306N/A<?
xml version='1.0' encoding='UTF-8' ?>
306N/A<!-- $LastChangedRevision$ --> 306N/A Licensed to the Apache Software Foundation (ASF) under one or more 306N/A contributor license agreements. See the NOTICE file distributed with 306N/A this work for additional information regarding copyright ownership. 306N/A The ASF licenses this file to You under the Apache License, Version 2.0 306N/A (the "License"); you may not use this file except in compliance with 306N/A the License. You may obtain a copy of the License at 306N/A Unless required by applicable law or agreed to in writing, software 306N/A distributed under the License is distributed on an "AS IS" BASIS, 306N/A WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 306N/A See the License for the specific language governing permissions and 306N/A limitations under the License. 306N/A<
title>Overview of new features in Apache HTTP Server 2.4</
title>
306N/A <
p>This document describes some of the major changes between the
306N/A 2.2 and 2.4 versions of the Apache HTTP Server. For new features since
306N/A <
title>Core Enhancements</
title>
306N/A <
dt>KeepAliveTimeout in milliseconds</
dt>
306N/A <
dd>It is now possible to specify <
directive module="core" 306N/A >KeepAliveTimeout</
directive> in milliseconds.
306N/A <
dd>Multiple MPMs can now be built as loadable modules at compile time.
306N/A The MPM of choice can be configured at run time.</
dd>
306N/A <
dt>Per-module and per-directory LogLevel configuration</
dt>
306N/A <
dd>The <
directive module="core">LogLevel</
directive> can now be
306N/A configured per module and per directory. New levels <
code>trace1</
code>
306N/A to <
code>trace8</
code> have been added above the <
code>debug</
code> log
306N/A <
title>Module Enhancements</
title>
306N/A <
dt><
module>mod_ssl</
module></
dt>
306N/A <
dd><
module>mod_ssl</
module> can now be configured to use an
306N/A OCSP server to check the validation status of a client
306N/A certificate. The default responder is configurable, along with
306N/A the decision on whether to prefer the responder designated in
306N/A the client certificate itself.</
dd>
306N/A <
dd><
module>mod_ssl</
module> now also supports OCSP stapling, where the
306N/A server pro-actively obtains an OCSP verification of its certificate and
306N/A transmits that to the client during the handshake. </
dd>
306N/A <
dd><
module>mod_ssl</
module> can now be configured to share SSL Session
306N/A data between servers through memcached</
dd>
306N/A <
dt><
module>mod_lua</
module></
dt>
306N/A for configuration and small business logic functions.</
dd>
306N/A <
dt><
module>mod_proxy</
module></
dt>
306N/A <
dd>The <
directive module="mod_proxy">ProxyPass</
directive> directive
306N/A is now most optimally configured within a
306N/A <
directive module="core">Location</
directive> or
306N/A <
directive module="core">LocationMatch</
directive>
306N/A block, and offers a significant performance advantage over the traditional
306N/A two-parameter syntax when present in large numbers.</
dd>
306N/A <
dt><
module>mod_proxy_fcgi</
module></
dt>
306N/A <
dd>FastCGI Protocol backend for <
module>mod_proxy</
module></
dd>
306N/A <
dt><
module>mod_cache</
module></
dt>
306N/A <
dd><
module>mod_cache</
module> can now cache HEAD requests.</
dd>
306N/A <
dd>Where possible, <
module>mod_cache</
module> directives can now be set
306N/A per directory, instead of per server.</
dd>
306N/A <
dd>The base URL of cached URLs can be customised, so that a cluster of
306N/A caches can share the same endpoint URL prefix.</
dd>
306N/A <
dd><
module>mod_cache</
module> is now capable of serving stale cached
306N/A data when a backend is unavailable (error 5xx).</
dd>
306N/A an X-Cache header.</
dd>
306N/A <
dt><
module>mod_allowmethods</
module></
dt>
306N/A <
dd>New module to restrict certain HTTP methods without interfering with
306N/A authentication or authorization.</
dd>
306N/A <
dt><
module>mod_include</
module></
dt>
306N/A <
dd>Support for the 'onerror' attribute within an 'include' element,
306N/A allowing an error document to be served on error instead of the default
306N/A <
dt><
module>mod_cgi</
module>, <
module>mod_include</
module>,
306N/A <
module>mod_isapi</
module>, ...</
dt>
306N/A <
dd>Translation of headers to environment variables is more strict than
306N/A before to mitigate some possible cross-site-scripting attacks via header
306N/A injection. Headers containing invalid characters (including underscores)
306N/A are now silently dropped. <
a href="env.html">Environment Variables
306N/A in Apache</
a> has some pointers on how to work around broken legacy
306N/A clients which require such headers. (This affects all modules which
306N/A use these environment variables.)</
dd>
306N/A <
section id="programs">
306N/A <
title>Program Enhancements</
title>
306N/A <
dd>FastCGI deamon starter utility</
dd>
306N/A <
dd>Current cached URLs can now be listed, with optional metadata
306N/A <
dd>Allow explicit deletion of individual cached URLs from the
<
dd>File sizes can now be rounded up to the given block size, making
the size limits map more closely to the real size on disk.</
dd>
<
dd>Cache size can now be limited by the number of inodes, instead
of or in addition to being limited by the size of the files on
<
title>Module Developer Changes</
title>
<
dt>Check Configuration Hook Added</
dt>
<
dd>A new hook, <
code>check_config</
code>, has been added which runs
between the <
code>pre_config</
code> and <
code>open_logs</
code>
hooks. It also runs before the <
code>test_config</
code> hook
when the <
code>-t</
code> option is passed to
<
program>httpd</
program>. The <
code>check_config</
code> hook
allows modules to review interdependent configuration directive
values and adjust them while messages can still be logged to the
console. The user can thus be alerted to misconfiguration problems
before the core <
code>open_logs</
code> hook function redirects
console output to the error log.</
dd>
<
dt>Expression Parser Added</
dt>
<
dd>We now have a general-purpose expression parser, whose API is
exposed in <
var>
ap_expr.h</
var>. This is adapted from the
expression parser previously implemented in
<
module>mod_include</
module>.</
dd>
<
dt>Authorization Logic Containers</
dt>
<
dd>Advanced authorization logic may now be specified using the
<
directive module="mod_authz_core">Require</
directive> directive
and the related container directives, such as
<
directive module="mod_authz_core" type="section">RequireAll</
directive>, all
provided by the <
module>mod_authz_core</
module> module.</
dd>
<
dt>Small-Object Caching Interface</
dt>
<
dd>The <
var>
ap_socache.h</
var> header exposes a provider-based
interface for caching small data objects, based on the previous
implementation of the <
module>mod_ssl</
module> session cache.
Providers using a shared-memory cyclic buffer, disk-based dbm
files, and a memcache distributed cache are currently
<
dt>Cache Status Hook Added</
dt>
<
dd>The <
module>mod_cache</
module> module now includes a new
<
code>cache_status</
code> hook, which is called when the caching
decision becomes known. A default implementation is provided
which adds an optional <
code>X-Cache</
code> and
<
code>X-Cache-Detail</
code> header to the response.</
dd>
<
p>The developer documentation contains a