CERN httpd 2.15beta released (Ari Luotonen)
Date: Tue, 15 Feb 1994 12:38:32 --100
Message-id: <>
Precedence: bulk
From: (Ari Luotonen)
To: Multiple recipients of list <>
Subject: CERN httpd 2.15beta released
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 5841

Sorry if this comes many times, but it seems Anastasios' mailing
list software doesn't like me. :-(

CERN httpd 2.15beta is out:

This package includes EVERYTHING, so don't ftp the libwww.  Also,
DO NOT use the libwww that comes with it for anything else, libwww 2.15
is NOT officially released.

Precompiled binaries exist for:


For other platforms I'm happy to receive diffs.  This release is
mainly for CGI/1.0 and proxy gatewaying, but a lot of other new
features have been included (that's why I still call it beta).

                    CERN HTTPD 2.15beta RELEASE NOTES
   There is one single thing that needs to be done when changing over
   from httpd 2.14 to 2.15:
        Rename your old /htbin scripts to end in .pp suffix!
General Notes
     * Code tested under Purify -- all detected memory leaks and
       revealed bugs fixed.
     * Forking code enhanced -- no longer crashes when running
     * Documentation redesigned, but still under construction:


     * Contains Solaris port!! (but not VMS :-( )
CGI/1.0, Common Gateway Interface
     * CGI/1.0 interface fully implemented
     * Old CERN httpd scripts will continue working if you rename them
       to end with .pp suffix. Links referencing these scrips do NOT
       need to be changed. (This feature does not add any overhead to
       CGI/1.0 script calls.)
     * New product cgiparse for CGI/1.0 scripts to parse QUERY_STRING
       env.var and to read CONTENT_LENGTH characters from stdin
     * htimage upgraded to CGI/1.0
     * The whole server-environment is propagated to CGI script, except
       for variables that are reserved for CGI/1.0.
     * Scripts are spawned by doing a fork() and exec() instead of
       system() -- more efficient and secure
Firewall Gateway Modifications
     * Access authorization works thru firewalls
     * So does POST, therefore forms also
     * -disable/-enable command line options and Disable/Enable
       configuration directives for dis/enabling HTTP methods. GET, HEAD
       and POST are enabled by default.
     * Fix: text/html and text/plain not passed multiply to servers when
       running as gateway
     * Fix: */*, image/* etc not expanded by the gateway
     * Fix: try local search ONLY when accessing local files
     * Known bug remaining: big binary files fail to transfer

Other New Features
     * When started standalone in non-verbose mode automatically
       disconnects from terminal session and goes background
     * User-supported directories enabling URLs starting with /~username
     * Redirection
     * Meta-information files to allow RFC-822-style headers to be
       appended to server response header section
     * New, common logfile format, localtime default, GMT as an option
     * Ability to suppress logging for certain hosts/domains according to
       given hostname template or IP number mask, like * or
     * -setuid option to set server uid to authenticated uid (local)
     * Multilanguage support: same URL can be used to retrieve a document
       in different languages
     * AddLanguage, AddEncoding and AddType directives to configuration
       file (AddType replaces Suffix -- suffix still understood)
     * Better multiformat algorithm
     * HostName directive to config file for servers that want to give
       CGI/1.0 scripts a different hostname than the actual. Useful if
       machine has many aliases, or if httpd fails to get the full
     * Exec rule obsoliting HTBin directive -- now multiple script
       directories possible, with arbitrary mappings
     * Get-Mask, Post-Mask and Put-Mask for protection setup files.
       Get-Mask obsolites Mask-Group -- Mask-Group still understood
     * Groups All/Users and Anybody/Anyone/Anonymous automatically
       defined. All means anybody that has been authenticated, and
       Anybody is just anybody
     * Server:
     * Last-Modified:
     * Content-Length:
     * Content-Language:
     * Content-Encoding:
     * Scripts can output also Uri: and Expires: headers (this will
       eventually be made more general)
     * HEAD works, also with stupid scripts that also output the body
Enhancements, Fixes
     * The final explicit Map to filesystem in configuration file no
       longer required, because it was causing confusion
     * Assume Basic authentication scheme even if not explicitly
       mentioned in setup file
     * Get client DNS hostname, for the logfile among other things
     * Fail made the default when rules are translated to the end without
       coming accross with a Pass, Exec or Fail rule (this is to enhance
       security, it was too easy to forget the Fail * from the end of
       config file)
     * Made config (rule) file understand different ways of writing
       keywords, e.g.: UserDir, userdir, User-Dir, user_dir,
       UserDirectory and so on
     * The eight misplaced server-side access authorization files moved
       away from libwww
     * Fix: directory indexing works with a trailing slash
     * Fix: HTSimplify() called strcpy() with overlapping args
Ari Luotonen		 |
World-Wide Web Project	 |
CERN			 | phone: +41 22 767 8583
CH - 1211 Geneve 23	 | email: