan 1998:
"<A HREF="http://www.apache.org/press/05Jan98.txt"
>Apache Webserver Serves Over Half The Internet</A>"
</STRONG>
</P>
<BLOCKQUOTE>
<EM>"The Apache Web Server, from the Apache Group, now serves over half
the domains on the Internet, according to the latest Netcraft Web
Server Survey."</EM>
</BLOCKQUOTE>
<HR>
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/index.xml
Index: index.xml
===================================================================
<document>
<properties>
<author email="docs@httpd.apache.org">Documentation Group</author>
<title>Apache Miscellaneous Information</title>
</properties>
<body>
<section id="library">
<title>Project Library</title>
<p>The <a href="../library/">Project Library</a> contains links to
various documents and resources relevant to the Apache Web server.</p>
</section>
<section id="css-security">
<title>Cross Site Scripting security problem</title>
<p><a href="css-security/">Information</a> on a security vulnerability resulting from the interaction
between client-side scripting and server-side dynamic content.</p>
</section>
<section id="dev">
<title>Apache Development Site</title>
<p>The <a href="../dev/">Apache development section</a> includes
information for Apache developers and folks interested in testing
development releases of Apache software.</p>
</section>
<section id="books">
<title>Apache Books</title>
<p>A <a href="apache_books.html">list of books</a> written about the
Apache Web server.</p>
</section>
<section id="mirror">
<title>How to mirror</title>
<p>A <a href="how-to-mirror.html">description</a> of how to setup your site as an Apache mirror.</p>
</section>
<section id="support">
<title>Organizations providing support</title>
<p>A <a href="http://www.apache.org/info/support.cgi">list of organizations</a>
that provide third-party commercial support for the Apache server.</p>
</section>
<section id="older">
<title>Older Information</title>
The documents below are mainly of historical interest.
<dl>
<dt><a href="../info.html">Information on the Apache HTTP Server Project</a></dt>
<dd>An obsolete description of some background information related to
the Apache Project.</dd>
<dt><a href="known_bugs.html">Known Bugs in Apache</a></dt>
<dd>This is a list of the most important bugs in each version.</dd>
<dt><a href="security_bulletin_1.2.5.html">Security Advisory</a></dt>
<dd>A security advisory discussing possible security issues in Apache
versions before 1.2.5, including 1.3 beta versions up to
and including 1.3b3.</dd>
<dt><a href="http://www.faure.de/Apache+SSL+PHP+fp-howto-1p.html"
>General-Purpose Server Configuration</a></dt>
<dd>A user-written 'howto' describing setting up Apache with SSL,
PHP version 2, and FrontPage.</dd>
<dt><a href="aol-http.html">AOL and HTTP/1.1</a></dt>
<dd>A description of AOL's poorly thought out decision to try to
force their own standards on the web.</dd>
<dt><a href="apache_nt.html">Apache and Windows NT</a></dt>
<dd>A description of the progress of Apache for the
Windows NT platform.</dd>
<dt><a href="jdk-102.html">JDK 1.0.2</a></dt>
<dd>Explanation of problems encountered when using Sun's JDK v1.0.2
with Apache 1.2 and later.</dd>
<dt><a href="three-config-files.html">Three Config Files</a></dt>
<dd>An old explanation of why Apache had three separate config
files.</dd>
</dl>
</section>
</body>
</document>
1.1 httpd-site/xdocs/info/jdk-102.html
Index: jdk-102.html
===================================================================
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE>Java and HTTP/1.1
</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#000080"
ALINK="#FF0000">
<DIV ALIGN="CENTER">
<IMG
SRC="../images/apache_sub.gif"
ALT="[APACHE DOCUMENTATION]"
>
</DIV>
<H1 ALIGN="CENTER">
Java and HTTP/1.1
</H1>
<HR>
<P>
The Apache Group has received a few reports concerning problems
accessing Apache 1.2 sites using Java applications and applets.
Investigation revealed a problem in Sun's JDK (Java Development Kit)
version 1.0.2.
</P>
<H3>
So, What's The Problem?
</H3>
<P>
The symptom of the problem is this: Java classes involved in
accessing Web URLs (such as <SAMP>URLConnection</SAMP> and friends)
will return the HTTP headers as well as the document contents. That
is, if you use <SAMP>URLConnection</SAMP> to access an URL such as
<SAMP>http://localhost/foo.gif</SAMP> and your <SAMP>localhost</SAMP>
server responds with HTTP/1.1 headers, your code is going to receive
the textual headers before the actual image contents.
</P>
<H3>
What's The Solution?
</H3>
<P>
This problem was identified and corrected by Sun in September of 1996,
and the fix is present in the JDK 1.1 and JDK 1.1.1 releases. So any
applets or applications that run in either of these post-1.0.2
environments should work correctly.
</P>
<P>
In addition, the foundation class which contained the problem is one
that is labeled as a "manufacturer specific handler", and is
typically supplied by the vendor porting the Java virtual machine
environment. So there's a good chance that fairly-recent browsers
won't have this problem, because the vendors will have provided an
implementation class that didn't inherit the problem in the JDK 1.0.2
class library.
</P>
<H3>
Is There a Workaround?
</H3>
<P>
Yes and no:
</P>
<DL COMPACT>
<DT><STRONG>Yes</STRONG>
</DT>
<DD>If you run an Apache 1.2 server, you can instruct the server to
"fake" HTTP/1.0 responses by adding
<A
HREF="../docs/mod/mod_browser.html#browsermatch"
><SAMP>BrowserMatch</SAMP></A>
directives to the configuration files. (See the
<A
HREF="../docs/misc/FAQ.html#jdk1-and-http1.1"
>Apache FAQ</A>
for exact details.) By doing this, any client on the net that
accesses your server using Java and the JDK 1.0.2 class library will
get the response it expects.
<P>
</P>
</DD>
<DT><STRONG>No</STRONG>
</DT>
<DD>If you <EM>as an user</EM> are encountering this problem, there
is no real workaround (other than contacting the webmaster of the
server(s) involved and bringing it to their attention). Your best
action is to upgrade to a "safe" virtual machine such as
JDK 1.1.1 or Mozilla 3.01 or later.
<P>
</P>
</DD>
</DL>
<P>
</P>
<HR>
<H5>
Thanks for identifying this problem and its causes, workarounds, and
solutions are due to many individuals around the net.
</H5>
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/known_bugs.html
Index: known_bugs.html
===================================================================
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Apache HTTP Server Project</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<IMG SRC="../images/apache_sub.gif" ALT="">
<H1 ALIGN="CENTER">Known Bugs in Apache</H1>
The most up-to-date resource for bug tracking and information is the
<A HREF="http://bugs.apache.org/">Apache bug database</A>.
Significant bugs at release time will also be noted there.
If you are running a 1.3 beta release, or version 1.2.X or earlier
and think you have found a bug, please upgrade to 1.3. Many bugs
in early versions have been fixed in 1.3.
<P>This document is not a complete list of known bugs, but simply
a list of some of the more common ones. <FONT COLOR="red">Be sure
to check the bug database before assuming that if it isn't listed
here it isn't reported or fixed.</FONT>
<P>If you see a reference to a fix appearing in a version which has
not yet been officially released, you can get a snapshot of the
current CVS tree from <A HREF="http://httpd.apache.org/from-cvs/">the
CVS snapshot directory</A>.
<P>See Also: <A HREF="../docs/misc/compat_notes.html">Compatibility notes</A>,
and <A HREF="../docs/misc/known_client_problems.html">our list of known client
problems</A>.</P>
<HR>
<H2>Apache 1.3.4 Bugs</H2>
<OL>
<LI><STRONG>Win32 only</STRONG> Apache will not serve filenames starting
with "<CODE>COM</CODE>" or containing "<CODE>.COM</CODE>". Instead
it will respond with a 403 Forbidden message, and log the error
"<CODE>Filename is not valid</CODE>". See <A
HREF="http://bugs.apache.org/index/full/3769">PR#3769</A>.
<LI><STRONG>Unix only</STRONG> "<CODE>make install</CODE>" fails on
some operating systems. This occurs when the operating system
version of tar does not support the "h" option. It has been reported
on SCO and BSDI. It does not affect systems which use GNU tar.
See <A HREF="http://bugs.apache.org/index/full/3807">PR#3807</A>.
</OL>
<H2>Apache 1.3.0 Bugs</H2>
<OL>
<LI>On NT, "#exec cmd" in SSI pages does not work. No fix available yet.
<LI>On NT, mod_rewrite doesn't properly spawn children for logging
and URL mapping. Fixed in 1.3.1, <A
HREF="http://www.apache.org/websrc/viewcvs.cgi/apache-1.3/src/modules/standard/mod_rewrite.c.diff?r1=1.113&r2=1.114">patch
available here.</A>
<LI>NeXT didn't compile completely; fixed in 1.3.1.
</OL>
<H2>Apache 1.3b7 Bugs</H2>
<OL>
<LI><STRONG>Win32 only</STRONG> CGI scripts do not work because of two
problems. First, the CGI environment variables are not being
passed on to the script. See <A
HREF="http://bugs.apache.org/index/full/2294">PR#2294</A> for more
details. Secondly, the current working directory of the script
is not being set, which affected scripts which relied on the
directory being set to the directory containg the CGI program
itself (although this is not a requirement of the CGI/1.1
specification). See <A
HREF="http://bugs.apache.org/index/full/2317">PR#2317</A> for more
details. These bugs have been fixed in 1.3.0.
<LI>The $ character inside an SSI directive is not being correctly
interpreted unless it marked the start of a variable. In
particular, it does not work for marking the end of line in a
regular expression. See <A
HREF="http://bugs.apache.org/index/full/1921">PR#1921</A> and <A
HREF="http://bugs.apache.org/index/full/2249">PR#2249</A> for more
details. This bug has been fixed in 1.3.0
</OL>
<H2>Apache 1.3b5 Bugs</H2>
<OL>
<LI>Certain mod_rewrite configurations do not work correctly. Apply
<A HREF="http://www.apache.org/dist/httpd/patches/apply_to_1.3b5/PR1847.patch">this
patch</A> to fix the problem. See
<A HREF="http://bugs.apache.org/index/full/1847">PR#1847</A> for more details.
