NEW_HTTP_SERVER_2.4

NEW_HTTP_SERVER_2.4

New features in Apache HTTP Server 2.4

 

  • Core Enhancements

     

    • Run-time Loadable MPMs
    • Event MPM
    • Asynchronous support
    • Per-module and per-directory LogLevel configuration
    • Per-request configuration sections
    • General-purpose expression parser
    • KeepAliveTimeout in milliseconds
    • NameVirtualHost directive
    • Override Configuration
    • Config file variables
    • Reduced memory usage

 

  • Module Enhancements

     

    • mod_ssl
    • mod_proxy
    • mod_proxy_balancer
    • mod_cache
    • mod_include
    • mod_cgi, mod_include, mod_isapi
    • mod_authz_core
    • mod_rewrite
    • mod_ldap, mod_authnz_ldap
    • mod_info
    • mod_auth_basic

 

  • Documentation

     

    • mod_rewrite
    • mod_ssl
    • Caching Guide

 

  • New Modules

     

    • mod_proxy_fcgi
    • mod_proxy_scgi
    • mod_proxy_express
    • mod_remoteip
    • mod_heartmonitor, mod_lbmethod_heartbeat
    • mod_proxy_html
    • mod_sed
    • mod_auth_form
    • mod_session
    • mod_allowmethods
    • mod_lua
    • mod_log_debug
    • mod_buffer
    • mod_data
    • mod_ratelimit
    • mod_request
    • mod_reflector
    • mod_slotmem_shm
    • mod_xml2enc
    • mod_macro
    • mod_proxy_wstunnel
    • mod_authnz_fcgi mod_http2
    • mod_proxy_hcheck

 

 

  • Program Enhancements

     

    • fcgistarter
    • htcacheclean
    • rotatelogs
    • htpasswd, htdbm

 

 

Core Enhancements

Run-time Loadable MPMs
Multiple MPMs can now be built as loadable modules at compile time. The MPM of choice can be configured at runtime via LoadModule directive.
./configure --enable-mpms-shared=all
 
Event MPM
The Event MPM is no longer experimental but is now fully supported.
  This original goal of this MPM was to fix the 'keep alive problem' in HTTP. After a client completes the first request, it can keep the connection open, sending further requests using the same socket and saving significant overhead in creating TCP connections.
 
Asynchronous support
Better support for asynchronous read/write for supporting MPMs and platforms.
 
Per-module and per-directory LogLevel configuration
The LogLevel can now be configured per module and per directory. New levels trace1 to trace8 have been added above the debug log level.
Syntax:    LogLevel [module:]level [module:level] …
Default:    LogLevel warn
 
Per-request configuration sections
<If>, <ElseIf>, and <Else> sections can be used to set the configuration based on per-request criteria.
Example: – The <ElseIf> would match if the remote address of a request belongs to the subnet 10.0.0.0/8 but not to the subnet 10.1.0.0/16
<If "-R '10.1.0.0/16'">
  #…
</If>
<ElseIf "-R '10.0.0.0/8'">
  #…
</ElseIf>
<Else>
  #…
</Else>
Next Example:-
# ensure that mod_include is loaded
<IfModule !include_module>
  Error "mod_include is required by mod_foo.  Load it with LoadModule."
</IfModule>
General-purpose expression parser
A new expression parser allows to specify complex conditions using a common syntax in directives like SetEnvIfExpr, RewriteCond, Header, <If>, and others.
 
KeepAliveTimeout in milliseconds
It is now possible to specify KeepAliveTimeout in milliseconds.
The number of seconds Apache httpd will wait for a subsequent request before closing the connection. By adding a postfix of ms the timeout can be also set in milliseconds. Once a request has been received, the timeout value specified by the Timeout directive applies.
Setting KeepAliveTimeout to a high value may cause performance problems in heavily loaded servers.
Syntax: KeepAliveTimeout num[ms]
Default: KeepAliveTimeout 5
Example:- KeepAliveTimeout 5
 
NameVirtualHost directive
No longer needed and is now deprecated.
Override Configuration
When this directive is set to None and AllowOverride is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.
Example:
AllowOverride None
AllowOverrideList Redirect RedirectMatch
In the example above, only the Redirect and RedirectMatch directives are allowed. All others will cause an Internal Server Error.
Config file variables
It is now possible to Define variables in the configuration, allowing a clearer representation if the same value is used at many places in the configuration.
Reduced memory usage
Despite many new features, 2.4.x tends to use less memory than 2.2.x.

