Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 93225 invoked from network); 20 Sep 2005 11:58:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 20 Sep 2005 11:58:34 -0000 Received: (qmail 42601 invoked by uid 500); 20 Sep 2005 11:58:32 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 42417 invoked by uid 500); 20 Sep 2005 11:58:31 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 42204 invoked by uid 99); 20 Sep 2005 11:58:30 -0000 X-ASF-Spam-Status: No, hits=-9.8 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 20 Sep 2005 04:58:28 -0700 Received: (qmail 92968 invoked by uid 65534); 20 Sep 2005 11:58:20 -0000 Message-ID: <20050920115820.92967.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r290427 - in /httpd/httpd/branches/2.2.x/docs/manual: ./ faq/ mod/ programs/ ssl/ vhosts/ Date: Tue, 20 Sep 2005 11:58:12 -0000 To: cvs@httpd.apache.org From: colm@apache.org X-Mailer: svnmailer-1.0.5 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: colm Date: Tue Sep 20 04:57:56 2005 New Revision: 290427 URL: http://svn.apache.org/viewcvs?rev=290427&view=rev Log: Backport all outstanding docs/manual changes from trunk to the 2.2.x branch. Only the SetEnvIf documentation was left out. Modified: httpd/httpd/branches/2.2.x/docs/manual/env.xml httpd/httpd/branches/2.2.x/docs/manual/faq/all_in_one.xml httpd/httpd/branches/2.2.x/docs/manual/faq/error.xml httpd/httpd/branches/2.2.x/docs/manual/faq/index.xml httpd/httpd/branches/2.2.x/docs/manual/install.xml httpd/httpd/branches/2.2.x/docs/manual/mod/beos.xml httpd/httpd/branches/2.2.x/docs/manual/mod/leader.xml httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml httpd/httpd/branches/2.2.x/docs/manual/mod/mod_cache.xml httpd/httpd/branches/2.2.x/docs/manual/mod/mod_dbd.xml httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_config.xml httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_balancer.xml httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_common.xml httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_netware.xml httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_winnt.xml httpd/httpd/branches/2.2.x/docs/manual/mod/mpmt_os2.xml httpd/httpd/branches/2.2.x/docs/manual/mod/perchild.xml httpd/httpd/branches/2.2.x/docs/manual/mod/prefork.xml httpd/httpd/branches/2.2.x/docs/manual/mod/threadpool.xml httpd/httpd/branches/2.2.x/docs/manual/mod/worker.xml httpd/httpd/branches/2.2.x/docs/manual/new_features_2_2.html.en httpd/httpd/branches/2.2.x/docs/manual/new_features_2_2.xml httpd/httpd/branches/2.2.x/docs/manual/programs/apachectl.xml httpd/httpd/branches/2.2.x/docs/manual/programs/httpd.xml httpd/httpd/branches/2.2.x/docs/manual/sitemap.xml httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_intro.xml httpd/httpd/branches/2.2.x/docs/manual/stopping.xml httpd/httpd/branches/2.2.x/docs/manual/vhosts/details.xml Modified: httpd/httpd/branches/2.2.x/docs/manual/env.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/env.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/env.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/env.xml Tue Sep 20 04:57:56 2005 @@ -349,7 +349,7 @@
suppress-error-charset -

Available in versions 2.2 and later

+

Available in versions after 2.0.54

When Apache issues a redirect in response to a client request, the response includes some actual text to be displayed in case Modified: httpd/httpd/branches/2.2.x/docs/manual/faq/all_in_one.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/faq/all_in_one.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/faq/all_in_one.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/faq/all_in_one.xml Tue Sep 20 04:57:56 2005 @@ -32,10 +32,10 @@ web site, at <http://httpd.apache.org/docs-2.1/faq/>.

-

Since Apache 2.0 is quite new, we don't yet know what the Frequently - Asked Questions will be. While this section fills up, you should also - consult the Apache 1.3 - FAQ to see if your question is answered there.

+

If you don't find the answer to your question in the below + sections, please also consult the Apache 1.3 + FAQ to see if your question is answered there.

&categories; Modified: httpd/httpd/branches/2.2.x/docs/manual/faq/error.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/faq/error.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/faq/error.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/faq/error.xml Tue Sep 20 04:57:56 2005 @@ -35,6 +35,7 @@
  • AcceptEx failed
  • Premature end of script headers
    • +
  • Permission denied
    • Invalid argument: @@ -77,6 +78,32 @@ available in the <a href="../howto/cgi.html#troubleshoot">CGI tutorial</a>.</p> </section> + + <section id="error.permissiondenied"><title>Permission denied + +

    A Permission denied error in the + error_log, accompanied by a Forbidden + message to the client usually indicates a problem with your + filesystem permissions, rather than a problem in the Apache HTTP + Server configuration files. Check to make sure that the + User and Group running the child processes + has adequate permission to access the files in question. Also + check that the directory and all parent directories are at least + searchable for that user and group (i.e., chmod + +x).

    + +

    Recent releases of Fedora Core and other Linux distributions + using SELinux have additional access restrictions beyond those + used by the basic filesystem. Violations of these restrictions + will also result in a Permission denied message. See + the Fedora + SELinux FAQ and Apache + SELinux Policy Document.

    + +
    Modified: httpd/httpd/branches/2.2.x/docs/manual/faq/index.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/faq/index.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/faq/index.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/faq/index.xml Tue Sep 20 04:57:56 2005 @@ -34,11 +34,10 @@ this FAQ all in one page for easy searching and printing.

    -

    Since Apache 2.0 is quite new, we don't yet know what the - Frequently Asked Questions will be. While this section fills up, - you should also consult the Apache 1.3 FAQ to see - if your question is answered there.

    +

    If you don't find the answer to your question in the below + sections, please also consult the Apache 1.3 + FAQ to see if your question is answered there.

    &categories; Modified: httpd/httpd/branches/2.2.x/docs/manual/install.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/install.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/install.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/install.xml Tue Sep 20 04:57:56 2005 @@ -152,14 +152,15 @@
    For some of the support scripts like apxs or dbmmanage (which are written in Perl) the Perl 5 interpreter is required (versions - 5.003 or newer are sufficient). If no such interpreter is found by - the configure script there is no harm. Of course, you - still can build and install Apache 2.0. Only those support scripts - cannot be used. If you have multiple Perl interpreters - installed (perhaps a Perl 4 from the vendor and a Perl 5 from - your own), then it is recommended to use the --with-perl - option (see below) to make sure the correct one is selected - by configure.
    + 5.003 or newer are sufficient). If you have multiple Perl + interpreters (for example, a systemwide install of Perl 4, and + your own install of Perl 5), you are advised to use the + --with-perl option (see below) to make sure the + correct one is used by configure. + If no Perl 5 interpreter is found by the + configure script, you will not be able to use + the affected support scripts. Of course, you will still be able to + build and use Apache 2.0. Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/beos.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/beos.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/beos.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/beos.xml Tue Sep 20 04:57:56 2005 @@ -43,6 +43,8 @@ ListenBacklog +ReceiveBufferSize + SendBufferSize StartThreads Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/leader.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/leader.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/leader.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/leader.xml Tue Sep 20 04:57:56 2005 @@ -66,6 +66,8 @@ ListenBacklog +ReceiveBufferSize + SendBufferSize LockFile Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_alias.xml Tue Sep 20 04:57:56 2005 @@ -184,27 +184,32 @@ FileInfo -

    The Redirect directive maps an old URL into a new one. The - new URL is returned to the client which attempts to fetch it - again with the new address. URL-path a (%-decoded) - path; any requests for documents beginning with this path will - be returned a redirect error to a new (%-encoded) URL beginning - with URL.

    +

    The Redirect directive maps an old URL into a new one by asking + the client to refetch the resource at the new location.

    + +

    The old URL-path is a (%-decoded) path beginning with + a slash. A relative path is not allowed. The new URL + should be an absolute URL beginning with a scheme and hostname, + but a URL-path beginning with a slash may also be used, in which + case the scheme and hostname of the current server will be + added.

    + +

    Then any request beginning with URL-Path will return a + redirect request to the client at the location of the target + URL. Additional path information beyond the matched + URL-Path will be appended to the target URL.

    Example: - Redirect /service http://foo2.bar.com/service + Redirect /service http://foo2.example.com/service -

    If the client requests http://myserver/service/foo.txt, it - will be told to access http://foo2.bar.com/service/foo.txt +

    If the client requests http://example.com/service/foo.txt, it + will be told to access http://foo2.example.com/service/foo.txt instead.

    Note

    Redirect directives take precedence over Alias and ScriptAlias directives, irrespective of their ordering in -the configuration file. Also, URL-path must be a fully -qualified URL, not a relative path, even when used with .htaccess files or -inside of Directory -sections.

     +the configuration file.

    If no status argument is given, the redirect will be "temporary" (HTTP status 302). This indicates to the client Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_cache.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_cache.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_cache.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_cache.xml Tue Sep 20 04:57:56 2005 @@ -86,8 +86,8 @@ <IfModule mod_cache.c>
    #LoadModule disk_cache_module modules/mod_disk_cache.so
    - # If you want to use mod_disk_cache instead of mod_mem_cache, - # uncomment the line above and comment out the LoadModule line below. + # If you want to use mod_disk_cache instead of mod_mem_cache,
    + # uncomment the line above and comment out the LoadModule line below.
    <IfModule mod_disk_cache.c>
    CacheRoot c:/cacheroot
    @@ -107,6 +107,9 @@ MCacheMaxObjectSize 2048
     </IfModule>
    +
    + # When acting as a proxy, don't cache the list of security updates
    + CacheDisable http://security.update.server/update-list/
     </IfModule> @@ -145,6 +148,20 @@ CacheEnable fd /images
    CacheEnable disk /
    + +

    When acting as a forward proxy server, url-string can + also be used to specify remote sites and proxy protocols which + caching should be enabled for.

    + + + # Cache proxied url's
    + CacheEnable disk /

    + # Cache FTP-proxied url's
    + CacheEnable disk ftp://

    + # Cache content from www.apache.org
    + CacheEnable disk http://www.apache.org/
    +     +     Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_dbd.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_dbd.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_dbd.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_dbd.xml Tue Sep 20 04:57:56 2005 @@ -51,7 +51,7 @@
    Apache DBD API -

    mod_dbd exports three functions for other modules +

    mod_dbd exports four functions for other modules to use. The API is as follows:

    @@ -77,10 +77,14 @@ */ AP_DECLARE(ap_dbd_t*) ap_dbd_acquire(request_rec*); +/* Prepare a statement for use by a client module */ +AP_DECLARE(void) ap_dbd_prepare(server_rec*, const char*, const char*); + /* Also export them as optional functions for modules that prefer it */ APR_DECLARE_OPTIONAL_FN(ap_dbd_t*, ap_dbd_open, (apr_pool_t*, server_rec*)); APR_DECLARE_OPTIONAL_FN(void, ap_dbd_close, (server_rec*, ap_dbd_t*)); APR_DECLARE_OPTIONAL_FN(ap_dbd_t*, ap_dbd_acquire, (request_rec*)); +APR_DECLARE_OPTIONAL_FN(void, ap_dbd_prepare, (server_rec*, const char*, const char*));
    @@ -94,7 +98,8 @@ SQL query or select commands.

    It is up to dbd user modules to use the prepared statements - and document what statements can be specified in httpd.conf.

    + and document what statements can be specified in httpd.conf, + or to provide their own directives and use ap_dbd_prepare.

    Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_config.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_config.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_config.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_log_config.xml Tue Sep 20 04:57:56 2005 @@ -132,7 +132,9 @@ %{format}P The process ID or thread id of the child that serviced the - request. Valid formats are pid and tid. + request. Valid formats are pid, tid, + and hextid. hextid requires APR 1.2.0 or + higher. %q Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_balancer.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_balancer.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_balancer.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_balancer.xml Tue Sep 20 04:57:56 2005 @@ -58,7 +58,7 @@ -
    +
    Request Counting Algorithm

    Enabled via lbmethod=byrequests, the idea behind this scheduler is that we distribute the requests among the @@ -237,7 +237,7 @@ are selected with 3 b interspersed.

    -
    +
    Weighted Traffic Counting Algorithm

    Enabled via lbmethod=bytraffic, the idea behind this scheduler is very similar to the Request Counting method, with Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_ssl.xml Tue Sep 20 04:57:56 2005 @@ -1390,14 +1390,29 @@ AuthConfig -

    -This directive sets the Certificate verification level for the remote server -Authentication. Notice that this directive can be used both in per-server and -per-directory context. In per-server context it applies to the remote server -authentication process used in the standard SSL handshake when a connection is -established. In per-directory context it forces a SSL renegotation with the -reconfigured remote server verification level after the HTTP request was read but -before the HTTP response is sent.

    + +

    When a proxy is configured to forward requests to a remote SSL +server, this directive can be used to configure certificate +verification of the remote server. Notice that this directive can be +used both in per-server and per-directory context. In per-server +context it applies to the remote server authentication process used in +the standard SSL handshake when a connection is established by the +proxy. In per-directory context it forces a SSL renegotation with the +reconfigured remote server verification level after the HTTP request +was read but before the HTTP response is sent.

    + + +

    Note that even when certificate verification is enabled, +mod_ssl does not check whether the +commonName (hostname) attribute of the server certificate +matches the hostname used to connect to the server. In other words, +the proxy does not guarantee that the SSL connection to the backend +server is "secure" beyond the fact that the certificate is signed by +one of the CAs configured using the +SSLProxyCACertificatePath and/or +SSLProxyCACertificateFile directives.

    +     +

    The following levels are available for level:

      Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_common.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_common.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_common.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_common.xml Tue Sep 20 04:57:56 2005 @@ -157,6 +157,27 @@ +GracefulShutdownTimeout +Specify a timeout after which a gracefully shutdown server +will exit. +GracefulShutDownTimeout seconds +GracefulShutDownTimeout 0 +server config +preforkworker +event +Available in version 2.2 and later + + +

      The GracefulShutdownTimeout specifies + how many seconds after receiving a "graceful-stop" signal, a + server should continue to run, handling the existing connections.

      + +

      Setting this value to zero means that the server will wait + indefinitely until all remaining requests have been fully served.

      +       +       + + Group Group under which the server will answer requests @@ -641,6 +662,26 @@ +ReceiveBufferSize +TCP receive buffer size +ReceiveBufferSize bytes +ReceiveBufferSize 0 +server config +beosleader +mpm_netwarempm_winnt +mpmt_os2perchildprefork +threadpoolworker + + +

      The server will set the TCP receive buffer size to the number of + bytes specified.

      + +

      If set to the value of 0, the server will use the + OS default.

      +       +       + + SendBufferSize TCP buffer size SendBufferSize bytes @@ -652,13 +693,13 @@ threadpoolworker -

      The server will set the TCP buffer size to the number of bytes +

      The server will set the TCP send buffer size to the number of bytes specified. Very useful to increase past standard OS defaults on high speed high latency (i.e., 100ms or so, such as transcontinental fast pipes).

      If set to the value of 0, the server will use the - OS deault.

      + OS default.

             Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_netware.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_netware.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_netware.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_netware.xml Tue Sep 20 04:57:56 2005 @@ -73,6 +73,8 @@ MaxRequestsPerChild +ReceiveBufferSize + SendBufferSize MaxSpareThreads Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_winnt.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_winnt.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_winnt.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/mpm_winnt.xml Tue Sep 20 04:57:56 2005 @@ -50,6 +50,8 @@ ScoreBoardFile +ReceiveBufferSize + SendBufferSize ThreadLimit Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mpmt_os2.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/mpmt_os2.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/mpmt_os2.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/mpmt_os2.xml Tue Sep 20 04:57:56 2005 @@ -55,6 +55,8 @@ ListenBacklog +ReceiveBufferSize + SendBufferSize MaxRequestsPerChild Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/perchild.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/perchild.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/perchild.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/perchild.xml Tue Sep 20 04:57:56 2005 @@ -168,6 +168,8 @@ ScoreBoardFile +ReceiveBufferSize + SendBufferSize ServerLimit Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/prefork.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/prefork.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/prefork.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/prefork.xml Tue Sep 20 04:57:56 2005 @@ -105,6 +105,8 @@ ScoreBoardFile +ReceiveBufferSize + SendBufferSize ServerLimit Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/threadpool.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/threadpool.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/threadpool.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/threadpool.xml Tue Sep 20 04:57:56 2005 @@ -60,6 +60,8 @@ ListenBacklog +ReceiveBufferSize + SendBufferSize LockFile Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/worker.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/mod/worker.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/worker.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/worker.xml Tue Sep 20 04:57:56 2005 @@ -167,6 +167,8 @@ ScoreBoardFile +ReceiveBufferSize + SendBufferSize ServerLimit Modified: httpd/httpd/branches/2.2.x/docs/manual/new_features_2_2.html.en URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/new_features_2_2.html.en?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/new_features_2_2.html.en (original) +++ httpd/httpd/branches/2.2.x/docs/manual/new_features_2_2.html.en Tue Sep 20 04:57:56 2005 @@ -52,6 +52,15 @@ has been introduced to cleanup mod_disk_cache setups. +
      Graceful stop
      +
      The prefork and worker MPMs now + allow httpd to be shutdown gracefully via the + graceful-stop + signal. The GracefulShutdownTimeout directive + has been added to specify an optional timeout, after which + httpd will terminate regardless of the status + of any requests being served.
      +
      Proxying
      The new mod_proxy_balancer module provides load balancing services for mod_proxy. Modified: httpd/httpd/branches/2.2.x/docs/manual/new_features_2_2.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/new_features_2_2.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/new_features_2_2.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/new_features_2_2.xml Tue Sep 20 04:57:56 2005 @@ -48,6 +48,17 @@ has been introduced to cleanup mod_disk_cache setups.
      +
      Graceful stop
      +
      The prefork, worker and + event MPMs now allow httpd + to be shutdown gracefully via the + graceful-stop + signal. The GracefulShutdownTimeout directive + has been added to specify an optional timeout, after which + httpd will terminate regardless of the status + of any requests being served.
      +
      Proxying
      The new mod_proxy_balancer module provides load balancing services for mod_proxy. Modified: httpd/httpd/branches/2.2.x/docs/manual/programs/apachectl.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/programs/apachectl.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/programs/apachectl.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/programs/apachectl.xml Tue Sep 20 04:57:56 2005 @@ -125,6 +125,13 @@ restart to make sure Apache doesn't die. This is equivalent to apachectl -k graceful.
      +
      graceful-stop
      + +
      Gracefully stops the Apache httpd daemon. +This differs from a normal stop in that currently open connections are not +aborted. A side effect is that old log files will not be closed immediately. +This is equivalent to apachectl -k graceful-stop.
      +
      configtest
      Run a configuration file syntax test. It parses the configuration Modified: httpd/httpd/branches/2.2.x/docs/manual/programs/httpd.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/programs/httpd.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/programs/httpd.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/programs/httpd.xml Tue Sep 20 04:57:56 2005 @@ -51,7 +51,8 @@ [ -C directive ] [ -c directive ] [ -D parameter ] [ -e level ] [ -E - file ] [ -k start|restart|graceful|stop ] + file ] + [ -k start|restart|graceful|stop|graceful-stop ] [ -R directory ] [ -h ] [ -l ] [ -L ] [ -S ] [ -t ] [ -v ] [ -V ] @@ -84,7 +85,7 @@ module="core">ServerRoot. The default is conf/httpd.conf.
      -
      -k start|restart|graceful|stop
      +
      -k start|restart|graceful|stop|graceful-stop
      Signals httpd to start, restart, or stop. See Stopping Apache for more information.
      Modified: httpd/httpd/branches/2.2.x/docs/manual/sitemap.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/sitemap.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/sitemap.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/sitemap.xml Tue Sep 20 04:57:56 2005 @@ -43,6 +43,7 @@ Stopping and Restarting the Server Configuration Files How Directory, Location and Files sections work +Content Caching Server-Wide Configuration Log Files Mapping URLs to Filesystem Locations Modified: httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_intro.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_intro.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_intro.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_intro.xml Tue Sep 20 04:57:56 2005 @@ -40,15 +40,15 @@ intended to be a definitive guide to the SSL protocol, nor does it discuss specific techniques for managing certificates in an organization, or the important legal issues of patents and import and export restrictions. -Rather, it is intended to provide a common background to mod_ssl users by -pulling together various concepts, definitions, and examples as a starting -point for further exploration.

