compat_notes.html revision e94aa4039c8d70780910f474e94e400111e76c8d
<HTML><HEAD>
<TITLE>Apache HTTP Server: Compatibility Notes with NCSA's Server</TITLE>
</HEAD>
<BODY>
<!--#include virtual="header.html" -->
<H3>Compatibility Notes with NCSA's Server</H3>
<HR>
While Apache 0.8.x and beyond are for the most part a drop-in
replacement for NCSA's httpd and earlier versions of Apache, there are
a couple gotcha's to watch out for. These are mostly due to the fact
that the parser for config and access control files was rewritten from
scratch, so certain liberties the earlier servers took may not be
available here. These are all easily fixable. If you know of other
non-fatal problems that belong here, <a
href="http://www.apache.org/bugdb.cgi">let us know.</a>
<P>Please also check the <A HREF="known_bugs.html">known bugs</A> page.
<OL>
<LI>The basic mod_auth <CODE>AuthGroupFile</CODE>-specified group file
format allows commas between user names - Apache does not.<BR>
<I>- added 12/1/96</I>
<LI><CODE>AddType</CODE> only accepts one file extension per line, without
any dots (<code>.</code>) in the extension, and does not take full filenames.
If you need multiple extensions per type, use multiple lines, e.g.
<blockquote><code>
AddType application/foo foo<br>
AddType application/foo bar
</code></blockquote>
To map <code>.foo</code> and <code>.bar</code> to <code>application/foo</code>
<p>
<LI><P>If you follow the NCSA guidelines for setting up access restrictions
based on client domain, you may well have added entries for,
<CODE>AuthType, AuthName, AuthUserFile</CODE> or <CODE>AuthGroupFile</CODE>.
<B>None</B> of these are needed (or appropriate) for restricting access
based on client domain.
<P>When Apache sees <CODE>AuthType</CODE> it (reasonably) assumes you
are using some authorization type based on username and password.
<P>Please remove <CODE>AuthType</CODE>, it's unnecessary even for NCSA.
<P>
<LI><CODE>AuthUserFile</CODE> requires a full pathname. In earlier
versions of NCSA httpd and Apache, you could use a filename
relative to the .htaccess file. This could be a major security hole,
as it made it trivially easy to make a ".htpass" file in the a
directory easily accessable by the world. We recommend you store
your passwords outside your document tree.
<P>
<LI><CODE>OldScriptAlias</CODE> is no longer supported.
<P>
<LI><CODE>exec cgi=""</CODE> produces reasonable <B>malformed header</B>
responses when used to invoke non-CGI scripts.<BR>
The NCSA code ignores the missing header. (bad idea)<BR>
Solution: write CGI to the CGI spec or use <CODE>exec cmd=""</CODE> instead.
<P>We might add <CODE>virtual</CODE> support to <CODE>exec cmd</CODE> to
make up for this difference.
<P>
<LI>&lt;Limit&gt; sillyness - in the old Apache 0.6.5, a
directive of &lt;Limit GET&gt; would also restrict POST methods - Apache 0.8.8's new
core is correct in not presuming a limit on a GET is the same limit on a POST,
so if you are relying on that behavior you need to change your access configurations
to reflect that.
<P>
<LI>Icons for FancyIndexing broken - well, no, they're not broken, we've just upgraded the
icons from flat .xbm files to pretty and much smaller .gif files, courtesy of
<a href="mailto:kevinh@eit.com">Kevin Hughes</a> at
<a href="http://www.eit.com">EIT</a>.
If you are using the same srm.conf from an old distribution, make sure you add the new
AddIcon, AddIconByType, and DefaultIcon commands.
<P>
<LI>Under IRIX, the "Group" directive in httpd.conf needs to be a valid group name
(i.e. "nogroup") not the numeric group ID. The distribution httpd.conf, and earlier
ones, had the default Group be "#-1", which was causing silent exits at startup.<p>
<li><code>.asis</code> files: Apache 0.6.5 did not require a Status header;
it added one automatically if the .asis file contained a Location header.
0.8.14 requires a Status header. <p>
</OL>
More to come when we notice them....
<!--#include virtual="footer.html" -->
</BODY>
</HTML>