<LI>Using multiple arguments to UserDir does not work correctly. Apply
<A HREF="http://www.apache.org/dist/httpd/patches/apply_to_1.3b5/PR1850.patch">this
patch</A> to fix the problem. See
<A HREF="http://bugs.apache.org/index/full/1850">PR#1850</A> for more details.
<LI>absoluteURI parsing is broken, so the proxy won't work. Apply
<A HREF="http://www.apache.org/dist/httpd/patches/apply_to_1.3b5/PR1889.patch">this
patch</A> to fix the problem. See
<A HREF="http://bugs.apache.org/index/full/1889">PR#1889</A> for more details
<LI><STRONG>Win32 only</STRONG> Use of #! at the start of a CGI script file
does not work unless the interpreter filename includes the
extension (e.g. use <SAMP>#!c:/bin/perl.exe</SAMP> instead of
<SAMP>#!c:/bin/perl</SAMP>).
<LI><STRONG>NT only</STRONG> When installed as a service, Apache expects
to find its ServerRoot at \Apache on the system disk. See
<A HREF="http://bugs.apache.org/index/full/1489">PR#1489</A>.
<LI><STRONG>Win32 only</STRONG> The <CODE>Alias</CODE> directive does not
work if the target is a root directory, e.g. D:/. See
<A HREF="http://bugs.apache.org/index/full/1558">PR#1558</A>.
<LI><STRONG>Win32 only</STRONG> Repeated concurrent requests to a CGI
program can cause Apache to lock-up. See
<A HREF="http://bugs.apache.org/index/full/1129">PR#1129</A> and
<A HREF="http://bugs.apache.org/index/full/1607">PR#1607</A>.
</OL>
<H2>Apache 1.3b3 Bugs</H2>
<OL>
<LI>The error_log may contain "(0)Unknown error: mmap_handler:
mmap failed" errors. Ignore them, it is a logic error and does not
indicate any problem. This will be corrected in a later beta.
<LI>Servers operating in inetd mode will not properly implement timeouts.
(Neither do servers operating with the -X command line switch for
debugging.)
This will be corrected in a later beta. A workaround for now is
to edit <CODE>src/main/httpd.h</CODE> and remove the definition
of <CODE>OPTIMIZE_TIMEOUTS</CODE> near the bottom.
<LI><STRONG>Win32 only:</STRONG> Building from source may fail because the buildmark.obj
file does not exist. Edit <CODE>Makefile.nt</CODE> and replace the
line <CODE>del CoreR\buildmark.obj</CODE> with <CODE>-del
CoreR\buildmark.obj</CODE> (and similarly for <CODE>del
CoreD\buildmark.obj</CODE>). See
<A HREF="http://bugs.apache.org/index/full/1473">PR#1473</A>.
<LI><STRONG>Solaris 2.6</STRONG> users may have troubles compiling the server with
gcc. As is frequently the case with gcc compilation troubles, this
is the result of an improperly built gcc. The gcc for solaris 2.6
found at <A HREF="http://www.sunfreeware.com/">www.sunfreeware.com</A>
is now built with the release version of solaris 2.6. The release version
of solaris 2.6 changed a few header files enough that the beta-built
gcc won't work with it. There are two workarounds mentioned in
<A HREF="http://bugs.apache.org/index/full/1336">PR#1336</A>.
<STRONG>This is not an Apache bug, and no code will be changed to deal with
it.</STRONG>
<LI><STRONG>NT only</STRONG> When installed as a service, Apache expects
to find its ServerRoot at \Apache on the system disk. See
<A HREF="http://bugs.apache.org/index/full/1489">PR#1489</A>.
<LI><STRONG>Win32 only</STRONG> The <CODE>Alias</CODE> directive does not
work if the target is a root directory, e.g. D:/. See
<A HREF="http://bugs.apache.org/index/full/1558">PR#1558</A>.
<LI><STRONG>Win32 only</STRONG> Repeated concurrent requests to a CGI
program can cause Apache to lock-up. See
<A HREF="http://bugs.apache.org/index/full/1129">PR#1129</A> and
<A HREF="http://bugs.apache.org/index/full/1607">PR#1607</A>.
<LI><STRONG>Win32 only</STRONG> Apache requires the file
<CODE>MSVCRT.DLL</CODE> to run. This is a Microsoft
redistributable file required for all C programs compiled by
MSVC++. Many other programs will require it, so it is already
installed on most systems. If Apache will not start because this
file is missing you can download it from <A
HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/msvcrt.exe">
ftp://ftp.microsoft.com/Softlib/MSLFILES/msvcrt.exe</A>. See <A
HREF="http://bugs.apache.org/index/full/1736">PR#1736</A>.
</OL>
<H2>Apache 1.3b2 Bugs</H2>
<H3>Win32 only</H3>
<OL>
<LI>CGI scripts that are called with information appended to the script
name that does <STRONG>not</STRONG> have an "<CODE>=</CODE>" in it
do not work.
See <A HREF="http://bugs.apache.org/index/full/1030">PR#1030</A>
<LI>Passwords stored in htpasswd files need to be stored in plain text,
since we do not yet have a <CODE>crypt()</CODE> under Win32.
<LI>On Windows 95, <CODE>DirectoryIndex</CODE> does not work.
See <A HREF="http://bugs.apache.org/index/full/1266">PR#1266</A>
<LI>On some versions of Windows 95, CGI scripts fail and paths given
with "#!" must contains \ instead of /.
<LI>When a CGI starts with "#!" to indicate an interpreter there must
be no space between the #! and the path.
See <A HREF="http://bugs.apache.org/index/full/1101">PR#1101</A>
<LI>If the CGI program cannot be run Apache logs a "premature end-of-headers"
error instead of an error about running the program.
See <A HREF="http://bugs.apache.org/index/full/1257">PR#1257</A>
</OL>
<H3>Unix only</H3>
<OL>
<LI>The USE_FLOCK_SERIALIZED_ACCEPT define is completely broken and does
not work at all. It has been this way since birth. A fix is pending.
<LI>Apache 1.3b2 doesn't seem to work for more than 6 hours on a Digital UNIX
(née DEC OSF/1) 3.2G system unless the following patches are
applied: OSFPAT00017700375 and OSFPAT00018000375. (See
<A HREF="http://bugs.apache.org/index/full/1314">PR #1314</A> for
full details.
</LI>
</OL>
<HR>
<H2>Apache 1.3a1 Bugs</H2>
<OL>
<LI>The <CODE><A HREF="../docs/mod/core.html#listen">Listen</A></CODE>
directive does not work when running under Windows.
<LI>For some reason, <A HREF="../docs/mod/mod_isapi.html">mod_isapi</A>
does not work (with Windows) when compiled using the
<CODE>Release</CODE> setting; it will crash the server whenever you
access an ISA DLL. It works fine when the server is compiled with
<CODE>Debug</CODE>.
</OL>
<H2>Apache 1.2 Bugs</H2>
<H3>Bugs still present in 1.2.4</H3>
<OL>
<LI><A NAME="listenbug">On some architectures</A>
if your configuration uses multiple
<A HREF="../docs/mod/core.html#listen">Listen</A> directives then it is possible
that the server will starve one of the sockets while serving hits on
another. The work-around is to add
<CODE>-DUSE_FLOCK_SERIALIZED_ACCEPT</CODE> to the
<CODE>EXTRA_CFLAGS</CODE> line in your Configuration and rebuild.
(If you encounter problems with that, you can also try
<CODE>-DUSE_FCNTL_SERIALIZED_ACCEPT</CODE>.)
This affects any architecture that doesn't use one of the
<CODE>USE_xxxxx_SERIALIZED_ACCEPT</CODE> definitions, see the
source file <CODE>conf.h</CODE> for your architecture.
This is being tracked as
<A HREF="http://bugs.apache.org/index/full/467">PR#467</A>.
<P>To resolve this problem, we are adding one of the above settings
to the default settings for platforms as we discover which is
appropriate for them. <STRONG>New as of 1.3b3:</STRONG> the server will
issue a warning when your architecture/config are subject to
this bug. The fixes and such are described in the PORTING
file. We are closing out this bug.
</LI><P>
<LI>
The PATH_INFO part of a request URI cannot include the sequence
<CODE>%2f</CODE>. This will be tracked as
<A HREF="http://bugs.apache.org/index/full/543">PR#543</A>.
</LI><P>
<LI>Users of early 1.2 betas reported problems with many
connections stuck in the FIN_WAIT_2 state due to server
timeouts. Several changes were made during the beta testing of 1.2
to reduce this problem as much as possible, although you may still
see sockets in FIN_WAIT_2 state due to network or operating system
issues outside the control of Apache. See our
<A HREF="../docs/misc/fin_wait_2.html">FIN_WAIT_2 page</A> for more
details.
<P>SunOS4 has a kernel bug in the allocation of memory for the mbuf table.
When it fills up, the result is a Panic the next time any routine tries
to set something in an imaginary mbuf beyond the range of the table.
Due to buggy browser behavior and the lack of a FIN_WAIT_2 timeout
on SunOS4, "KeepAlive Off" is necessary to avoid filling up the mbuf
table on busy sites.
</LI><P>
<LI>
Compiling on Solaris 2 with SunSoft's C compiler gives the warning
<CODE>"mod_include.c", line 1123: warning: end-of-loop code not
reached</CODE>. This is a bogus warning and can be ignored.
See <A HREF="http://bugs.apache.org/index/full/681">PR#681</A>.
</LI><P>
<LI>If compilation fails complaining about "unknown symbol __inet_ntoa()"
then you have probably installed version 8 of bind. You will need to
explicitly link with the bind library by adding <CODE>-lbind</CODE>
to <CODE>EXTRA_LDFLAGS</CODE> in <CODE>Configuration</CODE>. See
<A HREF="http://bugs.apache.org/index/full/616">PR#616</A>
and the
<A HREF="../docs/misc/FAQ.html#bind8.1">Apache FAQ</A>. This is not a bug
in Apache.