      +Rather, it is intended to provide a common background to mod_ssl users by pulling together various concepts, definitions, +and examples as a starting point for further exploration.

      -

      The presented content is mainly derived, with permission by the author, +

      The presented content is mainly derived, with the author's permission, from the article Introducing -SSL and Certificates using SSLeay from Frederick J. Hirsch, of The +href="http://home.comcast.net/~fjhirsch/Papers/wwwj/">Introducing +SSL and Certificates using SSLeay by Frederick J. Hirsch, of The Open Group Research Institute, which was published in Web Security: A Matter of Trust, World Wide Web Journal, Volume 2, Issue 3, Summer 1997. @@ -73,10 +73,10 @@ money. Alice would like the message to be private, since it will include information such as her account number and transfer amount. One solution is to use a cryptographic algorithm, a technique that would - transform her message into an encrypted form, unreadable except by - those it is intended for. Once in this form, the message may only be - interpreted through the use of a secret key. Without the key the - message is useless: good cryptographic algorithms make it so difficult + transform her message into an encrypted form, unreadable until it is + decrypted. Once in this form, the message can only be + decrypted by using a secret key. Without the key the message is useless: + good cryptographic algorithms make it so difficult for intruders to decode the original text that it isn't worth their effort.

      @@ -87,11 +87,12 @@
      Conventional cryptography
      also known as symmetric cryptography, requires the sender and receiver to share a key: a secret piece of information that may be - used to encrypt or decrypt a message. If this key is secret, then - nobody other than the sender or receiver may read the message. If - Alice and the bank know a secret key, then they may send each other - private messages. The task of privately choosing a key before - communicating, however, can be problematic.
      + used to encrypt or decrypt a message. As long as this key is kept + secret, nobody other than the sender or recipient can read the message. + If Alice and the bank know a secret key, then they can send each other + private messages. The task of sharing a key between sender and recipient + before communicating, while also keeping it secret from others, can be + problematic.
      Public key cryptography
      also known as asymmetric cryptography, solves the key exchange @@ -102,9 +103,9 @@ (the public key) and keeping the other secret (the private key).
      -

      Anyone may encrypt a message using the public key, but only the +

      Anyone can encrypt a message using the public key, but only the owner of the private key will be able to read it. In this way, Alice - may send private messages to the owner of a key-pair (the bank), by + can send private messages to the owner of a key-pair (the bank), by encrypting it using their public key. Only the bank will be able to decrypt it.

    @@ -115,35 +116,42 @@ is still a concern that someone might modify her original message or substitute it with a different one, in order to transfer the money to themselves, for instance. One way of guaranteeing the integrity - of Alice's message is to create a concise summary of her message and - send this to the bank as well. Upon receipt of the message, the bank - creates its own summary and compares it with the one Alice sent. If - they agree then the message was received intact.

    + of Alice's message is for her to create a concise summary of her + message and send this to the bank as well. Upon receipt of the message, + the bank creates its own summary and compares it with the one Alice + sent. If the summaries are the same then the message has been received + intact.

    A summary such as this is called a message digest, one-way -function or hash function. Message digests are used to create -short, fixed-length representations of longer, variable-length messages. -Digest algorithms are designed to produce unique digests for different -messages. Message digests are designed to make it too difficult to determine -the message from the digest, and also impossible to find two different -messages which create the same digest -- thus eliminating the possibility of -substituting one message for another while maintaining the same digest.

    -

    Another challenge that Alice faces is finding a way to send the digest to the -bank securely; when this is achieved, the integrity of the associated message -is assured. One way to do this is to include the digest in a digital -signature.

    + function or hash function. Message digests are used to create + a short, fixed-length representation of a longer, variable-length message. + Digest algorithms are designed to produce a unique digests for each + message. Message digests are designed to make it impractically difficult + to determine the message from the digest, and (in theory) impossible to + find two different messages which create the same digest -- thus + eliminating the possibility of substituting one message for another while + maintaining the same digest.

    + +

    Another challenge that Alice faces is finding a way to send the digest + to the bank securely; if the digest is not sent securely, its integrity may + be compromised, and with it, the possibility for the bank to determine the + integrity of the original message. Only if the digest is sent securely can + the integrity of the associated message be determined.

    + +

    One way to send the digest securely is to include it in a digital + signature.

    Digital Signatures

    When Alice sends a message to the bank, the bank needs to ensure that the -message is really from her, so an intruder does not request a transaction +message is really from her, so an intruder cannot request a transaction involving her account. A digital signature, created by Alice and included with the message, serves this purpose.

    Digital signatures are created by encrypting a digest of the message, and other information (such as a sequence number) with the sender's -private key. Though anyone may decrypt the signature using the public -key, only the signer knows the private key. This means that only they may +private key. Though anyone can decrypt the signature using the public +key, only the sender knows the private key. This means that only they can have signed it. Including the digest in the signature means the signature is only good for that message; it also ensures the integrity of the message since no one can change the digest and still sign it.

