docs/manual/misc/compat_notes.html - httpd - Git at Google

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
 <HTML><HEAD>
 <TITLE>Apache HTTP Server: Compatibility Notes with NCSA's Server</TITLE>
 </HEAD>
 <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
 <BODY
  BGCOLOR="#FFFFFF"
  TEXT="#000000"
  LINK="#0000FF"
  VLINK="#000080"
  ALINK="#FF0000"
 >
 <!--#include virtual="header.html" -->
 <H1 ALIGN="CENTER">Compatibility Notes with NCSA's Server</H1>

 <HR>

 While Apache 0.8.x and beyond are for the most part a drop-in
 replacement for NCSA's httpd and earlier versions of Apache, there are
 a couple gotcha's to watch out for.  These are mostly due to the fact
 that the parser for config and access control files was rewritten from
 scratch, so certain liberties the earlier servers took may not be
 available here.  These are all easily fixable.  If you know of other
 non-fatal problems that belong here, <a
 href="http://www.apache.org/bugdb.cgi">let us know.</a>

 <P>Please also check the <A HREF="known_bugs.html">known bugs</A> page.


 <OL>

 <LI>The basic mod_auth <CODE>AuthGroupFile</CODE>-specified group file
     format allows commas between user names - Apache does not.<BR>
     <I>- added 12/1/96</I>
   <p>

   <LI><P>If you follow the NCSA guidelines for setting up access restrictions
   based on client domain, you may well have added entries for,
   <CODE>AuthType, AuthName, AuthUserFile</CODE> or <CODE>AuthGroupFile</CODE>.
   <B>None</B> of these are needed (or appropriate) for restricting access
   based on client domain.

   <P>When Apache sees <CODE>AuthType</CODE> it (reasonably) assumes you
   are using some authorization type based on username and password.

   <P>Please remove <CODE>AuthType</CODE>, it's unnecessary even for NCSA.

   <P>

   <LI><CODE>AuthUserFile</CODE> requires a full pathname. In earlier
       versions of NCSA httpd and Apache, you could use a filename
       relative to the .htaccess file. This could be a major security hole,
       as it made it trivially easy to make a ".htpass" file in the a
       directory easily accessible by the world. We recommend you store
       your passwords outside your document tree.

   <P>

   <LI><CODE>OldScriptAlias</CODE> is no longer supported.

   <P>

   <LI><CODE>exec cgi=""</CODE> produces reasonable <B>malformed header</B>
   responses when used to invoke non-CGI scripts.<BR>
   The NCSA code ignores the missing header. (bad idea)<BR>
   Solution: write CGI to the CGI spec or use <CODE>exec cmd=""</CODE> instead.
   <P>We might add <CODE>virtual</CODE> support to <CODE>exec cmd</CODE> to
   make up for this difference.

   <P>

   <LI>&lt;Limit&gt; silliness - in the old Apache 0.6.5, a
    directive of &lt;Limit GET&gt; would also restrict POST methods - Apache 0.8.8's new
    core is correct in not presuming a limit on a GET is the same limit on a POST,
    so if you are relying on that behavior you need to change your access configurations
    to reflect that.

   <P>

   <LI>Icons for FancyIndexing broken - well, no, they're not broken,
   we've just upgraded the
   icons from flat .xbm files to pretty and much smaller .gif files, courtesy of
 <a href="mailto:kevinh@eit.com">Kevin Hughes</a> at
 <a href="http://www.eit.com/">EIT</a>.
   If you are using the same srm.conf from an old distribution, make sure
   you add the new
   <A
    HREF="../mod/mod_autoindex.html#addicon"
   >AddIcon</A>,
   <A
    HREF="../mod/mod_autoindex.html#addiconbytype"
   >AddIconByType</A>,
   and
   <A
    HREF="../mod/mod_autoindex.html#defaulticon"
   >DefaultIcon</A>
   directives.

   <P>

   <LI>Under IRIX, the "Group" directive in httpd.conf needs to be a
   valid group name
   (<EM>i.e.</EM>, "nogroup") not the numeric group ID.  The distribution
   httpd.conf, and earlier  ones, had the default Group be "#-1", which
   was causing silent exits at startup.<p>

 <li><code>.asis</code> files: Apache 0.6.5 did not require a Status header;
 it added one automatically if the .asis file contained a Location header.
 0.8.14 requires a Status header. <p>

   <P>
   <LI>Apache versions before 1.2b1 will ignore the last line of configuration
   files if the last line does not have a trailing newline. This affects
   configuration files (httpd.conf, access.conf and srm.conf), and
   htpasswd and htgroup files.
   </LI>

   <LI>Apache does not permit commas delimiting the methods in &lt;Limit&gt;.

   <LI>Apache's <CODE>&lt;VirtualHost&gt;</CODE> treats all addresses as
   "optional" (i.e. the server should continue booting if it can't resolve
   the address).  Whereas in NCSA the default is to fail booting unless
   an added <code>optional</code> keyword is included.

   <LI>Apache does not implement <CODE>OnDeny</CODE> use
   <a href="../mod/core.html#errordocument"><code>ErrorDocument</code></a>
   instead.

 </OL>

 More to come when we notice them....

