httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From humbed...@apache.org
Subject svn commit: r1334622 [21/29] - in /httpd/site/trunk: cgi-bin/ content/ content/apreq/ content/apreq/docs/ content/apreq/docs/libapreq2/ content/contributors/ content/css/ content/dev/ content/dev/images/ content/dev/whiteboard/ content/docs-project/ co...
Date Sun, 06 May 2012 13:14:50 GMT
Propchange: httpd/site/trunk/content/images/asf_logo_wide.gif
------------------------------------------------------------------------------
    svn:mime-type = image/gif

Added: httpd/site/trunk/content/images/chuck.jpg
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/chuck.jpg?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/chuck.jpg
------------------------------------------------------------------------------
    svn:mime-type = image/jpeg

Added: httpd/site/trunk/content/images/coar.gif
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/coar.gif?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/coar.gif
------------------------------------------------------------------------------
    svn:mime-type = image/gif

Added: httpd/site/trunk/content/images/erik.jpg
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/erik.jpg?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/erik.jpg
------------------------------------------------------------------------------
    svn:mime-type = image/jpeg

Added: httpd/site/trunk/content/images/graybar.gif
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/graybar.gif?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/graybar.gif
------------------------------------------------------------------------------
    svn:mime-type = image/gif

Added: httpd/site/trunk/content/images/httpd_logo_wide.gif
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/httpd_logo_wide.gif?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/httpd_logo_wide.gif
------------------------------------------------------------------------------
    svn:mime-type = image/gif

Added: httpd/site/trunk/content/images/httpd_logo_wide.png
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/httpd_logo_wide.png?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/httpd_logo_wide.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: httpd/site/trunk/content/images/httpd_logo_wide.psd
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/httpd_logo_wide.psd?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/httpd_logo_wide.psd
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: httpd/site/trunk/content/images/kess.gif
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/kess.gif?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/kess.gif
------------------------------------------------------------------------------
    svn:mime-type = image/gif

Added: httpd/site/trunk/content/images/noirin.jpg
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/noirin.jpg?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/noirin.jpg
------------------------------------------------------------------------------
    svn:mime-type = image/jpeg

Added: httpd/site/trunk/content/images/orange_ball.gif
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/orange_ball.gif?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/orange_ball.gif
------------------------------------------------------------------------------
    svn:mime-type = image/gif

Added: httpd/site/trunk/content/images/pctony.jpg
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/pctony.jpg?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/pctony.jpg
------------------------------------------------------------------------------
    svn:mime-type = image/jpeg

Added: httpd/site/trunk/content/images/powered_by.gif
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/powered_by.gif?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/powered_by.gif
------------------------------------------------------------------------------
    svn:mime-type = image/gif

Added: httpd/site/trunk/content/images/rasmus.jpg
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/rasmus.jpg?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/rasmus.jpg
------------------------------------------------------------------------------
    svn:mime-type = image/jpeg

Added: httpd/site/trunk/content/images/rbowen.jpg
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/rbowen.jpg?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/rbowen.jpg
------------------------------------------------------------------------------
    svn:mime-type = image/jpeg

Added: httpd/site/trunk/content/images/small_feather.gif
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/small_feather.gif?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/small_feather.gif
------------------------------------------------------------------------------
    svn:mime-type = image/gif

Added: httpd/site/trunk/content/images/smiley.xbm
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/smiley.xbm?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/images/smiley.xbm (added)
+++ httpd/site/trunk/content/images/smiley.xbm Sun May  6 13:14:42 2012
@@ -0,0 +1,6 @@
+#define smily_width 16
+#define smily_height 16
+static char smily_bits[] = {
+ 0x00,0x00,0xe0,0x07,0x10,0x08,0x08,0x10,0x04,0x20,0x62,0x46,0x62,0x46,0x02,
+ 0x40,0x02,0x40,0x12,0x48,0x22,0x44,0xc4,0x23,0x08,0x10,0x10,0x08,0xe0,0x07,
+ 0x00,0x00};

Added: httpd/site/trunk/content/images/stein.jpg
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/images/stein.jpg?rev=1334622&view=auto
==============================================================================
Binary file - no diff available.

