| <?xml version='1.0' encoding='UTF-8' ?> |
| <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd"> |
| <?xml-stylesheet type="text/xsl" href="./style/manual.en.xsl"?> |
| <!-- $LastChangedRevision$ --> |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <manualpage metafile="new_features_2_4.xml.meta"> |
| |
| <title>Overview of new features in Apache HTTP Server 2.4</title> |
| |
| <summary> |
| <p>This document describes some of the major changes between the |
| 2.2 and 2.4 versions of the Apache HTTP Server. For new features since |
| version 2.0, see the <a href="new_features_2_2.html">2.2 new features</a> |
| document.</p> |
| </summary> |
| |
| <section id="core"> |
| <title>Core Enhancements</title> |
| <dl> |
| <dt>Run-time Loadable MPMs</dt> |
| <dd>Multiple MPMs can now be <a href="mpm.html#dynamic">built |
| as loadable modules</a> at compile time. |
| The MPM of choice can be configured at run time via <directive |
| module="mod_so">LoadModule</directive> directive.</dd> |
| |
| <dt>Event MPM</dt> |
| <dd>The <a href="mod/event.html">Event MPM</a> is no longer experimental |
| but is now fully supported.</dd> |
| |
| <dt>Asynchronous support</dt> |
| <dd>Better support for asynchronous read/write for supporting MPMs and |
| platforms.</dd> |
| |
| <dt>Per-module and per-directory LogLevel configuration</dt> |
| <dd>The <directive module="core">LogLevel</directive> can now be |
| configured per module and per directory. New levels <code>trace1</code> |
| to <code>trace8</code> have been added above the <code>debug</code> log |
| level.</dd> |
| |
| <dt>Per-request configuration sections</dt> |
| <dd><directive module="core" type="section">If</directive>, |
| <directive module="core" type="section">ElseIf</directive>, |
| and <directive module="core" type="section">Else</directive> |
| sections can be used to set the configuration based on per-request |
| criteria.</dd> |
| |
| <dt>General-purpose expression parser</dt> |
| <dd>A new expression parser allows to specify |
| <a href="expr.html">complex conditions</a> using a common syntax |
| in directives like |
| <directive module="mod_setenvif">SetEnvIfExpr</directive>, |
| <directive module="mod_rewrite">RewriteCond</directive>, |
| <directive module="mod_headers">Header</directive>, |
| <directive module="core" type="section">If</directive>, |
| and others. |
| </dd> |
| |
| <dt>KeepAliveTimeout in milliseconds</dt> |
| <dd>It is now possible to specify <directive module="core" |
| >KeepAliveTimeout</directive> in milliseconds. |
| </dd> |
| |
| <dt>NameVirtualHost directive</dt> |
| <dd>No longer needed and is now deprecated.</dd> |
| |
| <dt>Override Configuration</dt> |
| <dd>The new <directive module="core">AllowOverrideList</directive> |
| directive allows more fine grained control which directives are |
| allowed in <code>.htaccess</code> files. </dd> |
| |
| <dt>Config file variables</dt> |
| <dd>It is now possible to <directive module="core">Define</directive> |
| variables in the configuration, allowing a clearer representation |
| if the same value is used at many places in the configuration. |
| </dd> |
| |
| <dt>Reduced memory usage</dt> |
| <dd>Despite many new features, 2.4.x tends to use less memory than |
| 2.2.x.</dd> |
| |
| </dl> |
| </section> |
| |
| <section id="newmods"> |
| <title>New Modules</title> |
| <dl> |
| <dt><module>mod_proxy_fcgi</module></dt> |
| <dd>FastCGI Protocol backend for <module>mod_proxy</module></dd> |
| |
| <dt><module>mod_proxy_scgi</module></dt> |
| <dd>SCGI Protocol backend for <module>mod_proxy</module></dd> |
| |
| <dt><module>mod_proxy_express</module></dt> |
| <dd>Provides dynamically configured mass reverse proxies for |
| <module>mod_proxy</module></dd> |
| |
| <dt><module>mod_remoteip</module></dt> |
| <dd>Replaces the apparent client remote IP address and hostname for the request |
| with the IP address list presented by a proxies or a load balancer via |
| the request headers.</dd> |
| |
| <dt><module>mod_heartmonitor</module>, |
| <module>mod_lbmethod_heartbeat</module></dt> |
| <dd>Allow <module>mod_proxy_balancer</module> to base loadbalancing decisions |
| on the number of active connections on the backend servers.</dd> |
| |
| <dt><module>mod_proxy_html</module></dt> |
| <dd>Formerly a third-party module, this supports fixing of HTML |
| links in a reverse proxy situation, where the backend generates |
| URLs that are not valid for the proxy's clients.</dd> |
| |
| <dt><module>mod_sed</module></dt> |
| <dd>An advanced replacement of <module>mod_substitute</module>, allows |
| to edit the response body with the full power of sed.</dd> |
| |
| <dt><module>mod_auth_form</module></dt> |
| <dd>Enables form-based authentication.</dd> |
| |
| <dt><module>mod_session</module></dt> |
| <dd>Enables the use of session state for clients, using cookie or |
| database storage.</dd> |
| |
| <dt><module>mod_allowmethods</module></dt> |
| <dd>New module to restrict certain HTTP methods without interfering with |
| authentication or authorization.</dd> |
| |
| <dt><module>mod_lua</module></dt> |
| <dd>Embeds the <a href="http://www.lua.org/">Lua</a> language into httpd, |
| for configuration and small business logic functions. (Experimental)</dd> |
| |
| <dt><module>mod_log_debug</module></dt> |
| <dd>Allows the addition of customizable debug logging at different phases of the |
| request processing.</dd> |
| |
| <dt><module>mod_buffer</module></dt> |
| <dd>Provides for buffering the input and output filter stacks</dd> |
| |
| <dt><module>mod_data</module></dt> |
| <dd>Convert response body into an RFC2397 data URL</dd> |
| |
| <dt><module>mod_ratelimit</module></dt> |
| <dd>Provides Bandwidth Rate Limiting for Clients</dd> |
| |
| <dt><module>mod_request</module></dt> |
| <dd>Provides Filters to handle and make available HTTP request bodies</dd> |
| |
| <dt><module>mod_reflector</module></dt> |
| <dd>Provides Reflection of a request body as a response via the output filter stack.</dd> |
| |
| <dt><module>mod_slotmem_shm</module></dt> |
| <dd>Provides a Slot-based shared memory provider (ala the scoreboard).</dd> |
| |
| <dt><module>mod_xml2enc</module></dt> |
| <dd>Formerly a third-party module, this supports internationalisation |
| in libxml2-based (markup-aware) filter modules.</dd> |
| |
| <dt><module>mod_macro</module> (available since 2.4.5)</dt> |
| <dd>Provide macros within configuration files.</dd> |
| |
| <dt><module>mod_proxy_wstunnel</module> (available since 2.4.5)</dt> |
| <dd>Support web-socket tunnels.</dd> |
| |
| <dt><module>mod_authnz_fcgi</module> (available since 2.4.10)</dt> |
| <dd>Enable FastCGI authorizer applications to authenticate and/or |
| authorize clients.</dd> |
| |
| <dt><module>mod_http2</module> (available since 2.4.17)</dt> |
| <dd>Support for the HTTP/2 transport layer.</dd> |
| |
| </dl> |
| </section> |
| |
| <section id="module"> |
| <title>Module Enhancements</title> |
| <dl> |
| <dt><module>mod_ssl</module></dt> |
| |
| <dd><module>mod_ssl</module> can now be configured to use an |
| OCSP server to check the validation status of a client |
| certificate. The default responder is configurable, along with |
| the decision on whether to prefer the responder designated in |
| the client certificate itself.</dd> |
| |
| <dd><module>mod_ssl</module> now also supports OCSP stapling, where the |
| server pro-actively obtains an OCSP verification of its certificate and |
| transmits that to the client during the handshake. </dd> |
| |
| <dd><module>mod_ssl</module> can now be configured to share SSL Session |
| data between servers through memcached</dd> |
| |
| <dd>EC keys are now supported in addition to RSA and DSA.</dd> |
| |
| <dd>Support for TLS-SRP (available in 2.4.4 and later).</dd> |
| |
| <dt><module>mod_proxy</module></dt> |
| |
| <dd>The <directive module="mod_proxy">ProxyPass</directive> directive |
| is now most optimally configured within a |
| <directive module="core">Location</directive> or |
| <directive module="core">LocationMatch</directive> |
| block, and offers a significant performance advantage over the traditional |
| two-parameter syntax when present in large numbers.</dd> |
| <dd>The source address used for proxy requests is now configurable.</dd> |
| <dd>Support for Unix domain sockets to the backend (available in 2.4.7 |
| and later).</dd> |
| |
| <dt><module>mod_proxy_balancer</module></dt> |