 <!--#include virtual="footer.html" -->
 </BODY>
 </HTML>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
	<HTML><HEAD>
	<TITLE>Apache HTTP Server: Compatibility Notes with NCSA's Server</TITLE>
	</HEAD>
	<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
	<BODY
	BGCOLOR="#FFFFFF"
	TEXT="#000000"
	LINK="#0000FF"
	VLINK="#000080"
	ALINK="#FF0000"
	>
	<!--#include virtual="header.html" -->
	<H1 ALIGN="CENTER">Compatibility Notes with NCSA's Server</H1>

	<HR>

	While Apache 0.8.x and beyond are for the most part a drop-in
	replacement for NCSA's httpd and earlier versions of Apache, there are
	a couple gotcha's to watch out for. These are mostly due to the fact
	that the parser for config and access control files was rewritten from
	scratch, so certain liberties the earlier servers took may not be
	available here. These are all easily fixable. If you know of other
	non-fatal problems that belong here, <a
	href="http://www.apache.org/bugdb.cgi">let us know.</a>

	<P>Please also check the <A HREF="known_bugs.html">known bugs</A> page.



	<OL>

	<LI>The basic mod_auth <CODE>AuthGroupFile</CODE>-specified group file
	format allows commas between user names - Apache does not.<BR>
	<I>- added 12/1/96</I>
	<p>

	<LI><P>If you follow the NCSA guidelines for setting up access restrictions
	based on client domain, you may well have added entries for,
	<CODE>AuthType, AuthName, AuthUserFile</CODE> or <CODE>AuthGroupFile</CODE>.
	<B>None</B> of these are needed (or appropriate) for restricting access
	based on client domain.

	<P>When Apache sees <CODE>AuthType</CODE> it (reasonably) assumes you
	are using some authorization type based on username and password.

	<P>Please remove <CODE>AuthType</CODE>, it's unnecessary even for NCSA.

	<P>

	<LI><CODE>AuthUserFile</CODE> requires a full pathname. In earlier
	versions of NCSA httpd and Apache, you could use a filename
	relative to the .htaccess file. This could be a major security hole,
	as it made it trivially easy to make a ".htpass" file in the a
	directory easily accessible by the world. We recommend you store
	your passwords outside your document tree.

	<P>

	<LI><CODE>OldScriptAlias</CODE> is no longer supported.

	<P>

	<LI><CODE>exec cgi=""</CODE> produces reasonable <B>malformed header</B>
	responses when used to invoke non-CGI scripts.<BR>
	The NCSA code ignores the missing header. (bad idea)<BR>
	Solution: write CGI to the CGI spec or use <CODE>exec cmd=""</CODE> instead.
	<P>We might add <CODE>virtual</CODE> support to <CODE>exec cmd</CODE> to
	make up for this difference.

	<P>

	<LI><Limit> silliness - in the old Apache 0.6.5, a
	directive of <Limit GET> would also restrict POST methods - Apache 0.8.8's new
	core is correct in not presuming a limit on a GET is the same limit on a POST,
	so if you are relying on that behavior you need to change your access configurations
	to reflect that.

	<P>

	<LI>Icons for FancyIndexing broken - well, no, they're not broken,
	we've just upgraded the
	icons from flat .xbm files to pretty and much smaller .gif files, courtesy of
	<a href="mailto:kevinh@eit.com">Kevin Hughes</a> at
	<a href="http://www.eit.com/">EIT</a>.
	If you are using the same srm.conf from an old distribution, make sure
	you add the new
	<A
	HREF="../mod/mod_autoindex.html#addicon"
	>AddIcon</A>,
	<A
	HREF="../mod/mod_autoindex.html#addiconbytype"
	>AddIconByType</A>,
	and
	<A
	HREF="../mod/mod_autoindex.html#defaulticon"
	>DefaultIcon</A>
	directives.

	<P>

	<LI>Under IRIX, the "Group" directive in httpd.conf needs to be a
	valid group name
	(<EM>i.e.</EM>, "nogroup") not the numeric group ID. The distribution
	httpd.conf, and earlier ones, had the default Group be "#-1", which
	was causing silent exits at startup.<p>

	<li><code>.asis</code> files: Apache 0.6.5 did not require a Status header;
	it added one automatically if the .asis file contained a Location header.
	0.8.14 requires a Status header. <p>

	<P>
	<LI>Apache versions before 1.2b1 will ignore the last line of configuration
	files if the last line does not have a trailing newline. This affects
	configuration files (httpd.conf, access.conf and srm.conf), and
	htpasswd and htgroup files.
	</LI>

	<LI>Apache does not permit commas delimiting the methods in <Limit>.

	<LI>Apache's <CODE><VirtualHost></CODE> treats all addresses as
	"optional" (i.e. the server should continue booting if it can't resolve
	the address). Whereas in NCSA the default is to fail booting unless
	an added <code>optional</code> keyword is included.

	<LI>Apache does not implement <CODE>OnDeny</CODE> use
	<a href="../mod/core.html#errordocument"><code>ErrorDocument</code></a>
	instead.

	</OL>

	More to come when we notice them....

	<!--#include virtual="footer.html" -->
	</BODY>
	</HTML>