New Modules

mod_proxy_fcgi
FastCGI Protocol backend for mod_proxy
Example:-
        ProxyPass "/myapp/" "fcgi://localhost:4000/"
You have to enable mod_proxy and mod_proxy_fcgi.
mod_proxy_scgi
SCGI Protocol backend for mod_proxy
            Example:-
                               ProxyPass "/scgi-bin/" "scgi://localhost:4000/"
You have to enable mod_proxy and mod_proxy_scgi.
mod_proxy_express
Provides dynamically configured mass reverse proxies for mod_proxy
 
mod_remoteip
Replaces the apparent client remote IP address and hostname for the request with the IP address list presented by a proxy or a load balancer via the request headers.
Syntax:            RemoteIPHeader header-field
Context:          server config, virtual host
mod_heartmonitor, mod_lbmethod_heartbeat
Allow mod_proxy_balancer to base load balancing decisions on the number of active connections on the backend servers.
Syntax:            HeartbeatListenaddr:port
Default:           disabled
Context:          server config
Example:-
HeartbeatListen 239.0.0.1:27999
mod_proxy_html
Formerly a third-party module, this supports fixing of HTML links in a reverse proxy situation, where the backend generates URLs that are not valid for the proxy's clients.
mod_sed
An advanced replacement of mod_substitute, allows editing the response body with the full power of sed.
Adding an output filter
# In the following example, the sed filter will change the string
# "monday" to "MON" and the string "sunday" to SUN in html documents
# before sending to the client.
<Directory "/var/www/docs/sed">
    AddOutputFilter Sed html
    OutputSed "s/monday/MON/g"
    OutputSed "s/sunday/SUN/g"
</Directory>
Adding an input filter
# In the following example, the sed filter will change the string
# "monday" to "MON" and the string "sunday" to SUN in the POST data
# sent to PHP.
<Directory "/var/www/docs/sed">
    AddInputFilter Sed php
    InputSed "s/monday/MON/g"
    InputSed "s/sunday/SUN/g"
</Directory>
mod_auth_form
Enables form-based authentication.
 
mod_session
Enables the use of session state for clients, using cookie or database storage.
 
mod_allowmethods
New module to restrict certain HTTP methods without interfering with authentication or authorization.
Example:-
                  <Location /> 
AllowMethods GET HEAD
</Location>

mod_lua

Embeds the Lua language into httpd, for configuration and small business logic functions. (Experimental)

mod_log_debug

Allows the addition of customizable debug logging at different phases of the request processing.

mod_buffer

Provides for buffering the input and output filter stacks

mod_data

Convert response body into an RFC2397 data URL

mod_ratelimit

Provides Bandwidth Rate Limiting for Clients

Example:-
       <Location /downloads> 
SetOutputFilter RATE_LIMIT 
SetEnv rate-limit 400
</Location>
Note – rate-limit is in KiB/s

mod_request

Provides Filters to handle and make available HTTP request bodies

mod_reflector

Provides Reflection of a request body as a response via the output filter stack.

mod_slotmem_shm

Provides a Slot-based shared memory provider (ala the scoreboard).

mod_xml2enc

Formerly a third-party module, this supports internationalization in libxml2-based (markup-aware) filter modules.

mod_macro (available since 2.4.5)

Provide macros within configuration files.

mod_proxy_wstunnel (available since 2.4.5)

Support web-socket tunnels.

mod_authnz_fcgi (available since 2.4.10)

Enable FastCGI authorizer applications to authenticate and/or authorize clients.

mod_http2 (available since 2.4.17)

Support for the HTTP/2 transport layer.

mod_proxy_hcheck (available since 2.4.21)

Support independent dynamic health checks for remote proxiy backend servers.

 

Module Enhancements

mod_ssl

mod_ssl can now be configured to use an OCSP server to check the validation status of a client certificate. The default responder is configurable, along with the decision on whether to prefer the responder designated in the client certificate itself.

mod_ssl now also supports OCSP stapling, where the server pro-actively obtains an OCSP verification of its certificate and transmits that to the client during the handshake.

mod_ssl can now be configured to share SSL Session data between servers through memcached

EC keys are now supported in addition to RSA and DSA.