Propchange: httpd/site/trunk/content/images/stein.jpg
------------------------------------------------------------------------------
    svn:mime-type = image/jpeg

Added: httpd/site/trunk/content/index.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/index.mdtext?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/index.mdtext (added)
+++ httpd/site/trunk/content/index.mdtext Sun May  6 13:14:42 2012
@@ -0,0 +1,36 @@
+Title: Welcome!
+
+# The Number One HTTP Server On The Internet
+The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
+
+Apache httpd has been the most popular web server on the Internet since April 1996, and celebrated its 17th birthday as a project this February.
+
+The Apache HTTP Server ("httpd") is a project of [The Apache Software Foundation](http://www.apache.org/) .
+
+# Apache httpd 2.4.2 Released
+The Apache Software Foundation and the Apache HTTP Server Project are pleased to [announce](http://www.apache.org/dist/httpd/Announcement2.4.html) the release of version 2.4.2 of the Apache HTTP Server ("Apache"). This version of Apache is our 2nd GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project, and is recommended over all previous releases. This version of Apache is principally a security and bug fix release.
+
+This version of httpd is a major release of the 2.4 stable branch, and represents the best available version of Apache HTTP Server. [New features](docs/trunk/new_features_2_4.html) include Loadable MPMs, major improvements to OSCP support, mod_lua, Dynamic Reverse Proxy configuration, Improved Authentication/Authorization, FastCGI Proxy, New Expression Parser, and a Small Object Caching API.
+
+ [Download](download.cgi#apache24) | [New Features in httpd 2.4](docs/trunk/new_features_2_4.html) | [Complete ChangeLog for 2.4](http://www.apache.org/dist/httpd/CHANGES_2.4) | [ChangeLog for just 2.4.2](http://www.apache.org/dist/httpd/CHANGES_2.4.2) 
+
+# Apache httpd 2.2.22 Released
+The Apache HTTP Server Project is proud to [announce](http://www.apache.org/dist/httpd/Announcement2.2.html) the release of version 2.2.22 of the Apache HTTP Server ("httpd"). This version is principally a security and bugfix release. There is an offical [vulnerability list](http://httpd.apache.org/security/vulnerabilities_22.html) of those issues fixed in this release.
+
+This version of httpd is a major release of the 2.2 stable branch. [New features](docs/2.2/new_features_2_2.html) include Smart Filtering, Improved Caching, AJP Proxy, Proxy Load Balancing, Graceful Shutdown support, Large File Support, the Event MPM, and refactored Authentication/Authorization.
+
+ [Download](download.cgi) | [New Features in httpd 2.2](docs/2.2/new_features_2_2.html) | [ChangeLog for 2.2.22](http://www.apache.org/dist/httpd/CHANGES_2.2.22) | [Complete ChangeLog for 2.2](http://www.apache.org/dist/httpd/CHANGES_2.2) 
+
+# Apache httpd 2.0.64 Released
+The Apache HTTP Server Project [announces](http://www.apache.org/dist/httpd/Announcement2.0.html) the legacy release of version 2.0.64 of the Apache HTTP Server ("httpd").
+
+This version of httpd is principally a security and bugfix release.
+
+For further details, see the [announcement](http://www.apache.org/dist/httpd/Announcement2.0.html) .
+
+ [Download](download.cgi) | [New Features in httpd 2.0](docs/2.0/new_features_2_0.html) | [ChangeLog for 2.0.64](http://www.apache.org/dist/httpd/CHANGES_2.0.64) | [Complete ChangeLog for 2.0](http://www.apache.org/dist/httpd/CHANGES_2.0) 
+
+# Want to try out the Apache HTTP Server? 
+Great! We have updated our [download page](/download.cgi) in an effort to better utilize our mirrors. We hope that by making it easier to use our mirrors that we will be able to provide a better download experience.
+
+Please ensure that you [verify](/download.cgi#verify) your downloads using PGP or MD5 signatures

