CERN httpd 2.17beta released (Ari Luotonen)
Date: Tue, 5 Apr 1994 06:37:29 --100
Message-id: <>
Precedence: bulk
From: (Ari Luotonen)
To: Multiple recipients of list <>
Subject: CERN httpd 2.17beta released
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 12188
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

CERN httpd is a generic hypertext server which can be used as a
regular HTTP server running typically on port 80 to serve hypertext
and other documents, and also as a proxy -- a server on a firewall
machine -- that provides with access for people inside a firewall to
the outside world.  When running as proxy httpd may be configured to
do caching of documents.  Caching is still in beta test phase.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

CERN httpd 2.17beta is released, source code from:

This package includes EVERYTHING, so don't ftp the libwww.
Precompiled binaries are supplied for:

  Fat NeXT-386:
  DecStation Ultrix:
  DEC OSF/1:

Precompiled binaries are all in cern_httpd_bins.tar.Z, which also
includes a default set of icons, and sample configuration files for
normal and proxy use.  README file is now also up-to-date, and may be
useful reading.

For Sun4 there is also a cern_httpd_bins-lresolv.tar.Z which contains
an httpd linked with the -lresolv option.

Compilation for other Unix platforms should not be very complicated.
I would be happy to receive diffs, if any, to make it compile for
other platforms.  Also binaries other than those already on are welcome.

Current VMS version is 2.16beta.

Documentation in:

and a PostScript version [68 pages]:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                   CERN HTTPD 2.17BETA RELEASE NOTES
General New Features
     * PUT and POST can be configured to be handled by external CGI
       scripts; PUT-Script and POST-Script directives
     * BodyTimeOut for timing out scripts waiting for input that never
       comes from clients
     * IdentityCheck directive to turn on RFC931 remote login name
     * REMOTE_IDENT for CGI giving remote login name; this was the only
       feature missing to be fully CGI/1.0 compiant
     * CGI/1.1 upgrade:
          + all the headers without a special meaning to CGI from CGI
            scripts get passed to the client
          + Status: header to specify the HTTP status code and message
            for client when not using NPH scripts
          + all HTTP request header lines which are not otherwise
            available to the scripts get passed as HTTP_XXX_YYY
            environment variables
     * Understands conditional GET request with If-Modified-Since header
     * kill -HUP causes httpd to re-read its configuration file
     * PidFile directive for specifying the file to write the process id
       [makes it easy to send the HUP signal
     * ServerRoot directive to specify a "home directory" for httpd
     * Directory listings with icons; by default icons are in icons
       subdirectory under ServerRoot
     * The precompiled binaries are distributed in a tar packet that
       contains a set of default icons; the easiest way to configure the
       icons is to just set the ServerRoot to point to the binary
       distribution directory [its name is cern_httpd]
     * Welcome directive to specify the name of the overview page of the
       directory; default values are Welcome.html, welcome.html and, for
       compatibility with NCSA server, index.html. Use of Welcome
       directive will override all the defaults.
     * AlwaysWelcome directive to configure if /directory and /directory/
       are to be taken to mean the same thing, or should only /directory/
       be mapped to the overview page and /directory produce the
       directory listing.
     * /~user causes an automatic redirection to /~user/
     * Now gives also the Date: header.
     * Port directive to config file specifying the port number to listen
Access Authorization Enhancements / Proxy Protections
     * Now also domain name templates, like *, can be used in
       specifying allowed hosts, not only IP number masks
     * ACLOverRide directive to allow ACLs to override the Masks set in
       the protection setup [without this feature ACLs cannot allow
       anything more than what the Masks allow, only restrict access
       further]. This directive disables Mask checking if an ACL file is
     * Since setting up protection seemed to be unnecessarily hard, it is
       now possible to give the protection setup in the main
       configuration file instead of having to use a different file; it
       is still ok to use a different file.
          + Protection directive defines a protection setup and
            associates a name with it:
        Protection  prot-name  {
                AuthType    Basic
                ServerId    Test-Server
                PasswdFile  /where/ever/passwd
                GroupFile   /where/ever/group
                UserId      someuser
                GroupId     somegroup
                GET-Mask    list, of, users, and, groups
                POST-Mask   list, of, users, and, groups
                PUT-Mask    list, of, users, and, groups
        The content between the curly braces is the same as used to go
            the the protection setup file. What's new is the possibility
            to specify the UserId and GroupId for the clild process when
            serving the request in protected mode. This is not possible
            with external files for security reasons [it is not possible
            inside the external file, but it is not possible if the ids
            are set when calling that file; see doc for more details].
          + A single Mask directive for cases when GET-Mask, POST-Mask
            and PUT-Mask are the same.
          + In Protect rule the prot-name is specified instead of the
            file name; what's more is that Protect can now be used to
            protect also proxied URLs:
                Protect http:*   prot-name
                Protect ftp:*    prot-name
                Protect gopher:* prot-name
Enhancements, Fixes
     * Incorporated Ian Dunkin's <> SOCKS modifications
       (thank you, Ian!); read the README-SOCKS file in the source code
       distribution for more information.
     * SIGPIPE causes a normal child to exit; proxy child will correctly
       stop writing to client socket but still writes to cache file
       [previously just kept on writing to the socket, too]
     * 401, 402, 403, 404 errors don't go to error log anymore
     * error log contains now the host name and request
     * no longer sends Content-Transfer-Encoding, we agreed upon using
       Content-Encoding for compression
     * fixed funny panic message from format module in verbose mode even
       though everything was ok [only aesthetic]
     * now gives again "not authorized" rather than not found if trying
       to access a protected but nonexistant file; this way even
       filenames don't leak
     * all time specifications in configuration file have more readable
        1 year
        2 months
        3 weeks 2 days
        5 days 20 hours 30 mins 2 secs
        2 weeks 20:30
     * Case-sense bug with LogTime, LogFormat, DirAccess and DirReadme
       fixed; now paramters really are handled in a case-insensitive
Proxy Additions, Fixes
     * Proxy protections, see above
     * Made proxy do smart guesses about the content of an unknown file
       while retrieving from the remote; this will end the problems of
       some files not being transferred to WinMosaic or Lynx. IMPORTANT:
       Everybody, remove the rule [if you have it]:

        AddType  *.*  text/plain

   because it would disable this smart feature.
     * Fixed a bug with unknown binary gopher files being truncated
     * Fixed the bug with trailing slashes in ftp directory listings
     * Fixed the bug with requests not being URL-encoded when forwarding
       the request
     * Fixed a bug with filenames in directory listings not being
     * Fixed stupid "mail-us" situation in certain situations when ftp
       load fails
Proxy Caching
     * Cache is refreshed using the conditional GET method [use of
       If-Modified-Since header]
     * Standalone cache mode with CacheNoConnect directive [causes an
       error rather than document fetch when the document is not in the
     * Possibility to disable garbage collection altogether
     * Possibility to disable expiry checking
     * Caching Off to explicitly turn off caching even if there are other
       caching directives specified
     * -gc_only command line option to do garbage collection as a cron
       job for sites that run httpd as a proxy from inetd. However, since
       httpd now re-reads its configuration files when it receives a HUP
       signal, it makes standalone operation now even more easy, and
       inetd should no longer be much more convenient.
     * Host names are converted to all-lower-case to avoid doing multiple
       caching for a single site.
     * Files expiring immediately never get written to the cache; not
       even part of it.
     * By default HTTP-retrieved documents without an Expires: and
       Last-Modified: field never get cached [because they are usually
       generated by scripts and should never be cached]; therefore I
       strongly advice against the use of CacheDefaultExpiry for HTTP.
     * Caching control directives have changed to take a URL template as
       a first argument, and a more readable time format:

        CacheDefaultExpiry  ftp:*     2 weeks 4 days
        CacheDefaultExpiry  gopher:*  6 days
        CacheUnused         http:*    1 month
        CacheUnused         ftp:*     2 weeks
        CacheUnused         gopher:*  1 week 5 days 2 hours 1 min 30 secs
     * Made the expiry date approximation configurable; by default
       documents with Last-Modified: but without Expires: expire after
       10% of the time that they have been unmodified.
       CacheLastModifiedfactor can be used to change this value, or turn
       this feature Off. Default value is 0.1 [=10%].
     * Understands yet another date format:
        Thu, 10 Feb 1994 22:23:32 GMT
   This date format is not conforming to the spec, so use of it is
       discouraged! This is only to make the proxy more robust.
     * NoCaching directive to prevent certain URLs from being cached at
     * Time margin to get rid of problems with machine clocks having
       inaccurate times and confusing caching.
     * GcDailyGc to specify a daily garbage collection time, by default
       3:00. [Can be turned Off, too.]
     * Now possible to disable GcReqInterval and GcTimeInterval [by
       default disabled].
     * Expired cache lock files get removed also during gc.
     * CacheAccessLog to specify a different log file for cache accesses;
       also possible to make a separate log for each remote host.
   A new product cgiutils for producing HTTP1 replies from CGI scripts,
   and for easily generating the Expires: header given the time to live,
   e.g. "2 weeks 4 hours 30 mins".  See:

  This is a pair for the cgiparse program used to parse the input for
  CGI scripts:

 Ari Luotonen		  | Henrik Frystyk		| Mark Donszelmann  |	|
 + 41 22 767 8583	  | + 41 22 767 8265		| + 41 22 767 3555

-------- World-Wide Web Project, CERN, CH-1211 Geneve 23, Switzerland --------