Support for TLS-SRP (available in 2.4.4 and later).

mod_proxy

The ProxyPass directive is now most optimally configured within a Location or LocationMatch block, and offers a significant performance advantage over the traditional two-parameter syntax when present in large numbers.

The source address used for proxy requests is now configurable.

Support for Unix domain sockets to the backend (available in 2.4.7 and later).

mod_proxy_balancer

More runtime configuration changes for BalancerMembers via balancer-manager

Additional BalancerMembers can be added at runtime via balancer-manager

Runtime configuration of a subset of Balancer parameters

BalancerMembers can be set to 'Drain' so that they only respond to existing sticky sessions, allowing them to be taken gracefully offline.

Balancer settings can be persistent after restarts.

mod_cache

The mod_cache CACHE filter can be optionally inserted at a given point in the filter chain to provide fine control over caching.

mod_cache can now cache HEAD requests.

Where possible, mod_cache directives can now be set per directory, instead of per server.

The base URL of cached URLs can be customized, so that a cluster of caches can share the same endpoint URL prefix.

mod_cache is now capable of serving stale cached data when a backend is unavailable (error 5xx).

mod_cache can now insert HIT/MISS/REVALIDATE into an X-Cache header.

mod_include

Support for the 'onerror' attributes within an 'include' element, allowing an error document to be served on error instead of the default error string.

mod_cgi, mod_include, mod_isapi, …

Translation of headers to environment variables is more strict than before to mitigate some possible cross-site-scripting attacks via header injection. Headers containing invalid characters (including underscores) are now silently dropped. Environment Variables in Apache has some pointers on how to work around broken legacy clients which require such headers. (This affects all modules which use these environment variables.)

mod_authz_core Authorization Logic Containers

Advanced authorization logic may now be specified using the Require directive and the related container directives, such as <RequireAll>.

mod_rewrite

mod_rewrite adds the [QSD] (Query String Discard) and [END] flags for RewriteRule to simplify common rewriting scenarios.

Adds the possibility to use complex boolean expressions in RewriteCond.

Allows the use of SQL queries as RewriteMap functions.

mod_ldap, mod_authnz_ldap

mod_authnz_ldap adds support for nested groups.

mod_ldap adds LDAPConnectionPoolTTL, LDAPTimeout, and other improvements in the handling of timeouts. This is especially useful for setups where a stateful firewall drops idle connections to the LDAP server.

mod_ldap adds LDAPLibraryDebug to log debug information provided by the used LDAP toolkit.

mod_info

mod_info can now dump the pre-parsed configuration to stdout during server startup.

mod_auth_basic

New generic mechanism to fake basic authentication (available in 2.4.5 and later).

 

Program Enhancements

fcgistarter

New FastCGI daemon starter utility

htcacheclean

Current cached URLs can now be listed, with optional metadata included.

Allow explicit deletion of individual cached URLs from the cache.

File sizes can now be rounded up to the given block size, making the size limits map more closely to the real size on disk.

Cache size can now be limited by the number of inodes, instead of or in addition to being limited by the size of the files on disk.

rotatelogs

May now create a link to the current log file.

May now invoke a custom post-rotate script.

htpasswd, htdbm

Support for the bcrypt algorithm (available in 2.4.4 and later).

 

Documentation

mod_rewrite

The mod_rewrite documentation has been rearranged and almost completely rewritten, with a focus on examples and common usage, as well as on showing you when other solutions are more appropriate. The Rewrite Guide is now a top-level section with much more detail and better organization.

mod_ssl

The mod_ssl documentation has been greatly enhanced, with more examples at the getting started level, in addition to the previous focus on technical details.

Caching Guide

The Caching Guide has been rewritten to properly distinguish between the RFC2616 HTTP/1.1 caching features provided by mod_cache, and the generic key/value caching provided by the socache interface, as well as to cover specialized caching provided by mechanisms such as mod_file_cache.

 

Take reference from apache.org

 

Leave a Reply

Your email address will not be published. Required fields are marked *