Propchange: httpd/site/trunk/content/index.mdtext
------------------------------------------------------------------------------
    svn:eol-style = native

Added: httpd/site/trunk/content/index.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/index.xml?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/index.xml (added)
+++ httpd/site/trunk/content/index.xml Sun May  6 13:14:42 2012
@@ -0,0 +1,116 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<document>
+  <properties>
+    <author email="docs@httpd.apache.org">Documentation Group</author>
+    <title>Welcome!</title>
+  </properties>
+<body>
+<section id="Welcome">
+<title>The Number One HTTP Server On The Internet</title>
+
+<p>The Apache HTTP Server Project is an effort to develop and maintain
+an open-source HTTP server for modern operating systems including UNIX
+and Windows NT. The goal of this project is to provide a secure,
+efficient and extensible server that provides HTTP services in sync
+with the current HTTP standards.</p>
+
+<p>Apache httpd has been the most popular web server on the Internet since
+April 1996, and celebrated its 17th birthday as a project this February.</p>
+
+<p>The Apache HTTP Server ("httpd") is a project of <a
+href="http://www.apache.org/">The Apache Software Foundation</a>.</p>
+</section>
+
+<section id="2.4.2" date="2012-04-17">
+<title>Apache httpd 2.4.2 Released</title>
+
+<p>
+   The Apache Software Foundation and the Apache HTTP Server Project are
+   pleased to <a href="http://www.apache.org/dist/httpd/Announcement2.4.html">announce</a>
+   the release of version 2.4.2 of the Apache
+   HTTP Server ("Apache").  This version of Apache is our 2nd GA
+   release of the new generation 2.4.x branch of Apache HTTPD and
+   represents fifteen years of
+   innovation by the project, and is recommended over all previous releases. This
+   version of Apache is principally a security
+   and bug fix release.
+</p>
+
+<p>This version of httpd is a major release of the 2.4 stable branch, and
+represents the best available version of Apache HTTP Server.
+<a href="docs/trunk/new_features_2_4.html">New features</a> include
+Loadable MPMs, major improvements to OSCP support, mod_lua, Dynamic
+Reverse Proxy configuration, Improved Authentication/Authorization,
+FastCGI Proxy, New Expression Parser, and a Small Object Caching API.</p>
+
+<p align="center">
+<a href="download.cgi#apache24">Download</a> |
+<a href="docs/trunk/new_features_2_4.html">New Features in httpd 2.4</a> |
+<a href="http://www.apache.org/dist/httpd/CHANGES_2.4">Complete ChangeLog for 2.4</a> |
+<a href="http://www.apache.org/dist/httpd/CHANGES_2.4.2">ChangeLog for just 2.4.2</a>
+</p>
+
+</section>
+
+<section id="2.2.22" date="2012-01-31">
+<title>Apache HTTP Server 2.2.22 Released</title>
+
+<p>The Apache HTTP Server Project is proud to
+<a href="http://www.apache.org/dist/httpd/Announcement2.2.html">announce</a>
+the release of version 2.2.22 of the Apache HTTP Server ("httpd").  This
+version is principally a security and bugfix release.  There is an offical
+<a href="http://httpd.apache.org/security/vulnerabilities_22.html"
+        >vulnerability list</a> of those issues fixed in this release.</p>
+
+<p>This version of httpd is a major release of the 2.2 stable branch.
+<a href="docs/2.2/new_features_2_2.html">New features</a> include
+Smart Filtering, Improved Caching, AJP Proxy, Proxy Load Balancing,
+Graceful Shutdown support, Large File Support, the Event MPM, and refactored
+Authentication/Authorization.</p>
+
+<p align="center">
+<a href="download.cgi">Download</a> |
+<a href="docs/2.2/new_features_2_2.html">New Features in httpd 2.2</a> |
+<a href="http://www.apache.org/dist/httpd/CHANGES_2.2.22">ChangeLog for 2.2.22</a> |
+<a href="http://www.apache.org/dist/httpd/CHANGES_2.2">Complete ChangeLog for 2.2</a>
+</p>
+
+</section>
+
+<section id="2.0.64" date="2010-10-19">
+<title>Apache httpd 2.0.64 Released</title>
+
+<p>The Apache HTTP Server Project
+   <a href="http://www.apache.org/dist/httpd/Announcement2.0.html">announces</a>
+   the legacy release of version 2.0.64 of the Apache HTTP Server
+   ("httpd").</p>
+
+<p>This version of httpd is principally a security and bugfix release.</p>
+
+<p>For further details, see the
+   <a href="http://www.apache.org/dist/httpd/Announcement2.0.html"
+     >announcement</a>.</p>
+
+<p align="center">
+<a href="download.cgi">Download</a> |
+<a href="docs/2.0/new_features_2_0.html">New Features in httpd 2.0</a> |
+<a href="http://www.apache.org/dist/httpd/CHANGES_2.0.64">ChangeLog for 2.0.64</a> |
+<a href="http://www.apache.org/dist/httpd/CHANGES_2.0">Complete ChangeLog for 2.0</a>
+</p>
+
+</section>
+
+<section id="Mirrors">
+<title>Want to try out the Apache HTTP Server?</title>
+
+<p>Great!  We have updated our <a href="/download.cgi">download page</a> in
+an effort to better utilize our mirrors.  We hope that by making it easier
+to use our mirrors that we will be able to provide a better download
+experience.</p>
+
+<p>Please ensure that you <a href="/download.cgi#verify">verify</a>
+your downloads using PGP or MD5 signatures!</p>
+</section>
+
+</body>
+</document>