</LI><P>
<LI>The message "<CODE>created shared memory segment #730499</CODE>"
in error_log is not an error and should be ignored. See
<A HREF="http://bugs.apache.org/index/full/696">PR#696</A>.
</LI><P>
</OL>
<H3>Fixed in 1.2.4:</H3>
<OL>
<LI>
On Solaris 2.x the server will stop running after receiving a
SIGHUP. Four workarounds exist (choose one):<P>
<UL>
<LI>Recommended: upgrade to 1.2.4.
<LI>If you are running Apache 1.2.1, retrieve
<A HREF="http://www.apache.org/dist/httpd/patches/apply_to_1.2.1/solaris_hup.patch">this patch</A>.
<CODE>cd</CODE> to your <CODE>apache_1.2.1</CODE> directory, and
type <CODE>patch -s -p1 < /path/to/patchfile</CODE>. Then rebuild
Apache.<P>
<LI>Use SIGUSR1 instead of SIGHUP, see <A HREF="../docs/stopping.html">
Stopping and Restarting Apache</A> for more details.<P>
<LI>Add <CODE>-DNO_SLACK</CODE> to
<CODE>EXTRA_CFLAGS</CODE> in
your <CODE>Configuration</CODE> file, re-run <CODE>Configure</CODE>
and rebuild your server. This disables the
<A HREF="../docs/misc/descriptors.html">descriptor slack workaround</A>
</UL><P>
This problem was tracked as
<A HREF="http://bugs.apache.org/index/full/832">PR#832</A>.
</LI><P>
<LI>(Exists in 1.2.0 and in 1.2.1 after either of the
<CODE>NO_SLACK</CODE> or patch provided by the previous bug are applied.)
Solaris 2.5.1 (and probably other versions of Solaris) appear to have
a race condition completely unrelated to all the others. It is possible
during a SIGHUP that the server will fail to start because it will not
be able to re-open its sockets. To our knowledge this has only shown
up during testing when we pummel the server with as many SIGHUP requests
per second as we can. This appears unrelated to the similar sounding bug
described in <A HREF="http://bugs.apache.org/index/full/832">PR#832</A>.
</OL>
<P>
<H3>Fixed in 1.2.1</H3>
<OL>
<LI><A HREF="../docs/misc/descriptors.html"><STRONG>Workaround added</STRONG></A>
There appears to be a problem on BSDI 2.1 with large numbers of
virtual hosts. This appears similar to a file-descriptor limit
but BSDI should not have this problem. This will be tracked as
<A HREF="http://bugs.apache.org/index/full/611">PR#611</A>.
See also the <A HREF="../docs/misc/FAQ.html#fdlim">Apache FAQ</A>.
</LI><P>
<LI><A HREF="../docs/misc/descriptors.html"><STRONG>Workaround added</STRONG></A>.
Solaris 2 has problems with large numbers of virtual hosts. This is
because of an operating system limit of 256 file pointers, not due
to Apache. See also the
<A HREF="../docs/misc/FAQ.html#fdlim">Apache FAQ</A>.
</LI><P>
<LI>
<A NAME="cnegbug">Apache's</A>
<A HREF="../docs/content-negotiation.html">Content
Negotiation</A> should pick the smallest variant if there
are several that are equally acceptable. A bug in 1.2 means it no
longer does this unless all the variants have character sets.
This <A HREF="http://www.apache.org/dist/httpd/contrib/patches/1.2/conneg-bug.patch">patch</A>
fixes this problem. It also fixes the problem which makes Apache
pick the last equally acceptable variant instead of the first.
This will be tracked as
<A HREF="http://bugs.apache.org/index/full/94">PR#94</A>.
</LI><P>
<LI><P>Compilation fails on SCO3 when using gcc instead of cc, complaining
with "<CODE>gcc: noinline: No such file or directory</CODE>". Fix
is given in <A HREF="http://bugs.apache.org/index/full/695">PR#695</A>.
</LI>
</OL>
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/security_bulletin_1.2.5.html
Index: security_bulletin_1.2.5.html
===================================================================
<HTML><HEAD>
<TITLE>Apache Security Advisory</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<DIV ALIGN="CENTER">
<IMG
SRC="../images/apache_sub.gif"
ALT="[APACHE DOCUMENTATION]"
>
</DIV>
<H1 ALIGN="CENTER">Apache Security Advisory</H1>
<PRE>
Release Date: Tuesday, January 6 1998
Topic: Possible security issues with Apache in some configurations
Summary of Issues
============================================================
This advisory is to inform all Apache users of several possible
security issues that have been discovered during an internal security
review of the Apache source code.
DO NOT BE ALARMED BY THIS ADVISORY. This is a pro-active step
designed to be certain that users of Apache are advised of the
issues and can take appropriate action to minimize their risk.
None of these holes allow for a root compromise (they only impact
the user Apache runs as, as set with the "User" directive; if you
have this user set to root, then fix your configuration now because
you probably have a gaping security hole) and they generally
require that a user already have access to the system before they
can exploit them, meaning that on a large number of systems they
are of little practical concern. Some of the issues that have been
addressed might not be exploitable in real-world conditions.
In some security environments, however, they may be of more concern.
The administrator of the system running Apache is the only one who
can make the judgment call as to how significant the below issues
are in their environment.
Resolution of Problems
======================
We very strongly recommend that anyone using versions of Apache
previous to 1.2 or earlier 1.2 versions upgrade to the newly released
1.2.5. It is now available at
http://www.apache.org/dist/httpd/
There are no plans for an immediate 1.3b4 release to correct these
problems in the 1.3 beta development tree, however we will make
patches for 1.3b3 to correct these issues available at
http://www.apache.org/dist/httpd/patches/apply_to_1.3b3/
in the near future.
Technical Description of Issues
===============================
Below is a step by step technical description of the potential
problems discovered. Read the below only if you wish to understand
the details of the problems to better judge how they impact your
server and if you have a solid grounding in how Apache works. If
in doubt, you are advised to simply upgrade to 1.2.5 as soon as
practical.
I. Buffer overflow in cfg_getline()
RISK: medium
cfg_getline() is a function that the Apache core and several
Apache modules use to read certain types of files from disk.
Some examples of the type of files that read with this are
htaccess, htpasswd and mod_imap files.
It is possible to create a sequence of data such that a
buffer overflow occurs while cfg_getline is reading from
a file. If someone has access to create any of these types
of files on the server, this hole is generally exploitable
to gain full access to the user Apache runs as.
On most systems, this is of little consequence since users
already have such access via methods such as the creation of
their own CGI scripts. If, however, the server is secured
so that the user has no access to the server other than to
create and modify files (eg. a "ftp only" account with no
ability to create CGI scripts) this could allow increased
access to the server.
II. Several coding errors in mod_include
RISK: medium
There are several coding problems in mod_include which can
result in a buffer overflow or in the child process going
into an infinite loop.
The same comments about the nature of the risk apply here as
do for the cfg_getline() overflow. Generally, a user already
needs to have access to the server to exploit this. Note that
it is possible to setup a document which deliberately allows this
to be remotely exploited, however such a document would be very
rare in practice.
If you do not allow users to use mod_include, then they
can not exploit these holes.
III. Inefficient removal of duplicate '/'s ("beck" exploit)
RISK: medium
The code in the no2slash() function used to collapse multiple
'/'s in a request for access checking purposes is very
inefficient. It is O(n^2) in the number of '/'s in the
input. What this means is that as the input size grows,
it very quickly requires vastly increased CPU time to
process the request. By sending many requests with a large
number of '/'s in to a server, it is possible to cause a
large amount of CPU time to be used in processing these
requests. Making multiple simultaneous requests of this
nature could result in a high load average, high CPU usage,
and possibly starving other processes for CPU resulting in
a denial of service attack. This does not allow for any
compromise of the server.
The fixed version of the no2slash() function is O(n) and
does not allow for this attack.
Thanks to Michal Zalewski <lcamtuf@boss.staszic.waw.pl> for
discovering this bug and reporting it on the BUGTRAQ
mailing list along with the "beck" script that can be
used to exploit it.
IV. Possible buffer overflow in "logresolve" program.
RISK: low
The logresolve program is used for non-realtime processing of
logfiles to convert numeric IP addresses into host names.
In some cases, it may be possible for a remote user who has
control of a DNS server to return a hostname specifically
designed to exploit a coding hole in logresolve.
This can only happen on a system where either the MAXDNAME
define does not exist and the resolver can return names
longer than 256 characters or where the MAXDNAME define
does exist but is less than the maximum length of hostname
that the resolver can return. Even on such (arguably
broken) systems, this would be very difficult to exploit.
The number of systems which are impacted by this is very
small.
This problem is a potential concern only if you use the
logresolve program.
V. Insufficient data validation in mod_proxy
RISK: low
The ftp proxy part of mod_proxy accepts directory listings
from remote ftp servers and converts them to HTML to send
to the client. It is possible to deliberately create a
listing that will cause Apache to dump core.
This hole does not compromise the server; the only risk
is that it would be possible to use this to create a
denial of service attack which would render the server
effectively inoperative.
If you do not use mod_proxy, you are not vulnerable to this.
If you restrict the use of mod_proxy, then only those users
who are permitted to use it can attempt to exploit this
problem.
VI. Possible buffer overflow reading from the proxy cache
RISK: low
When caching is enabled in mod_proxy, Apache writes cached
files to disk as the user that the server runs as. If an
attacker can gain access to this user id (eg. by running
a CGI script from a pre-existing account on the machine)
then they can modify the filenames on disk resulting in a
buffer overflow.
Because the data is limited to what can be stored in a
filename (not the file, just the filename), and they already
need to have access to the user ID the server runs as to
exploit this, the risk is minimal.
The main instance where this may be a cause for concern is if
there is privileged information stored in memory by the
web server, such as an unencrypted SSL key. This same
caution, however, applies to the other buffer overflows
listed.
If you do not use mod_proxy, this problem can not be
exploited.
VII. Unreadable htaccess files were ignored
RISK: low
Previously, if a htaccess file was unreadable Apache ignored
it. This is, from a security standpoint, a poor idea
because it goes against the principle of "if in doubt, deny
access". This had already been corrected in the 1.3
development tree, but we had refrained from making the
change in 1.2 because it could cause unexpected behavior
on existing sites. We have since reconsidered, and as of
1.2.5, Apache will now reject requests if there is a htaccess
file present in the relevant directory tree that is unreadable
for any reason.
It is also possible, in very rare conditions, for this to
to be used to bypass htaccess files restricting access to
a directory or file. The only case where this can happen
is if the attacker can form a request that results in the
full path to the htaccess file being too long (on most
systems, meaning over 1024 characters) yet the request for
the protected file in the same directory is not too long.
The only normal case where such an attack could be possible
is if there is a symbolic link such as "somedir -> ."
created in the document tree.
Contact Information
===================
Full information about Apache and the 1.2.5 release which fixes
these issues is available at http://httpd.apache.org/
Normal bugs can be reported via http://httpd.apache.org/bug_report.html
If you believe you have discovered a security hole in Apache, please
be sure to contact us at security@apache.org so that we can verify
and resolve the problem. Support questions to this address will
not get a response. We fully support the concept of full disclosure,
however it is always preferable to try to work with the vendor
first before publicizing information about security holes.
</PRE>
<P><HR>
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/support.cgi
Index: support.cgi
===================================================================
#!/usr/local/bin/perl
#
# print out commercial support list
$dbfile = "supportdb.txt";
print <<EOM;
Content-type: text/html\r
\r
<html><head>
<title>Companies and Contractors Providing Commercial Support for Apache</title>
</head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#000080"
alink="#ff0000">
<h1>Companies and Contractors Providing Commercial Support for Apache</h1>
<p>
Below is a table of companies and consultants who provide commercial
support, in one form or another, for Apache. Being mentioned here is
not an indication of official "endorsement" by the Apache Group, but
is instead provided as a public service. If you would like to be added to
this list, or removed, please contact
<a href="mailto:apache\@apache.org">apache\@apache.org</a>.
</p>
<table border="1" cellpadding="3">
EOM
open(DB, $dbfile) || die "Warning: $!\n";
print "<tr>"
. "<th>Company (E-mail)</th>"
. "<th>Phone<br>Fax</th>"
. "<th>Location</th>"
. "<th>Comments</th>"
. "</tr>\n";
foreach $_ (sort (<DB>)) {
next if (/^#/);
($type, $who, $url, $email, $phone, $fax, $loc, $comment) = split(/\t/);
if ($type eq "Comp") {
my(@eddresses) = split(m:,\s*:, $email);
my(@list, $eddress);
foreach $eddress (@eddresses) {
push(@list, "<a href=\"mailto:$eddress\">$eddress</a>");
}
print "<tr>"
. "<td><a href=\"$url\">$who</a> ("
. join(", ", @list)
. ")</td>"
. "<td>$phone <br>$fax </td>"
. "<td>$loc </td>"
. "<td>$comment </td>"
. "</tr>\n";
} else {
push(@contractors, $_);
}
}
print "<tr>"
. "<th>Contractor (E-mail)</th>"
. "<th> </th>"
. "<th> </th>"
. "<th> </th>"
. "</tr>\n";
foreach $_ (sort (@contractors)) {
next if (/^#/);
($type, $who, $url, $email, $phone, $fax, $loc, $comment) = split(/\t/);
my(@eddresses) = split(m:,\s*:, $email);
my(@list, $eddress);
foreach $eddress (@eddresses) {
push(@list, "<a href=\"mailto:$eddress\">$eddress</a>");
}
if ($type eq "Cont") {
print "<tr>"
. "<td><a href=\"$url\">$who</a> ("
. join(", ", @list)
. ")</td>"
. "<td>$phone <br>$fax </td>"
. "<td>$loc </td>"
. "<td>$comment </td>"
. "</tr>\n";
}
}
print "</table>\n";
1.1 httpd-site/xdocs/info/supportdb.txt
Index: supportdb.txt
===================================================================
# Type Name URL E-mail Phone Fax Location Comments
Comp Alcove http://www.alcove.com/ ventes@fr.alcove.com, sales@uk.alcove.com, ventas@es.alcove.com +33 1 49 22 68 00 +33 1 49 22 68 01 Paris, France<br>London, United Kingdom<br>Madrid, Spain We are European Free Software and Linux experts. Alcove provides commercial support, maintenance, services, solutions, and custom software development for the Apache Web server, Linux, and Free Software.
Comp Mind nv http://mind.be/ info@mind.be +32-16-309 666 +32-16-309 644 Leuven, Belgium Offers commercial Linux consultancy, support, and training for Apache and add-ons (ssl, perl, php, asp, openldap, dav, databases, ...) within Belgium and Europe. Support is available on-site, by phone or over the Internet.
Comp Profissionais.net http://forums.programadores.com.br/apache gustavo@profissionais.net (055) 051 330 7460 Porto Alegre, Brazil A moderated mailing list (in Portuguese) for Brazilian users of Apache.
Comp Applios Inc. (FREDNET division) http://www.frednet.com/ sales@frednet.com +1 831 439 9500 +1 831 439 8502 Scotts Valley, CA, USA Applios provides commercial support, maintenance, and custom software development for the Apache Web Server. Applios also provides software development services for GNU Development Tools, Linux, Solaris, Sendmail, and other products and packages.
Cont Atanu M atanu@poboxes.com +91-11-5033742, +91-11-5038359 (no fax) New Delhi, India Install, train, and maintain Apache Web servers on Linux and Windows NT in India
Comp Cavern sc http://www.cavern.pl/ biuro@cavern.pl +48 22 629 52 66 +48 22 628 18 83 Warszawa, Poland Cavern provides commercial support for Apache, Apache with SSL Mod, Europe version of Strong SSL Applet, Linux, and other products.
Comp LINUXHAUS http://www.linuxhaus.de/ info@linuxhaus.de +49 (0)30 890 944 63 +49 (0)30 890 944 64 Berlin, Germany LINUXHAUS provides commercial support for the Apache Web server, Linux, SAMBA, Lotus Notes, and other products and packages.
Comp Covalent Technologies, Inc. http://www.covalent.net/ info@covalent.net (402) 441-5710 (402) 441-5720 Lincoln, Nebraska, USA Covalent develops and sells the Raven SSL module for Apache.
Comp Dana Point Communication Systems http://www.dpcsys.com/ dan@dpcsys.com (714) 443-4172 (714) 443-9516 Dana Point, California
Comp Digituru http://www.digit.ee/ info@digit.ee Estonia
Comp ICONSULT http://www.iconsult.com/ iconsult@iconsult.com +49-(0)9131-502864 +49-(0)9131-537873 Erlangen, Germany
Cont Russell McOrmond http://www.flora.ottawa.on.ca/russell/work/ russell@flora.ottawa.on.ca (613) 235-7584 (613) 235-9627 Ottawa, Canada
Comp Spacestar Communications http://www.spacestar.com/ webmaster@spacestar.com (612) 896-1100 (612) 896-1750 Minneapolis, Minnesota
Comp Trytel Internet Inc. http://www.trytel.com/ info@trytel.com (613) 722-6321 (613) 722-6749 Ottawa, Canada
Comp C2Net Software, Inc. http://www.c2.net/ stronghold-sales@c2.net (510) 986 8770 (510) 986 8777 Oakland, CA C2Net sells Stronghold within North America.
Comp C2Net Europe, Ltd. http://www.eu.c2.net/ sales@eu.c2.net +44 113 222 0046 +44 113 244 8102 Leeds, UK C2Net Europe develops Stronghold, a commercial, supported, encrypting, Apache-based webserver and sells it internationally.
Comp Plover Systems http://www.plover.com/ plover@plover.com +1 215 627 9846 +1 215 627 5643 Philadelphia, PA, USA
Comp Tenon Intersystems http://www.tenon.com/ sales@tenon.com (805)-963-6983 (805)-962-8202 Santa Barbara, CA, USA Tenon develops and sells WebTen, a commercial, supported, encrypting Apache-based web server for Macintosh.
1.1 httpd-site/xdocs/info/three-config-files.html
Index: three-config-files.html
===================================================================
<HTML>
<HEAD><TITLE>Why are there three config files?</TITLE></HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#000080"
ALINK="#FF0000"
>
<DIV ALIGN="CENTER">
<IMG
SRC="../images/apache_sub.gif"
ALT="[APACHE DOCUMENTATION]"
>
</DIV>
<PRE>
From: rst@ai.mit.edu (Robert S. Thau)
Date: Thu, 13 Jun 1996 10:07:47 -0400
Subject: Re: Config file question...
</PRE>
<BLOCKQUOTE><EM>
Why are there three config files? Is this a throwback to NCSA?
</EM></BLOCKQUOTE>
Ah, so, grasshopper, you have now reached that level of mastery at
which you must learn the Inner Mystery of the Three Config Files.
Know then, that the reality described in the documentation is not the
only or true reality. Rest and prepare for what awaits...
<P>
Let us begin by contemplating the surface form of the three config
files, as they appear to the mundane and unenlightened webmaster.
There is httpd.conf, which contains directives relating to the
operation of the server as a whole, such as logging and management of
the server pool. There is srm.conf, containing directives which
relate to the management of the namespace and resources in the
filesystem --- file typing, directory indexes, aliases, and so forth.
Lastly, there is access.conf, which contains <Directory> sections
relating information on access control in various directories. Three
files, separate from each other, complementary in their purpose.
<P>
Yet, is this really the true state of affairs? For truly has it been
written that the code which can be documented is not the true code.
