## December 15, 2005

### Apache 2.2

Upgrading from version 2.0.55 to 2.2.0 of the world’s dominant WebServer was a bit more of a hassle than I thought it was going to be. So, herewith, some notes.

1. The Apple-supplied version of sed doesn’t work with the installation script. You need the GNU version of sed, which you can get from fink.
2. If, as I did, you have version 1.0 or 1.1 of apr installed, you need to build and install apr and apr-util 1.2 by hand, before building apache.
3. Five standard modules disappeared, or were renamed, and fifteen new ones were added. You need to edit your httpd.conf file appropriately.
--- httpd.conf.2.0      2005-12-04 02:11:43.000000000 -0600
+++ httpd.conf  2005-12-15 02:09:16.000000000 -0600
@@ -230,11 +230,27 @@
# Example:
#
@@ -256,7 +272,7 @@
LoadModule userdir_module modules/mod_userdir.so
4. You need to recompile PHP (and, potentially other 3rd party modules).
5. The authentication modules have been extensively reworked. If you use Digest Authentication, the commands for specifying the User and Group files have changed from
AuthDigestFile /some/path/davusers
AuthDigestGroupFile /some/path/davgroups
to
AuthDigestProvider file
AuthUserFile /some/path/davusers
AuthGroupFile /some/path/davgroups
AuthDigestProvider dbm
6. The command for starting an SSL-enabled server has been simplified from
apachectl startssl
to
apachectl start
So you need to edit the startup script, appropriately.
7. The security of server-side includes has been “tightened”. It used to be that
Options IncludesNOEXEC
would allow you to include files via
 <!--#include virtual="/file.html" -->
No longer! If you want to include a file, you need (apparently) to relax the permissions to
Options Includes

#### Update (12/16/2005):

#7 isn’t strictly correct. What’s actually happening is that if you set
Options IncludesNOEXEC

then mod_include checks whether the included file has MIME-type text/*. It’s relatively trivial to fix that to allow application/xhtml+* as well.

--- modules/filters/mod_include.c.orig  2005-12-15 23:19:01.000000000 -0600
+++ modules/filters/mod_include.c       2005-12-16 00:23:24.000000000 -0600
@@ -1675,7 +1675,8 @@
}

if (!error_fmt && (ctx->flags & SSI_FLAG_NO_EXEC) &&
-            rr->content_type && strncmp(rr->content_type, "text/", 5)) {
+            rr->content_type && strncmp(rr->content_type, "text/", 5)
+               && strncmp(rr->content_type, "application/xhtml+", 18) ) {

error_fmt = "unable to include potential exec \"%s\" in parsed "
"file %s";

Unfortunately, Apache 2.2 seems to be behaving very badly. It’ll run fine for a while. But then an individual child server, or two, will see its CPU usage spike (to as much as 100% of one of golem’s two processors). If I don’t find a solution soon, I’ll have to downgrade to 2.0.55.

#### Update (12/18/2005):

Apache 2.2.0 may be broken, but 2.3.0-dev works just fine.
Posted by distler at December 15, 2005 3:30 AM

TrackBack URL for this Entry:   http://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/698

### Re: Apache 2.2

GNU Sed is absolutely not required.

I just did a complete fresh install of APR/APR-Util/HTTPD on a completely fresh 10.4.3 machine (hard drive died on it… had to reinstall everything on a new hard drive).

Posted by: Paul Querna on December 18, 2005 12:41 PM | Permalink | Reply to this

### Sed

With the installed /usr/bin/sed, I got a slew of errors of the form

sed: 1: "/^dlname=/{s/.*='\([^'] ...": extra characters at the end of p command
Assuming installing a .so rather than a libtool archive.

It may be worth mentioning that this is with XCode 2.2. Maybe you are using an earlier version of the Developer Tools.

Posted by: Jacques Distler on December 18, 2005 12:54 PM | Permalink | PGP Sig | Reply to this

### Re: Sed

Its harmless AFAIK.

Posted by: Paul Querna on December 18, 2005 12:58 PM | Permalink | Reply to this

### Re: Sed

Umh … no it wasn’t. The installed version would not even launch.

Switching to GNU sed produced something that would actually run. (Modulo the CPU usage problems noted above.)

Posted by: Jacques Distler on December 18, 2005 1:07 PM | Permalink | PGP Sig | Reply to this

### Re: Sed

The same SED error has been happening on FreeBSD for at least a year now. Its just libtool being stupid, and it shouldn’t prevent anything from running/lanching/etc.

Posted by: Paul Querna on December 18, 2005 1:10 PM | Permalink | Reply to this

### Re: Sed

Shouldn’t …

Posted by: Jacques Distler on December 18, 2005 1:21 PM | Permalink | PGP Sig | Reply to this

Post a New Comment