Propchange: httpd/site/trunk/content/index.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: httpd/site/trunk/content/info/apache_books.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/info/apache_books.html?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/info/apache_books.html (added)
+++ httpd/site/trunk/content/info/apache_books.html Sun May  6 13:14:42 2012
@@ -0,0 +1,31 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<HTML>
+<HEAD>
+<TITLE>Books written about the Apache HTTP Server</TITLE>
+</HEAD>
+<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+<BODY
+ BGCOLOR="#FFFFFF"
+ TEXT="#000000"
+ LINK="#0000FF"
+ VLINK="#000080"
+ ALINK="#FF0000"
+>
+<DIV ALIGN="CENTER">
+ <IMG
+  SRC="../images/apache_sub.gif"
+  ALT="[APACHE HTTP SERVER BOOKS]"
+ >
+</DIV>
+
+<H1 ALIGN="CENTER">Books written about the Apache HTTP Server</H1>
+<P>Please go to <a href="http://www.apachebookstore.com/">www.apachebookstore.com</a>,
+   and select the <i>HTTP Server</i> section.
+</P>
+<HR>
+<P ALIGN="CENTER">
+<A HREF="/"><IMG SRC="../images/apache_home.gif" ALT="Home"></A>
+</P>
+
+</BODY>
+</HTML>

Propchange: httpd/site/trunk/content/info/apache_books.html
------------------------------------------------------------------------------
    svn:eol-style = native