And indeed, careful contemplation of even a standard setup reveals
signs of the inner unity which underlies what appears to the
unenlightened programmer as three separate grammars. For a
<VirtualHost> section may contain Alias and Redirect directives, yet
these things surely relate to namespace management, do they not? And
a <Directory> section may contain AddType directives which properly
relate to file typing, is it not so?
<P>
This then, is the Inner Mystery --- the three config files are all, in
effect, fragments of one True Config File --- a single entity which
governs the operation of the server as a whole, with a single grammar.
For if one were to take a TransferLog directive from httpd.conf, and
add it at top level to srm.conf (or even access.conf, outside of a
directory section), it would, in truth, function no differently.
<P>
Indeed, some truly englightened webmasters may wish to deal with only
the single True Config File, and not the fragments. For them, it is
possible to do so --- they may add
<P>
<BLOCKQUOTE>
AccessConfig /dev/null<BR>
ResourceConfig /dev/null
</BLOCKQUOTE>
<P>
to their httpd.conf to inform the server that it, and it alone, is the
entire True Config File for the site, add the former contents of their
srm.conf and access.conf files to httpd.conf, ditch srm.conf and
access.conf entirely, and proceed with the single True Config File in
clear view.
<P>
Since the masters know they inner mystery --- that there is, in truth,
only one True Config File --- why then do we show the masses three?
Therein lies a tale...
<P>
Back in the formative days of Apache, the server was based very
closely on the code for the NCSA 1.3 web server. In this code, the
inner unity of the One True Config File was *not* fully manifest, so
that, say, a TransferLog directive which made a pleasing unity with
httpd.conf would have caused errors in srm.conf. And many people
based their sites upon this code --- NCSA's and ours --- and so the
illusion of the Several Config Files was loosed upon the world, and
many webmasters were lost into it. For these webmasters to use our
present releases, they must accomodate the ways of illusion which the
webmasters have fallen into. But the True Config File is accessible
to those who know its mystery.
<P>
... and if someone doesn't put the answers to these questions
into a FAQ someplace, you are all at risk of being assaulted
again with yet another excerpt from my rejected scripts for
"Kung Fu: The Legend drags its Lame Ass into Cyberspace" ...
<P>
rst
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/css-security/apache_1.3.11_css_patch.txt
Index: apache_1.3.11_css_patch.txt
===================================================================
This patch is against Apache 1.3.11. It may be updated as the situation
warrants.
Last updated: Wed Feb 2 01:09:23 MST 2000
Index: htdocs/manual/mod/core.html
===================================================================
RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/core.html,v
retrieving revision 1.162
diff -u -r1.162 core.html
--- core.html 2000/01/18 19:32:49 1.162
+++ core.html 2000/02/02 07:59:17
@@ -23,6 +23,8 @@
<UL>
<LI><A HREF="#accessconfig">AccessConfig</A>
<LI><A HREF="#accessfilename">AccessFileName</A>
+<LI><A HREF="#adddefaultcharset">AddDefaultCharset</A>
+<LI><A HREF="#adddefaultcharsetname">AddDefaultCharsetName</A>
<LI><A HREF="#addmodule">AddModule</A>
<LI><A HREF="#allowoverride">AllowOverride</A>
<LI><A HREF="#authname">AuthName</A>
@@ -162,6 +164,42 @@
<Directory /><BR>
AllowOverride None<BR>
</Directory></CODE></BLOCKQUOTE><P><HR>
+
+<H2><A NAME="adddefaultcharset">AddDefaultCharset directive</A></H2>
+<A HREF="directive-dict.html#Syntax" REL="Help"><STRONG>Syntax:</STRONG></A>
+AddDefaultCharset <EM>on / off</EM><BR>
+<A HREF="directive-dict.html#Context" REL="Help" ><STRONG>Context:</STRONG></A>
+all<BR>
+<A HREF="directive-dict.html#Status" REL="Help" ><STRONG>Status:</STRONG></A>
+core<BR>
+<A HREF="directive-dict.html#Default" REL="Help"><STRONG>Default:</STRONG></A>
+<CODE>AddDefaultCharset off</CODE><BR>
+<A HREF="directive-dict.html#Compatibility" REL="Help"><STRONG>Compatibility:
+</STRONG></A> AddDefaultCharset is only available in Apache 1.3.12 and later<P>
+If enabled, any response that does not have any parameter on the content
+type in the HTTP headers will have a charset parameter added specifying
+the character set the client should use for the document. This will
+override any character set specified in the body of the document via a
+<CODE>META</CODE> tag. The character set added is specified by the
+<CODE>AddDefaultCharsetName</CODE> directive.
+<P><HR>
+
+<H2><A NAME="adddefaultcharsetname">AddDefaultCharsetName directive</A></H2>
+<A HREF="directive-dict.html#Syntax" REL="Help"><STRONG>Syntax:</STRONG></A>
+AddDefaultCharsetName <EM>charset</EM><BR>
+<A HREF="directive-dict.html#Context" REL="Help" ><STRONG>Context:</STRONG></A>
+all<BR>
+<A HREF="directive-dict.html#Status" REL="Help" ><STRONG>Status:</STRONG></A>
+core<BR>
+<A HREF="directive-dict.html#Default" REL="Help"><STRONG>Default:</STRONG></A>
+<CODE>AddDefaultCharsetName iso-8859-1</CODE><BR>
+<A HREF="directive-dict.html#Compatibility" REL="Help"><STRONG>Compatibility:
+</STRONG></A> AddDefaultCharsetName is only available in Apache 1.3.12 and
+later<P>
+This directive specifies the name of the character set that will be added
+if the <A HREF="#adddefaultcharset">AddDefaultCharset</A> directive is
+enabled.
+<P><HR>
<H2><A NAME="addmodule">AddModule directive</A></H2>
<!--%plaintext <?INDEX {\tt AddModule} directive> -->
Index: htdocs/manual/mod/directives.html
===================================================================
RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/directives.html,v
retrieving revision 1.60
diff -u -r1.60 directives.html
--- directives.html 1999/12/19 16:34:32 1.60
+++ directives.html 2000/02/02 08:09:07
@@ -30,6 +30,9 @@
<LI><A HREF="mod_autoindex.html#addalt">AddAlt</A>
<LI><A HREF="mod_autoindex.html#addaltbyencoding">AddAltByEncoding</A>
<LI><A HREF="mod_autoindex.html#addaltbytype">AddAltByType</A>
+<LI><A HREF="mod_mime.html#addcharset">AddCharset</A>
+<LI><A HREF="core.html#adddefaultcharset">AddDefaultCharset</A>
+<LI><A HREF="core.html#adddefaultcharsetname">AddDefaultCharsetName</A>
<LI><A HREF="mod_autoindex.html#adddescription">AddDescription</A>
<LI><A HREF="mod_mime.html#addencoding">AddEncoding</A>
<LI><A HREF="mod_mime.html#addhandler">AddHandler</A>
Index: htdocs/manual/mod/mod_include.html
===================================================================
RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/mod_include.html,v
retrieving revision 1.23
diff -u -r1.23 mod_include.html
--- mod_include.html 1998/09/17 12:06:40 1.23
+++ mod_include.html 2000/02/02 07:59:18
@@ -89,15 +89,34 @@
routine when printing dates.
</DL>
+<A NAME="echo">
<DT><STRONG>echo</STRONG>
<DD>
This command prints one of the include variables, defined below.
If the variable is unset, it is printed as <CODE>(none)</CODE>.
Any dates printed are subject to the currently configured <CODE>timefmt</CODE>.
+
Attributes:
<DL>
<DT>var
<DD>The value is the name of the variable to print.
+<DT>encoding
+<DD>Specifies how Apache should encode special characters contained
+in the variable before outputting them. If set to "none", no encoding
+will be done. If set to "url", then URL encoding (also known as
+%-encoding; this is appropriate for use within URLs in links, etc.)
+will be performed. At the start of an <CODE>echo</CODE> element,
+the default is set to "entity", resulting in entity encoding (which
+is appropriate in the context of a block-level HTML element, eg.
+a paragraph of text). This can be changed by adding an
+<CODE>encoding</CODE> attribute, which will remain in effect until
+the next <CODE>encoding</CODE> attribute is encountered or the
+element ends, whichever comes first. Note that only special
+characters as defined in the ISO-8859-1 character encoding will be
+encoded. This encoding process may not have the desired result if
+a different character encoding is in use. Apache 1.3.12 and above; previous
+versions do no encoding.
+
</DL>
<DT><STRONG>exec</STRONG>
@@ -181,7 +200,9 @@
<DT><STRONG>printenv</STRONG>
<DD>This prints out a listing of all existing variables and their values.
- No attributes.
+ Starting with Apache 1.3.12, special characters are entity encoded (see the
+ <A HREF="#echo"><CODE>echo</CODE></A> element for details) before being
+ output. No attributes.
<DD>For example: <CODE><!--#printenv --></CODE>
<DD>Apache 1.2 and above.
Index: src/CHANGES
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1502
diff -u -r1.1502 CHANGES
--- CHANGES 2000/01/18 17:12:13 1.1502
+++ CHANGES 2000/02/02 08:09:11
@@ -1,3 +1,31 @@
+Changes with Apache 1.3.12
+
+ *) Add an explicit charset=iso-8859-1 to pages generated by
+ ap_send_error_response(), such as the default 404 page.
+ [Marc Slemko]
+
+ *) Add the AddDefaultCharset and AddDefaultCharsetName directives.
+ These allow you to tell Apache to specify the given character
+ set on any document that does not have one explicitly specified in
+ the headers. [Marc Slemko]
+
+ *) Properly escape various messages output to the client from a number
+ of modules and places in the core code. [Marc Slemko]
+
+ *) Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to
+ not consider any parameters such as charset when making decisions
+ based on content type. This does remove some functionality for
+ some users, but means that when these modules are configured to do
+ particular things with particular MIME types, the charset should
+ not be included. A better way of addressing this for users who
+ want to set things on a per charset basis is necessary in the future.