    @@ -160,13 +168,13 @@

    Although Alice could have sent a private message to the bank, signed it, and ensured the integrity of the message, she still needs to be sure that she is really communicating with the bank. This means that she needs -to be sure that the public key she is using corresponds to the bank's -private key. Similarly, the bank also needs to verify that the message -signature really corresponds to Alice's signature.

    +to be sure that the public key she is using is part of the bank's key-pair, +and not an intruder's. Similarly, the bank needs to verify that the message +signature really was signed by the private key that belongs to Alice.

    If each party has a certificate which validates the other's identity, -confirms the public key, and is signed by a trusted agency, then they both -will be assured that they are communicating with whom they think they are. +confirms the public key, and is signed by a trusted agency, then both +can be assured that they are communicating with whom they think they are. Such a trusted agency is called a Certificate Authority, and certificates are used for authentication.

    @@ -248,9 +256,9 @@

    A Certificate Authority may define a policy specifying which distinguished field names are optional, and which are required. It may also place requirements upon the field contents, as may users of - certificates. As an example, a Netscape browser requires that the - Common Name for a certificate representing a server has a name which - matches a wildcard pattern for the domain name of that server, such + certificates. For example, a Netscape browser requires that the + Common Name for a certificate representing a server matches a wildcard + pattern for the domain name of that server, such as *.snakeoil.com.

    The binary format of a certificate is defined using the ASN.1 @@ -261,10 +269,9 @@ Rules (DER), which are based on the more general Basic Encoding Rules (BER). For those transmissions which cannot handle binary, the binary form may be translated into an ASCII form by using Base64 encoding - [MIME]. This encoded version is called PEM encoded - (the name comes from "Privacy Enhanced Mail"), when placed between - begin and end delimiter lines as illustrated in the following - example.

    + [MIME]. When placed between begin and end delimiter + lines (as below), this encoded version is called a PEM ("Privacy Enhanced + Mail") encoded certificate.

    Example of a PEM-encoded certificate (snakeoil.crt) @@ -291,12 +298,12 @@
    Certificate Authorities -

    By first verifying the information in a certificate request +

    By verifying the information in a certificate request before granting the certificate, the Certificate Authority assures - the identity of the private key owner of a key-pair. For instance, - if Alice requests a personal certificate, the Certificate Authority - must first make sure that Alice really is the person the certificate - request claims.

    + itself of the identity of the private key owner of a key-pair. + For instance, if Alice requests a personal certificate, the + Certificate Authority must first make sure that Alice really is the + person the certificate claims she is.

    Certificate Chains @@ -314,15 +321,15 @@

    As noted earlier, each certificate requires an issuer to assert the validity of the identity of the certificate subject, up to the top-level Certificate Authority (CA). This presents a problem: - Since this is who vouches for the certificate of the top-level + who can vouch for the certificate of the top-level authority, which has no issuer? In this unique case, the certificate is "self-signed", so the issuer of the certificate is - the same as the subject. As a result, one must exercise extra care - in trusting a self-signed certificate. The wide publication of a + the same as the subject. Browsers are preconfigured to trust well-known + certificate authorities, but it is important to exercise extra care in + trusting a self-signed certificate. The wide publication of a public key by the root authority reduces the risk in trusting this key -- it would be obvious if someone else publicized a key - claiming to be the authority. Browsers are preconfigured to trust - well-known certificate authorities.

    + claiming to be the authority.

    A number of companies, such as Thawte and VeriSign @@ -346,21 +353,25 @@

    Establishing a Certificate Authority is a responsibility which requires a solid administrative, technical, and management framework. Certificate Authorities not only issue certificates, - they also manage them -- that is, they determine how long - certificates are valid, they renew them, and they keep lists of - certificates that have already been issued but are no longer valid - (Certificate Revocation Lists, or CRLs). Say Alice is entitled to - a certificate as an employee of a company. Say too, that the - certificate needs to be revoked when Alice leaves the company. Since - certificates are objects that get passed around, it is impossible - to tell from the certificate alone that it has been revoked. When - examining certificates for validity, therefore, it is necessary to - contact the issuing Certificate Authority to check CRLs -- this - is not usually an automated part of the process.

    + they also manage them -- that is, they determine for how long + certificates remain valid, they renew them, and they keep lists of + certificates that were issued in the past but are no longer valid + (Certificate Revocation Lists, or CRLs).

    + +

    For example, if Alice is entitled to a certificate as an + employee of a company, but has now left + that company, her certificate may need to be revoked. + Because certificates are only issued after the subject's identity has + been verified, and can then be passed around to all those with whom + the subject may communicate, it is impossible to tell from the + certificate alone that it has been revoked. + When examining certificates for validity, therefore, + it is necessary to contact the issuing Certificate Authority to + check CRLs -- this is usually not an automated part of the process.

    Note -

    If you use a Certificate Authority that is not configured into - browsers by default, it is necessary to load the Certificate +

    If you use a Certificate Authority that browsers are not configured + to trust by default, it is necessary to load the Certificate Authority certificate into the browser, enabling the browser to validate server certificates signed by that Certificate Authority. Doing so may be dangerous, since once loaded, the browser will @@ -434,23 +445,23 @@ the Internet Engineering Task Force (IETF).

    -Session Establishment +Establishing a Session

    The SSL session is established by following a handshake sequence between client and server, as shown in Figure 1. This sequence may vary, depending on whether the server is configured to provide a server certificate or request a client - certificate. Though cases exist where additional handshake steps + certificate. Although cases exist where additional handshake steps are required for management of cipher information, this article - summarizes one common scenario: see the SSL specification for the full + summarizes one common scenario. See the SSL specification for the full range of possibilities.

    Note -

    Once an SSL session has been established it may be reused, thus - avoiding the performance penalty of repeating the many steps needed - to start a session. For this the server assigns each SSL session a +

    Once an SSL session has been established, it may be reused. This + avoids the performance penalty of repeating the many steps needed + to start a session. To do this, the server assigns each SSL session a unique session identifier which is cached in the server and which the - client can use on forthcoming connections to reduce the handshake - (until the session identifer expires in the cache of the server).

    + client can use in future connections to reduce the handshake time + (until the session identifer expires from the cache of the server).

    @@ -470,7 +481,7 @@

    The first step, Cipher Suite Negotiation, allows the client and - server to choose a Cipher Suite supportable by both of them. The SSL3.0 + server to choose a Cipher Suite supported by both of them. The SSL3.0 protocol specification defines 31 Cipher Suites. A Cipher Suite is defined by the following components:

    @@ -488,24 +499,24 @@

    The key exchange method defines how the shared secret symmetric cryptography key used for application data transfer will be agreed upon by client and server. SSL 2.0 uses RSA key exchange only, while - SSL 3.0 supports a choice of key exchange algorithms including the - RSA key exchange when certificates are used, and Diffie-Hellman key - exchange for exchanging keys without certificates and without prior - communication between client and server.

    + SSL 3.0 supports a choice of key exchange algorithms including + RSA key exchange (when certificates are used), and Diffie-Hellman key + exchange (for exchanging keys without certificates, or without prior + communication between client and server).

    One variable in the choice of key exchange methods is digital signatures -- whether or not to use them, and if so, what kind of - signatures to use. Signing with a private key provides assurance + signatures to use. Signing with a private key provides protection against a man-in-the-middle-attack during the information exchange - used in generating the shared key [AC96, p516].

    + used to generating the shared key [AC96, p516].

    Cipher for Data Transfer -

    SSL uses the conventional cryptography algorithm (symmetric - cryptography) described earlier for encrypting messages in a session. - There are nine choices, including the choice to perform no - encryption:

    +

    SSL uses conventional symmetric cryptography, as described earlier, + for encrypting messages in a session. + There are nine choices of how to encrypt, including the option not to + encrypt:

    • No encryption
      • @@ -524,14 +535,14 @@
    -

    Here "CBC" refers to Cipher Block Chaining, which means that a +

    "CBC" refers to Cipher Block Chaining, which means that a portion of the previously encrypted cipher text is used in the encryption of the current block. "DES" refers to the Data Encryption Standard [AC96, ch12], which has a number of - variants (including DES40 and 3DES_EDE). "Idea" is one of the best - and cryptographically strongest available algorithms, and "RC2" is - a proprietary algorithm from RSA DSI [AC96, - ch13].

    + variants (including DES40 and 3DES_EDE). "Idea" is currently one of + the best and cryptographically strongest algorithms available, + and "RC2" is a proprietary algorithm from RSA DSI [AC96, ch13].

    @@ -546,8 +557,8 @@

    The message digest is used to create a Message Authentication Code - (MAC) which is encrypted with the message to provide integrity and to - prevent against replay attacks.

    + (MAC) which is encrypted with the message to verify integrity and to + protect against replay attacks.

    @@ -578,9 +589,9 @@

    The encapsulation of SSL control protocols by the record protocol means that if an active session is renegotiated the control protocols - will be transmitted securely. If there were no session before, then - the Null cipher suite is used, which means there is no encryption and - messages have no integrity digests until the session has been + will be transmitted securely. If there was no previous session, + the Null cipher suite is used, which means there will be no encryption and + messages will have no integrity digests, until the session has been established.

    @@ -588,11 +599,11 @@ Data Transfer

    The SSL Record Protocol, shown in Figure 3, is used to transfer application and SSL Control data between the - client and server, possibly fragmenting this data into smaller units, + client and server, where necessary fragmenting this data into smaller units, or combining multiple higher level protocol data messages into single units. It may compress, attach digest signatures, and encrypt these units before transmitting them using the underlying reliable transport - protocol (Note: currently all major SSL implementations lack support + protocol (Note: currently, no major SSL implementations include support for compression).

    @@ -605,12 +616,12 @@

    Securing HTTP Communication

    One common use of SSL is to secure Web HTTP communication between - a browser and a webserver. This case does not preclude the use of - non-secured HTTP. The secure version is mainly plain HTTP over SSL - (named HTTPS), but with one major difference: it uses the URL scheme - https rather than http and a different - server port (by default 443). This mainly is what mod_ssl provides to you for the Apache webserver...