| |
| <dd>More runtime configuration changes for BalancerMembers via balancer-manager</dd> |
| |
| <dd>Additional BalancerMembers can be added at runtime via balancer-manager</dd> |
| |
| <dd>Runtime configuration of a subset of Balancer parameters</dd> |
| |
| <dd>BalancerMembers can be set to 'Drain' so that they only respond to existing sticky |
| sessions, allowing them to be taken gracefully offline.</dd> |
| |
| <dd>Balancer settings can be persistent after restarts.</dd> |
| |
| <dt><module>mod_cache</module></dt> |
| |
| <dd>The <module>mod_cache</module> CACHE filter can be optionally inserted |
| at a given point in the filter chain to provide fine control over caching. |
| </dd> |
| |
| <dd><module>mod_cache</module> can now cache HEAD requests.</dd> |
| |
| <dd>Where possible, <module>mod_cache</module> directives can now be set |
| per directory, instead of per server.</dd> |
| |
| <dd>The base URL of cached URLs can be customised, so that a cluster of |
| caches can share the same endpoint URL prefix.</dd> |
| |
| <dd><module>mod_cache</module> is now capable of serving stale cached |
| data when a backend is unavailable (error 5xx).</dd> |
| |
| <dd><module>mod_cache</module> can now insert HIT/MISS/REVALIDATE into |
| an X-Cache header.</dd> |
| |
| <dt><module>mod_include</module></dt> |
| <dd>Support for the 'onerror' attribute within an 'include' element, |
| allowing an error document to be served on error instead of the default |
| error string.</dd> |
| |
| <dt><module>mod_cgi</module>, <module>mod_include</module>, |
| <module>mod_isapi</module>, ...</dt> |
| <dd>Translation of headers to environment variables is more strict than |
| before to mitigate some possible cross-site-scripting attacks via header |
| injection. Headers containing invalid characters (including underscores) |
| are now silently dropped. <a href="env.html">Environment Variables |
| in Apache</a> has some pointers on how to work around broken legacy |
| clients which require such headers. (This affects all modules which |
| use these environment variables.)</dd> |
| |
| <dt><module>mod_authz_core</module> Authorization Logic Containers</dt> |
| |
| <dd>Advanced authorization logic may now be specified using the |
| <directive module="mod_authz_core">Require</directive> directive |
| and the related container directives, such as |
| <directive module="mod_authz_core" |
| type="section">RequireAll</directive>.</dd> |
| |
| <dt><module>mod_rewrite</module></dt> |
| <dd><module>mod_rewrite</module> adds the <code>[QSD]</code> |
| (Query String Discard) and <code>[END]</code> flags for |
| <directive module="mod_rewrite">RewriteRule</directive> to |
| simplify common rewriting scenarios.</dd> |
| <dd>Adds the possibility to use complex boolean expressions in <directive |
| module="mod_rewrite">RewriteCond</directive>.</dd> |
| <dd>Allows the use of SQL queries as <directive |
| module="mod_rewrite">RewriteMap</directive> functions.</dd> |
| |
| <dt><module>mod_ldap</module>, <module>mod_authnz_ldap</module></dt> |
| <dd><module>mod_authnz_ldap</module> adds support for nested groups.</dd> |
| <dd><module>mod_ldap</module> adds |
| <directive module="mod_ldap">LDAPConnectionPoolTTL</directive>, |
| <directive module="mod_ldap">LDAPTimeout</directive>, and |
| other improvements in the handling of timeouts. |
| This is especially useful for setups where a |
| stateful firewall drops idle connections to the LDAP server.</dd> |
| <dd><module>mod_ldap</module> adds |
| <directive module="mod_ldap">LDAPLibraryDebug</directive> to log |
| debug information provided by the used LDAP toolkit.</dd> |
| |
| <dt><module>mod_info</module></dt> |
| <dd><module>mod_info</module> can now dump the pre-parsed configuration |
| to stdout during server startup.</dd> |
| |
| <dt><module>mod_auth_basic</module></dt> |
| <dd>New generic mechanism to fake basic authentication (available in |
| 2.4.5 and later).</dd> |
| |
| </dl> |
| </section> |
| |
| <section id="programs"> |
| <title>Program Enhancements</title> |
| <dl> |
| <dt><program>fcgistarter</program></dt> |
| <dd>New FastCGI daemon starter utility</dd> |
| |
| <dt><program>htcacheclean</program></dt> |