+ [Marc Slemko]
+
+ *) mod_include now entity encodes output from "printenv" and "echo var"
+ by default. The encoding for "echo var" can be set to URL encoding
+ or no encoding using the new "encoding" attribute to the echo tag.
+ [Marc Slemko]
+
Changes with Apache 1.3.11
*) MPE builds are no longer stripped, which caused the executable
Index: src/include/http_core.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/include/http_core.h,v
retrieving revision 1.59
diff -u -r1.59 http_core.h
--- http_core.h 1999/06/28 22:38:25 1.59
+++ http_core.h 2000/02/02 07:59:24
@@ -243,6 +243,15 @@
*/
unsigned d_is_fnmatch : 1;
+ /* should we force a charset on any outgoing parameterless content-type?
+ * if so, which charset?
+ */
+#define ADD_DEFAULT_CHARSET_OFF (0)
+#define ADD_DEFAULT_CHARSET_ON (1)
+#define ADD_DEFAULT_CHARSET_UNSET (2)
+ unsigned add_default_charset : 2;
+ char *add_default_charset_name;
+
/* System Resource Control */
#ifdef RLIMIT_CPU
struct rlimit *limit_cpu;
Index: src/include/httpd.h
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v
retrieving revision 1.303
diff -u -r1.303 httpd.h
--- httpd.h 2000/01/30 19:46:11 1.303
+++ httpd.h 2000/02/02 07:59:24
@@ -409,6 +409,12 @@
#endif /* default limit on number of request header fields */
/*
+ * The default default character set name to add if AddDefaultCharset is
+ * enabled. Overridden with AddDefaultCharsetName.
+ */
+#define DEFAULT_ADD_DEFAULT_CHARSET_NAME "iso-8859-1"
+
+/*
* The below defines the base string of the Server: header. Additional
* tokens can be added via the ap_add_version_component() API call.
*
Index: src/main/http_core.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/http_core.c,v
retrieving revision 1.277
diff -u -r1.277 http_core.c
--- http_core.c 2000/01/11 14:13:40 1.277
+++ http_core.c 2000/02/02 07:59:25
@@ -154,6 +154,9 @@
conf->server_signature = srv_sig_unset;
+ conf->add_default_charset = ADD_DEFAULT_CHARSET_UNSET;
+ conf->add_default_charset_name = DEFAULT_ADD_DEFAULT_CHARSET_NAME;
+
return (void *)conf;
}
@@ -281,6 +284,14 @@
conf->server_signature = new->server_signature;
}
+ if (new->add_default_charset != ADD_DEFAULT_CHARSET_UNSET) {
+ conf->add_default_charset = new->add_default_charset;
+ }
+
+ if (new->add_default_charset_name) {
+ conf->add_default_charset_name = new->add_default_charset_name;
+ }
+
return (void*)conf;
}
@@ -1035,6 +1046,28 @@
}
#endif /*GPROF*/
+static const char *set_add_default_charset(cmd_parms *cmd,
+ core_dir_config *d, int arg)
+{
+ const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
+ if (err != NULL) {
+ return err;
+ }
+ d->add_default_charset = arg != 0;
+ return NULL;
+}
+
+static const char *set_add_default_charset_name(cmd_parms *cmd,
+ core_dir_config *d, char *arg)
+{
+ const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
+ if (err != NULL) {
+ return err;
+ }
+ d->add_default_charset_name = arg;
+ return NULL;
+}
+
static const char *set_document_root(cmd_parms *cmd, void *dummy, char *arg)
{
void *sconf = cmd->server->module_config;
@@ -2786,6 +2819,10 @@
{ "GprofDir", set_gprof_dir, NULL, RSRC_CONF, TAKE1,
"Directory to plop gmon.out files" },
#endif
+{ "AddDefaultCharset", set_add_default_charset, NULL, OR_FILEINFO, FLAG,
+ "whether or not to add a default charset to any Content-Type without one" },
+{ "AddDefaultCharsetName", set_add_default_charset_name, NULL, OR_FILEINFO,
+ TAKE1, "The name of the charset to add if AddDefaultCharset is enabled" },
/* Old resource config file commands */
Index: src/main/http_log.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/http_log.c,v
retrieving revision 1.82
diff -u -r1.82 http_log.c
--- http_log.c 2000/01/31 22:24:07 1.82
+++ http_log.c 2000/02/02 07:59:25
@@ -487,7 +487,8 @@
if (((level & APLOG_LEVELMASK) <= APLOG_WARNING)
&& (ap_table_get(r->notes, "error-notes") == NULL)) {
ap_table_setn(r->notes, "error-notes",
- ap_pvsprintf(r->pool, fmt, args));
+ ap_escape_html(r->pool, ap_pvsprintf(r->pool, fmt,
+ args)));
}
va_end(args);
}
Index: src/main/http_protocol.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.286
diff -u -r1.286 http_protocol.c
--- http_protocol.c 2000/01/11 14:13:41 1.286
+++ http_protocol.c 2000/02/02 07:59:28
@@ -103,6 +103,35 @@
#endif /*CHARSET_EBCDIC*/
+/*
+ * Builds the content-type that should be sent to the client from the
+ * content-type specified. The following rules are followed:
+ * - if type is NULL, type is set to ap_default_type(r)
+ * - if charset adding is disabled, stop processing and return type.
+ * - then, if there are no parameters on type, add the default charset
+ * - return type
+ */
+static const char *make_content_type(request_rec *r, const char *type) {
+ const char *i;
+ core_dir_config *conf = (core_dir_config *)ap_get_module_config(
+ r->per_dir_config, &core_module);
+ if (!type) type = ap_default_type(r);
+ if (conf->add_default_charset != ADD_DEFAULT_CHARSET_ON) return type;
+
+ i = type;
+ while (*i && *i != ';') i++;
+ if (*i && *i == ';') {
+ /* already has parameter, do nothing */
+ /* XXX should check for actual charset=, but then we need real
+ * parsing code
+ */
+ } else {
+ type = ap_pstrcat(r->pool, type, "; charset=",
+ conf->add_default_charset_name, NULL);
+ }
+ return type;
+}
+
static int parse_byterange(char *range, long clength, long *start, long *end)
{
char *dash = strchr(range, '-');
@@ -265,7 +294,7 @@
}
if (r->byterange > 1) {
- const char *ct = r->content_type ? r->content_type : ap_default_type(r);
+ const char *ct = make_content_type(r, r->content_type);
char ts[MAX_STRING_LEN];
ap_snprintf(ts, sizeof(ts), "%ld-%ld/%ld", range_start, range_end,
@@ -1636,10 +1665,8 @@
ap_table_setn(r->headers_out, "Content-Type",
ap_pstrcat(r->pool, "multipart", use_range_x(r) ? "/x-" : "/",
"byteranges; boundary=", r->boundary, NULL));
- else if (r->content_type)
- ap_table_setn(r->headers_out, "Content-Type", r->content_type);
- else
- ap_table_setn(r->headers_out, "Content-Type", ap_default_type(r));
+ else ap_table_setn(r->headers_out, "Content-Type", make_content_type(r,
+ r->content_type));
if (r->content_encoding)
ap_table_setn(r->headers_out, "Content-Encoding", r->content_encoding);
@@ -2550,7 +2577,7 @@
r->content_languages = NULL;
r->content_encoding = NULL;
r->clength = 0;
- r->content_type = "text/html";
+ r->content_type = "text/html; charset=iso-8859-1";
if ((status == METHOD_NOT_ALLOWED) || (status == NOT_IMPLEMENTED))
ap_table_setn(r->headers_out, "Allow", make_allow(r));
Index: src/main/util.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/main/util.c,v
retrieving revision 1.176
diff -u -r1.176 util.c
--- util.c 2000/01/12 20:57:48 1.176
+++ util.c 2000/02/02 07:59:29
@@ -127,6 +127,8 @@
{
const char *semi;
+ if (intype == NULL) return NULL;
+
semi = strchr(intype, ';');
if (semi == NULL) {
return ap_pstrdup(p, intype);
Index: src/modules/proxy/proxy_util.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/proxy/proxy_util.c,v
retrieving revision 1.83
diff -u -r1.83 proxy_util.c
--- proxy_util.c 2000/01/11 14:13:47 1.83
+++ proxy_util.c 2000/02/02 07:59:29
@@ -844,9 +844,12 @@
ap_table_setn(r->notes, "error-notes",
ap_pstrcat(r->pool,
"The proxy server could not handle the request "
- "<EM><A HREF=\"", r->uri, "\">",
- r->method, " ", r->uri, "</A></EM>.<P>\n"
- "Reason: <STRONG>", message, "</STRONG>", NULL));
+ "<EM><A HREF=\"", ap_escape_uri(r->pool, r->uri),
+ "\">", r->method, " ",
+ ap_escape_html(r->pool, r->uri), "</A></EM>.<P>\n"
+ "Reason: <STRONG>",
+ ap_escape_html(r->pool, message),
+ "</STRONG>", NULL));
/* Allow the "error-notes" string to be printed by ap_send_error_response() */
ap_table_setn(r->notes, "verbose-error-to", ap_pstrdup(r->pool, "*"));
Index: src/modules/standard/mod_actions.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_actions.c,v
retrieving revision 1.33
diff -u -r1.33 mod_actions.c
--- mod_actions.c 2000/01/11 14:23:03 1.33
+++ mod_actions.c 2000/02/02 07:59:30
@@ -195,7 +195,8 @@
{
action_dir_config *conf = (action_dir_config *)
ap_get_module_config(r->per_dir_config, &action_module);
- const char *t, *action = r->handler ? r->handler : r->content_type;
+ const char *t, *action = r->handler ? r->handler :
+ ap_field_noparam(r->pool, r->content_type);
const char *script;
int i;
Index: src/modules/standard/mod_autoindex.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_autoindex.c,v
retrieving revision 1.113
diff -u -r1.113 mod_autoindex.c
--- mod_autoindex.c 1999/12/31 05:35:52 1.113
+++ mod_autoindex.c 2000/02/02 07:59:30
@@ -732,7 +732,7 @@
static char *find_item(request_rec *r, array_header *list, int path_only)
{
- const char *content_type = r->content_type;
+ const char *content_type = ap_field_noparam(r->pool, r->content_type);
const char *content_encoding = r->content_encoding;
char *path = r->filename;
Index: src/modules/standard/mod_expires.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_expires.c,v
retrieving revision 1.33
diff -u -r1.33 mod_expires.c
--- mod_expires.c 1999/10/21 20:45:26 1.33
+++ mod_expires.c 2000/02/02 07:59:30
@@ -437,7 +437,8 @@
if (r->content_type == NULL)
code = NULL;
else
- code = (char *) ap_table_get(conf->expiresbytype, r->content_type);
+ code = (char *) ap_table_get(conf->expiresbytype,
+ ap_field_noparam(r->pool, r->content_type));
if (code == NULL) {
/* no expires defined for that type, is there a default? */
Index: src/modules/standard/mod_include.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_include.c,v
retrieving revision 1.121
diff -u -r1.121 mod_include.c
--- mod_include.c 1999/12/31 05:35:52 1.121
+++ mod_include.c 2000/02/02 07:59:30
@@ -922,7 +922,10 @@
{
char tag[MAX_STRING_LEN];
char *tag_val;
+ enum {E_NONE, E_URL, E_ENTITY} encode;
+ encode = E_ENTITY;
+
while (1) {
if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1))) {
return 1;
@@ -931,7 +934,15 @@
const char *val = ap_table_get(r->subprocess_env, tag_val);
if (val) {
- ap_rputs(val, r);
+ if (encode == E_NONE) {
+ ap_rputs(val, r);
+ }
+ else if (encode == E_URL) {
+ ap_rputs(ap_escape_uri(r->pool, val), r);
+ }
+ else if (encode == E_ENTITY) {
+ ap_rputs(ap_escape_html(r->pool, val), r);
+ }
}
else {
ap_rputs("(none)", r);
@@ -940,6 +951,19 @@
else if (!strcmp(tag, "done")) {
return 0;
}
+ else if (!strcmp(tag, "encoding")) {
+ if (!strcasecmp(tag_val, "none")) encode = E_NONE;
+ else if (!strcasecmp(tag_val, "url")) encode = E_URL;
+ else if (!strcasecmp(tag_val, "entity")) encode = E_ENTITY;
+ else {
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ "unknown value \"%s\" to parameter \"encoding\" of "
+ "tag echo in %s",
+ tag_val, r->filename);
+ ap_rputs(error, r);
+ }
+ }
+
else {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"unknown parameter \"%s\" to tag echo in %s",
@@ -2116,7 +2140,8 @@
}
else if (!strcmp(tag, "done")) {
for (i = 0; i < arr->nelts; ++i) {
- ap_rvputs(r, elts[i].key, "=", elts[i].val, "\n", NULL);
+ ap_rvputs(r, ap_escape_html(r->pool, elts[i].key), "=",
+ ap_escape_html(r->pool, elts[i].val), "\n", NULL);
}
return 0;
}
Index: src/modules/standard/mod_log_config.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_log_config.c,v
retrieving revision 1.80
diff -u -r1.80 mod_log_config.c
--- mod_log_config.c 1999/12/15 23:04:22 1.80
+++ mod_log_config.c 2000/02/02 07:59:30
@@ -391,7 +391,7 @@
{
const char *cp = ap_table_get(r->headers_out, a);
if (!strcasecmp(a, "Content-type") && r->content_type) {
- cp = r->content_type;
+ cp = ap_field_noparam(r->pool, r->content_type);
}
if (cp) {
return cp;
Index: src/modules/standard/mod_status.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_status.c,v
retrieving revision 1.110
diff -u -r1.110 mod_status.c
--- mod_status.c 2000/01/12 15:55:02 1.110
+++ mod_status.c 2000/02/02 07:59:31
@@ -597,9 +597,10 @@
format_byte_out(r, bytes);
ap_rputs(")\n", r);
ap_rprintf(r, " <i>%s {%s}</i> <b>[%s]</b><br>\n\n",
- score_record.client,
+ ap_escape_html(r->pool, score_record.client),
ap_escape_html(r->pool, score_record.request),
- vhost ? vhost->server_hostname : "(unavailable)");
+ vhost ? ap_escape_html(r->pool,
+ vhost->server_hostname) : "(unavailable)");
}
else { /* !no_table_report */
if (score_record.status == SERVER_DEAD)
@@ -671,8 +672,9 @@
else
ap_rprintf(r,
"<td>%s<td nowrap>%s<td nowrap>%s</tr>\n\n",
- score_record.client,
- vhost ? vhost->server_hostname : "(unavailable)",
+ ap_escape_html(r->pool, score_record.client),
+ vhost ? ap_escape_html(r->pool,
+ vhost->server_hostname) : "(unavailable)",
ap_escape_html(r->pool, score_record.request));
} /* no_table_report */
} /* !short_report */
1.1 httpd-site/xdocs/info/css-security/apache_specific.html
Index: apache_specific.html
===================================================================
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Cross Site Scripting Info: Apache Specific</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#000080"
ALINK="#FF0000">
<DIV ALIGN="CENTER">
<IMG SRC="../../images/apache_sub.gif" ALT="[APACHE DOCUMENTATION]">
</DIV>
<H1 ALIGN="CENTER">Cross Site Scripting Info: Apache Specific</H1>
<H2>Introduction:</H2>
<P>While reviewing the Apache code for any problems related to this
problem, we have discovered a number of issues. Many of them are
not bugs in Apache, but are places where Apache can do more to
avoid being vulnerable to the Cross Site Scriptint security problem.
None of the changes fix any security holes in Apache itself that
can compromise the server directly, but are focused towards its
interaction with clients.
<P>Included below is a summary of the current known issues and
fixes, where available. This information will be expanded on as
information becomes available and time permits.
<H2>Issues outstanding:</H2>
<UL>
<LI>Older versions of the <CODE>printenv</CODE> CGI script distributed with
Apache did not properly encode their output. If you have one of these on
your system, and this issue impacts your site, you should disable the CGI.
<LI>Current versions of <CODE>printenv</CODE> and <CODE>test-cgi</CODE>
send content with a MIME type of text/plain, meaning that no encoding
is required or possible. This was changed effective in Apache
1.3.11 to fix the problem of <CODE>printenv</CODE> not properly
encoding its output. Unfortunately, Microsoft Internet Explorer
does not respect that MIME type, and incorrectly processes the
output as HTML that is what it guesses it to be. This security
problem has been reported to Microsoft. At this time, the recommended
workaround is to simply remove the <CODE>printenv</CODE> and
<CODE>test-cgi</CODE> scripts from your site if this issue impacts
you.
<LI>If you do have other legitimate text/plain content on your site
that is generated based on user input, you may need to configure
your server to prevent IE from accessing it or change it to text/html
so you can encode it. Alternatively, you can filter special
characters if that is possible in your situation. Thankfully, this
only impacts a very few sites.
<LI>A number of Apache modules such as <CODE>mod_status</CODE> do not
set an explicit character set on their output. Using the AddDefaultCharset
directive will work around this. The modules that don't set an explicit
character set are not normally accessible to users and they are not
thought to pose a significant risk.
<LI>What is necessary to ensure that sites that legitimately use character
sets with different encodings of special characters, such as UTF-7, are
protected? How can Apache facilitate this? This is a major issue for
those with a significant amount of content in character sets other than
iso-8859-1.
</UL>
<H2>Fixes from CHANGES file:</H2>
<P>These will be expanded on as time permits. These patches are available
in the current <A HREF="apache_1.3.11_css_patch.txt">Apache patch</A>
against Apache 1.3.11.
<PRE>
*) Add an explicit charset=iso-8859-1 to pages generated by
ap_send_error_response(), such as the default 404 page.
[Marc Slemko]
*) Add the AddDefaultCharset and AddDefaultCharsetName directives.
These allow you to tell Apache to specify the given character
set on any document that does not have one explicitly specified in
the headers. [Marc Slemko]
*) Properly escape various messages output to the client from a number
of modules and places in the core code. [Marc Slemko]
*) Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to
not consider any parameters such as charset when making decisions
based on content type. This does remove some functionality for
some users, but means that when these modules are configured to do
particular things with particular MIME types, the charset should
not be included. A better way of addressing this for users who
want to set things on a per charset basis is necessary in the future.
[Marc Slemko]
*) mod_include now entity encodes output from "printenv" and "echo var"
by default. The encoding for "echo var" can be set to URL encoding
or no encoding using the new "encoding" attribute to the echo tag.
[Marc Slemko]
</PRE>
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/css-security/encoding_examples.html
Index: encoding_examples.html
===================================================================
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Cross Site Scripting Info: Encoding Examples</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#000080"
ALINK="#FF0000">
<DIV ALIGN="CENTER">
<IMG SRC="../../images/apache_sub.gif" ALT="[APACHE DOCUMENTATION]">
</DIV>
<H1 ALIGN="CENTER">Cross Site Scripting Info: Encoding Examples</H1>
<H2>Introduction:</H2>
<P>We trust you are already familiar with the Cross Site Scripting
security problem and the concept behind how it works. If not, see
the <A HREF="http://www.cert.org/advisories/CA-2000-02.html">CERT
Advisory CA-2000-02</A> that has been released on this issue for
details before continuing.
<P>This document focuses on how you can safely encode data before
it is output to the client. The main method of doing this is through
entity encoding, as described in the CERT advisory, using entities
such as "&lt;".
<H2>General Comments on Encoding:</H2>
<P>Note that, in general, many functions that perform entity encoding
do so in a way which is only suitable for use outside attribute
values, in normal block level elements such as a paragraph of text.
Many of the functions referenced below are in this category. This
means they may not encode characters such as the double or single
quote. If you don't use quotation marks around an attribute value
supplied from user input, then you need to encode even more
characters. Always use quotes and you won't have to worry about
that particular issue.
<P>Unfortunately, the situation for encoding data within attribute
values or within the body scripts (eg. within "<SCRIPT>"
tags) is more complex and less understood. If you are in this
situation, you may be wise to consider filtering special characters
(as described in the <A
HREF="http://www.cert.org/tech_tips/malicious_code_mitigation.html">CERT
Tech Tip</A>) instead of encoding them. Generally, encoding is
recommended because it does not require you to make a decision about
what characters could legitimately be entered and need to be passed
through and it has less of an impact on existing functionality.
<P>The reason why safely encoding data within attribute values is
difficult is because some characters that are not considered special
characters can be arranged to have unexpected effects in certain
attribute values. This is very specific to the tag the attribute
is associated with and to how the client interprets it. For example,
if you let the user enter the value for a HREF attribute, and you
encode it properly, you could end up outputting a tag such as:
<PRE>
<A HREF="javascript:document.writeln(document.cookie + &quot;&lt;BR&gt;&quot;)">
</PRE>
Even though you have properly encoded special characters, many popular
browsers will interpret a "javascript:" URL as containing JavaScript
to execute in the context of the current document.
<P>One of the issues that is still unresolved is exactly what HTML
tags are "safe" to allow through, and what the algorithm for doing so
is like. Many sites wish to allow users to enter a limited subset
of "safe" HTML. This is still very much an open issue. It has been
an issue for quite some time, and it is our hope that this Cross Site
Scripting problem will help prompt more work into addressing it.
<P>If you are encoding user entered data in a URL, then URL encoding (also
known as percent encoding) is appropriate. Unfortunately, this can be
a complex thing to get right because the special characters in "http://",
for example, must remain unencoded because they are part of the syntax
of the URL. Better solutions to deal with this are necessary.
<P>Also note that some URL encoding functions encode a space into a "+" for
historical reasons. This will only work in the query string for CGIs, and
will not properly encode a space in other parts of the URL.
<P>We realize that all these special situations and the lack of a single
bulletproof set of steps for encoding user data, wherever it may occur on
the page, makes the task of fixing this problem quite challenging in some
cases. We wish we had a better answer, and are working on filling in the
fuzzy areas.
<H2>PHP Example:</H2>
<PRE>
<?
$Text = "foo<b>bar";
$URL = "foo<b>bar.html";
echo HTMLSpecialChars($Text), "<BR>";
echo "<A HREF=\"", rawurlencode($URL), "\">link</A>";
?>
</PRE>
<P>Note that PHP also has a strip_tags() function that will remove all
HTML tags from a string. Using this function in a manner such as:
<PRE>
echo strip_tags($Text);
</PRE>
will strip all HTML from the input. However, if you use it in the form:
<PRE>
echo strip_tags($Text, "<B>");
</PRE>
which only allows the "<B>" tag through, you are still often
vulnerable to users inserting script code. By design, this function
does not strip attributes from the tags. This means it is often
possible to include things such as JavaScript event attributes.
An example of a tag that would be allowed by the above strip_tags()
call is:
<PRE>
<B onmouseover="document.location='http://www.cert.org/'">
</PRE>
<P>Some clients accept such attributes on tags that are otherwise benign.
<H2>Apache Module Example:</H2>
<PRE>
char *Text = "foo<b>bar";
char *URL = "foo<b>bar.html";
ap_rvputs(r, ap_escape_html(r->pool, Text), "<BR>", NULL);
ap_rvputs(r, "<A HREF=\"", ap_escape_uri(r->pool, URL), "\">link</A>", NULL);
</PRE>
<H2>mod_perl Example:</H2>
<PRE>
$Text = "foo<b>bar";
$URL = "foo<b>bar.html";
$r->print(Apache::Util::escape_html($Text), "<BR>");
$r->print("<A HREF=\"", Apache::Util::escape_uri($URL), "\">link</A>");
</PRE>
<P>This uses the same functions as in the Apache Module Example, called
from Perl instead of directly from C.
<H2>Perl Example:</H2>
<PRE>
use CGI ();
$Text = "foo<b>bar";
$URL = "foo<b>bar.html";
print CGI::escapeHTML($Text), "<BR>";
print qq(<A HREF="), CGI::escape($URL), qq(">link</A>);
</PRE>
<P>Note that if you use the CGI.pm module in its full intended role,
instead of just using helper functions from it, it will automatically
encode special characters in many places. Unfortunately, this is yet
again likely not sufficient in all situations. See the documentation at
<A HREF="http://stein.cshl.org/WWW/software/CGI/">
http://stein.cshl.org/WWW/software/CGI/</A> for more details on what
this module can do.
</BODY>
</HTML>
1.1 httpd-site/xdocs/info/css-security/index.html
Index: index.html
===================================================================
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Cross Site Scripting Info</TITLE>
</HEAD>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#000080"
ALINK="#FF0000">
<DIV ALIGN="CENTER">
<IMG SRC="../../images/apache_sub.gif" ALT="[APACHE DOCUMENTATION]">
</DIV>
<H1 ALIGN="CENTER">Cross Site Scripting Info</H1>
<CENTER>Last Modified: <!--#flastmod file="index.html"--></CENTER>
<H2>Introduction:</H2>
<P>This page contains information about the Cross Site Scripting
security issue, how it impacts Apache itself, and how to properly
protect against it when using Apache related technologies.
<P>For an overview of the issue, please see the <A
HREF="http://www.cert.org/advisories/CA-2000-02.html">CERT Advisory
CA-2000-02</A> that has been released on the issue. You should
also review their related <A
HREF="http://www.cert.org/tech_tips/malicious_code_mitigation.html">
Understanding Malicious Content Mitigation For Web Developers</A> tech
tips document. The CERT advisory also contains links to a number of
documents that Microsoft has put out on the issue which are also worth
reviewing if this issue impacts you. The information contained in
these documents will not be repeated here; this information assumes you
have read these documents and are familiar with the issue.
<P>We would like to emphasize that this is <B>not</B> an attack
against any specific bug in a specific piece of software. It is
not an Apache problem. It is not a Microsoft problem. It is not
a Netscape problem. In fact, it isn't even a problem that can be
clearly defined to be a server problem or a client problem. It is
an issue that is truly cross platform and is the result of unforeseen
and unexpected interactions between various components of a set of
interconnected complex systems.
<P>There are specific bugs in a wide range of web server products,
including Apache, that allow for or contribute to the exploitation
of this security problem. These bugs should not be there and
need to be fixed. But it is critical to realize that this is only
a tiny part of the total issue. The most serious issue is in all
the site specific code that generates dynamic content. We are
bringing you this information to educate you on the issues that
have been discovered in Apache that are related to this security
problem but, more importantly, help educate you on how this may
impact your own local code developed using Apache related technologies
and how you can fix it.
<P>There is no "golden bullet" patch that server or client vendors
can release that will magically fix this issue across all web
servers or clients using that product.
<P>We would also like to point out that it is important to
understand that this is not the old, well known issue, that if a site
allows user A to submit content that is viewed by user B, it has to
be properly encoded. This vulnerability is when the content is both
submitted and viewed strictly by user A. Due to the difficulty of
properly encoding output in all situations, many sites do not worry
about encoding data that is only shown to the user that sent the data
in their request due to the mistaken assumption that this doesn't pose
a security threat.
<H2>Does this impact my web site?</H2>
<P>This is a serious security issue, with potential implications
that are only starting to be understood. However, it is critical
to realize that this problem does not expose any way to break into
the server itself. What it allows is for malicious attackers to
potentially take control of the interaction between a user and a
website. If your website contains entirely static content with
all information being publicly accessible, an attacker can gain
very little from taking over this interaction. It is likely that the
most serious thing that an attacker can potentially do in this situation
is change how a page appears to a particular user.
<P>The sites where this poses the most potential danger are sites
where users have some type of account or login and where they can
perform actions with real world implications or access data that
should not be publicly available. This security problem poses a
serious threat to such sites; it isn't necessary to break into the
server to take control of a site if instead you can gain access on
the user's end of things.
<H2>Ok, where is the Apache related information?</H2>
<P>Right here:
<UL>
<LI><A HREF="apache_specific.html">Apache HTTP server specific information</A>
<LI>Apache 1.3.12, which provides some protection against certain instances of
this problem.
<LI>Older <A HREF="apache_1.3.11_css_patch.txt">Apache patch</A> against
1.3.11 that addressed the known issues in that version of Apache.
<LI><A HREF="encoding_examples.html">Encoding Examples</A> page, describing
how to properly encode your output to protect against this problem using
common Apache related technologies, such as Apache modules, Perl,
and PHP.
</UL>
<H2>The Future</H2>
<P>We do not expect this to be the last word on methods of exploiting
this problem. It is likely that there will be more changes to Apache in
the future to help users deal with this issue, even if no more bugs are
found in Apache itself. Although we do provide most of the necessary
information for sites to protect themselves against this type of attack,
there are still many open issues associated with this issue.
<P>We realize that this is a complex issue and expect to update these
pages to describe the issues and fixes in more depth as time permits.
<H2>Why the name "Cross Site Scripting"?</H2>
<P>This issue isn't just about scripting, and there isn't necessarily
anything cross site about it. So why the name? It was coined earlier
on when the problem was less understood, and it stuck. Believe me, we
have had more important things to do than think of a better name.
<g>.
<H2>Comments and Suggestions</H2>
<P>You can send any comments or suggestions about this set of pages to
<A HREF="mailto:marc@apache.org">marc@apache.org</A>. Note that I
can not respond to questions or requests for assistance, so if that is
what you are about to send then please save yourself the effort.
<H2>Change History</H2>
<UL>
<LI>Wed Feb 2 01:06:01 MST 2000: initial revision.
</UL>
<H2>Thanks</H2>
Thanks to <A HREF="http://www.cert.org/">CERT</A> for contacting the
Apache Software Foundation and not only allowing us to participate
in the evaluation and release of this issue, but actively supporting
our participation. We would also like to thank <A
HREF="http://www.microsoft.com/">Microsoft</A> for their research and
cooperation in dealing with this issue.
</BODY>
</HTML>