    + a browser and a webserver. This does not preclude the use of + non-secured HTTP - the secure version (called HTTPS) is the same as + plain HTTP over SSL, but uses the URL scheme https + rather than http, and a different server port (by default, + port 443). This functionality is a large part of what mod_ssl provides for the Apache webserver.

    Modified: httpd/httpd/branches/2.2.x/docs/manual/stopping.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/stopping.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/stopping.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/stopping.xml Tue Sep 20 04:57:56 2005 @@ -61,7 +61,7 @@

    The second method of signaling the httpd processes is to use the -k command line options: stop, - restart, and graceful, + restart, graceful and graceful-stop, as described below. These are arguments to the httpd binary, but we recommend that you send them using the apachectl control script, which @@ -104,11 +104,6 @@ it with a child from the new generation of the configuration, which begins serving new requests immediately.

    - On certain platforms that do not allow USR1 to - be used for a graceful restart, an alternative signal may be used (such - as WINCH). The command apachectl graceful - will send the right signal for your platform. -

    This code is designed to always respect the process control directive of the MPMs, so the number of processes and threads available to serve clients will be maintained at the appropriate @@ -119,9 +114,10 @@ been created, then create enough to pick up the slack. Hence the code tries to maintain both the number of children appropriate for the current load on the server, and respect your wishes with the - StartServers parameter.

    + StartServers + parameter.

    -

    Users of the mod_status +

    Users of mod_status will notice that the server statistics are not set to zero when a USR1 is sent. The code was written to both minimize the time in which the server is unable @@ -185,29 +181,76 @@ error. See above for a method of avoiding this.

    +
    Graceful Stop + +
    Signal: WINCH
    +
    apachectl -k graceful-stop
    +
    + +

    The WINCH or graceful-stop signal causes + the parent process to advise the children to exit after + their current request (or to exit immediately if they're not + serving anything). The parent will then remove its PidFile and cease listening on + all ports. The parent will continue to run, and monitor children + which are handling requests. Once all children have finalised + and exited or the timeout specified by the GracefulShutdownTimeout has been + reached, the parent will also exit. If the timeout is reached, + any remaining children will be sent the TERM signal + to force them to exit.

    + +

    A TERM signal will immediately terminate the + parent process and all children when in the "graceful" state. However + as the PidFile will + have been removed, you will not be able to use + apachectl or httpd to send this signal,

    + +

    The graceful-stop signal allows you to run multiple + identically configured instances of httpd at the + same time. This is a powerful feature when performing graceful + upgrades of Apache, however it can also cause deadlocks and race + conditions with some configurations.

    + +

    Care has been taken to ensure that on-disk files + such as the Lockfile and ScriptSock files contain the server + PID, and should co-exist without problem. However, if a configuration + directive, third-party module or persistent CGI utilises any other on-disk + lock or state files; care should be taken to ensure that multiple running + instances of httpd do not clobber each others files.

    + +

    You should also be wary of other potential race conditions, such as + using rotatelogs style piped logging. Multiple running + instances of rotatelogs attempting to rotate the same + logfiles at the same time may destroy each other's logfiles.

     +
    + +
    Appendix: signals and race conditions

    Prior to Apache 1.2b9 there were several race - conditions involving the restart and die signals (a simple - description of race condition is: a time-sensitive problem, as - in if something happens at just the wrong time it won't behave - as expected). For those architectures that have the "right" + conditions involving the restart and die signals (a simply put, + a race condition is a time-sensitive problem - if something happens + at just the wrong time or things happen in the wrong order, + undesired behaviour will result. If the same thing happens at the right + time, all will be well). For those architectures that have the "right" feature set we have eliminated as many as we can. But it should - be noted that there still do exist race conditions on certain + be noted that race conditions do still exist on certain architectures.

    -

    Architectures that use an on disk ScoreBoardFile have the potential - to corrupt their scoreboards. This can result in the "bind: +

    Architectures that use an on-disk ScoreBoardFile can potentially have + their scoreboards corrupted. This can result in the "bind: Address already in use" (after HUP) or "long lost child came home!" (after USR1). The former is a fatal error, while the latter just causes the server to lose a - scoreboard slot. So it might be advisable to use graceful + scoreboard slot. So it may be advisable to use graceful restarts, with an occasional hard restart. These problems are very difficult to work around, but fortunately most architectures do not require a scoreboard file. See the ScoreBoardFile documentation for a - architecture uses it.

    + module="mpm_common">ScoreBoardFile documentation for + architecture which uses it.

    All architectures have a small race condition in each child involving the second and subsequent requests on a persistent Modified: httpd/httpd/branches/2.2.x/docs/manual/vhosts/details.xml URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/docs/manual/vhosts/details.xml?rev=290427&r1=290426&r2=290427&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/vhosts/details.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/vhosts/details.xml Tue Sep 20 04:57:56 2005 @@ -191,6 +191,7 @@ KeepAliveTimeout, KeepAlive, MaxKeepAliveRequests, + ReceiveBufferSize, or SendBufferSize directive then the respective value is inherited from the main_server. (That is, inherited from whatever the final