| <dd>Current cached URLs can now be listed, with optional metadata |
| included.</dd> |
| <dd>Allow explicit deletion of individual cached URLs from the |
| cache.</dd> |
| <dd>File sizes can now be rounded up to the given block size, making |
| the size limits map more closely to the real size on disk.</dd> |
| <dd>Cache size can now be limited by the number of inodes, instead |
| of or in addition to being limited by the size of the files on |
| disk.</dd> |
| |
| <dt><program>rotatelogs</program></dt> |
| <dd>May now create a link to the current log file.</dd> |
| <dd>May now invoke a custom post-rotate script.</dd> |
| |
| <dt><program>htpasswd</program>, <program>htdbm</program></dt> |
| <dd>Support for the bcrypt algorithm (available in 2.4.4 and later). |
| </dd> |
| </dl> |
| </section> |
| |
| <section id="documentation"> |
| <title>Documentation</title> |
| <dl> |
| <dt>mod_rewrite</dt> |
| <dd>The <module>mod_rewrite</module> documentation has been |
| rearranged and almost completely rewritten, with a focus on |
| examples and common usage, as well as on showing you when other |
| solutions are more appropriate. The <a href="rewrite/">Rewrite |
| Guide</a> is now a top-level section with much more detail and |
| better organization.</dd> |
| |
| <dt>mod_ssl</dt> |
| <dd>The <module>mod_ssl</module> documentation has been greatly |
| enhanced, with more examples at the getting started level, in |
| addition to the previous focus on technical details.</dd> |
| |
| <dt>Caching Guide</dt> |
| <dd>The <a href="caching.html">Caching Guide</a> has been rewritten |
| to properly distinguish between the RFC2616 HTTP/1.1 caching |
| features provided by <module>mod_cache</module>, and the generic |
| key/value caching provided by the <a href="socache.html">socache</a> |
| interface, as well as to cover specialised caching provided by |
| mechanisms such as <module>mod_file_cache</module>.</dd> |
| |
| </dl> |
| </section> |
| |
| <section id="developer"> |
| <title>Module Developer Changes</title> |
| <dl> |
| <dt>Check Configuration Hook Added</dt> |
| |
| <dd>A new hook, <code>check_config</code>, has been added which runs |
| between the <code>pre_config</code> and <code>open_logs</code> |
| hooks. It also runs before the <code>test_config</code> hook |
| when the <code>-t</code> option is passed to |
| <program>httpd</program>. The <code>check_config</code> hook |
| allows modules to review interdependent configuration directive |
| values and adjust them while messages can still be logged to the |
| console. The user can thus be alerted to misconfiguration problems |
| before the core <code>open_logs</code> hook function redirects |
| console output to the error log.</dd> |
| |
| <dt>Expression Parser Added</dt> |
| |
| <dd>We now have a general-purpose expression parser, whose API is |
| exposed in <var>ap_expr.h</var>. This is adapted from the |
| expression parser previously implemented in |
| <module>mod_ssl</module>.</dd> |
| |
| <dt>Authorization Logic Containers</dt> |
| |
| <dd>Authorization modules now register as a provider, via |
| ap_register_auth_provider(), to support advanced authorization logic, |
| such as <directive module="mod_authz_core" type="section" |
| >RequireAll</directive>.</dd> |
| |
| <dt>Small-Object Caching Interface</dt> |
| |
| <dd>The <var>ap_socache.h</var> header exposes a provider-based |
| interface for caching small data objects, based on the previous |
| implementation of the <module>mod_ssl</module> session cache. |
| Providers using a shared-memory cyclic buffer, disk-based dbm |
| files, and a memcache distributed cache are currently |
| supported.</dd> |
| |
| <dt>Cache Status Hook Added</dt> |
| |
| <dd>The <module>mod_cache</module> module now includes a new |
| <code>cache_status</code> hook, which is called when the caching |
| decision becomes known. A default implementation is provided |
| which adds an optional <code>X-Cache</code> and |
| <code>X-Cache-Detail</code> header to the response.</dd> |
| </dl> |
| |
| <p>The developer documentation contains a |
| <a href="developer/new_api_2_4.html">detailed list of API changes</a>.</p> |
| </section> |
| |
| </manualpage> |