| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> |
| <HTML><HEAD> |
| <TITLE>Apache HTTP Server: Compatibility Notes with NCSA's Server</TITLE> |
| </HEAD> |
| <!-- Background white, links blue (unvisited), navy (visited), red (active) --> |
| <BODY |
| BGCOLOR="#FFFFFF" |
| TEXT="#000000" |
| LINK="#0000FF" |
| VLINK="#000080" |
| ALINK="#FF0000" |
| > |
| <!--#include virtual="header.html" --> |
| <H1 ALIGN="CENTER">Compatibility Notes with NCSA's Server</H1> |
| |
| <HR> |
| |
| While Apache 0.8.x and beyond are for the most part a drop-in |
| replacement for NCSA's httpd and earlier versions of Apache, there are |
| a couple gotcha's to watch out for. These are mostly due to the fact |
| that the parser for config and access control files was rewritten from |
| scratch, so certain liberties the earlier servers took may not be |
| available here. These are all easily fixable. If you know of other |
| non-fatal problems that belong here, <a |
| href="http://www.apache.org/bugdb.cgi">let us know.</a> |
| |
| <P>Please also check the <A HREF="known_bugs.html">known bugs</A> page. |
| |
| |
| |
| <OL> |
| |
| <LI>The basic mod_auth <CODE>AuthGroupFile</CODE>-specified group file |
| format allows commas between user names - Apache does not.<BR> |
| <I>- added 12/1/96</I> |
| </LI> |
| |
| <LI><P>If you follow the NCSA guidelines for setting up access restrictions |
| based on client domain, you may well have added entries for, |
| <CODE>AuthType, AuthName, AuthUserFile</CODE> or <CODE>AuthGroupFile</CODE>. |
| <B>None</B> of these are needed (or appropriate) for restricting access |
| based on client domain. |
| |
| <P>When Apache sees <CODE>AuthType</CODE> it (reasonably) assumes you |
| are using some authorization type based on username and password. |
| |
| <P>Please remove <CODE>AuthType</CODE>, it's unnecessary even for NCSA. |
| |
| <P> |
| |
| <LI><CODE>AuthUserFile</CODE> requires a full pathname. In earlier |
| versions of NCSA httpd and Apache, you could use a filename |
| relative to the .htaccess file. This could be a major security hole, |
| as it made it trivially easy to make a ".htpass" file in the a |
| directory easily accessible by the world. We recommend you store |
| your passwords outside your document tree. |
| |
| <P> |
| |
| <LI><CODE>OldScriptAlias</CODE> is no longer supported. |
| |
| <P> |
| |
| <LI><CODE>exec cgi=""</CODE> produces reasonable <B>malformed header</B> |
| responses when used to invoke non-CGI scripts.<BR> |
| The NCSA code ignores the missing header. (bad idea)<BR> |
| Solution: write CGI to the CGI spec or use <CODE>exec cmd=""</CODE> instead. |
| <P>We might add <CODE>virtual</CODE> support to <CODE>exec cmd</CODE> to |
| make up for this difference. |
| |
| <P> |
| |
| <LI><Limit> silliness - in the old Apache 0.6.5, a |
| directive of <Limit GET> would also restrict POST methods - Apache 0.8.8's new |
| core is correct in not presuming a limit on a GET is the same limit on a POST, |
| so if you are relying on that behavior you need to change your access configurations |
| to reflect that. |
| |
| <P> |
| |
| <LI>Icons for FancyIndexing broken - well, no, they're not broken, |
| we've just upgraded the |
| icons from flat .xbm files to pretty and much smaller .gif files, courtesy of |
| <a href="mailto:kevinh@eit.com">Kevin Hughes</a> at |
| <a href="http://www.eit.com/">EIT</a>. |
| If you are using the same srm.conf from an old distribution, make sure |
| you add the new |
| <A |
| HREF="../mod/mod_autoindex.html#addicon" |
| >AddIcon</A>, |
| <A |
| HREF="../mod/mod_autoindex.html#addiconbytype" |
| >AddIconByType</A>, |
| and |
| <A |
| HREF="../mod/mod_autoindex.html#defaulticon" |
| >DefaultIcon</A> |
| directives. |
| |
| <P> |
| |
| <LI>Under IRIX, the "Group" directive in httpd.conf needs to be a |
| valid group name |
| (<EM>i.e.</EM>, "nogroup") not the numeric group ID. The distribution |
| httpd.conf, and earlier ones, had the default Group be "#-1", which |
| was causing silent exits at startup.<p> |
| |
| <li><code>.asis</code> files: Apache 0.6.5 did not require a Status header; |
| it added one automatically if the .asis file contained a Location header. |
| 0.8.14 requires a Status header. <p> |
| |
| <P> |
| <LI>Apache versions before 1.2b1 will ignore the last line of configuration |
| files if the last line does not have a trailing newline. This affects |
| configuration files (httpd.conf, access.conf and srm.conf), and |
| htpasswd and htgroup files. |
| </LI> |
| |
| <LI>Apache does not permit commas delimiting the methods in <Limit>. |
| |
| <LI>Apache's <CODE><VirtualHost></CODE> treats all addresses as |
| "optional" (i.e. the server should continue booting if it can't resolve |
| the address). Whereas in NCSA the default is to fail booting unless |
| an added <code>optional</code> keyword is included. |
| |
| <LI>Apache does not implement <CODE>OnDeny</CODE> use |
| <a href="../mod/core.html#errordocument"><code>ErrorDocument</code></a> |
| instead. |
| |
| </OL> |
| |
| More to come when we notice them.... |
| |
| <!--#include virtual="footer.html" --> |
| </BODY> |
| </HTML> |