Added: httpd/site/trunk/content/info/apache_on_linux.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/info/apache_on_linux.html?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/info/apache_on_linux.html (added)
+++ httpd/site/trunk/content/info/apache_on_linux.html Sun May  6 13:14:42 2012
@@ -0,0 +1,60 @@
+<HTML>
+<HEAD>
+<TITLE>Configuring linux to run Apache 0.8 +</TITLE>
+</HEAD>
+<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+<BODY
+ BGCOLOR="#FFFFFF"
+ TEXT="#000000"
+ LINK="#0000FF"
+ VLINK="#000080"
+ ALINK="#FF0000"
+>
+<DIV ALIGN="CENTER">
+<IMG
+ SRC="../images/apache_sub.gif"
+ ALT="[APACHE DOCUMENTATION]"
+>
+</DIV>
+
+<H3>Warning: this document has been unmaintained for a very long time.</H3>
+<P>
+<H1 ALIGN="CENTER">Configuring linux to run Apache 0.8 + with virtual hosts</H1>
+
+<P>Some advice on configuring Linux so that it can run <A HREF="/">Apache</A>
+and <A HREF="../docs/vhosts/">virtual hosts</A></P>
+
+<OL>
+  <LI>You'll need linux kernel <STRONG>1.2.x</STRONG> ( &gt;=5 recommended) and compile with the following options:
+  <PRE>
+	  CONFIG_MODVERSIONS=y
+	  CONFIG_NETDEVICES=y
+	  # CONFIG_DUMMY is not set          ( say no when configuring )</PRE>
+<BR><BR></LI>
+
+  <LI>make dep ; make zImage ; make modules ; make modules_install<BR><BR></LI>
+
+  <LI>cp /usr/src/linux/arch/i386/boot/zImage /vmlinuz<BR><BR></LI>
+
+  <LI>rdev -R /vmlinuz 1  ; lilo<BR><BR></LI>
+  <LI>reboot system <BR><BR></LI>
+  <LI>insmod -o dummy0 /lib/modules/1.2.x/net/dummy.o<BR><BR></LI>
+  <LI>ifconfig dummy0 200.200.200.50 up<BR>
+   NOTE: Make sure the IP address you choice is a valid one,
+   and not being used.
+  <BR><BR></LI>
+  <LI>arp -s &lt;ethernet address&gt; 200.200.200.50 netmask 255.255.255.255 pub<BR>
+  NOTE: the ethernet address of your ethernet card can be found if you
+  type ifconfig eth0.  First line, there are 6 hex numbers sepearted by 
+  ':'.  Use that.
+  <BR><BR></LI>
+  <LI>route add 200.200.200.50 dummy0<BR><BR></LI>
+  <LI>Add &lt;virtual host 200.200.200.50&gt; ..... &lt; /virtualhost&gt; to your httpd.conf file.<BR><BR></LI>
+  <LI>Add 200.200.200.50 to your /etc/hosts or DNS database files.<BR><BR></LI>
+  <LI>Repeat from <STRONG>Step 1.</STRONG> with dummy1 if so desired.<BR><BR></LI>
+</OL>
+
+<P>Good luck.</P>
+
+</BODY>
+</HTML>

Propchange: httpd/site/trunk/content/info/apache_on_linux.html
------------------------------------------------------------------------------
    svn:eol-style = native

Added: httpd/site/trunk/content/info/apache_users.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/info/apache_users.html?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/info/apache_users.html (added)
+++ httpd/site/trunk/content/info/apache_users.html Sun May  6 13:14:42 2012
@@ -0,0 +1,740 @@
+<HTML>
+<HEAD>
+<TITLE>Users of Apache</TITLE>
+</HEAD>
+<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+<BODY
+ BGCOLOR="#FFFFFF"
+ TEXT="#000000"
+ LINK="#0000FF"
+ VLINK="#000080"
+ ALINK="#FF0000"
+>
+<DIV ALIGN="CENTER">
+<IMG
+ SRC="../images/apache_sub.gif"
+ ALT="[APACHE DOCUMENTATION]"
+>
+</DIV>
+
+<H1 ALIGN="CENTER">
+The<BR>"Proud to run <A HREF="/">Apache</A>"<BR>list</H1>
+
+<P>
+This is a list of sites that <STRONG>asked</STRONG> to be recorded
+as running Apache.
+</P>
+
+<P>
+The list represents only a small fraction of the total number of sites
+that run Apache. See the link(s) at the bottom of this page for pointers
+to much larger lists.
+</P>
+
+<DL>
+<DT><A HREF="http://www.apache.org/">The Apache Project</A></DT>
+  <DD>The developers trust it  :-)</DD>
+
+<HR WIDTH="20%">
+
+<HR><P>
+<STRONG>
+<A HREF="#ahook">A</A> | <A HREF="#bhook">B</A> | <A HREF="#chook">C</A> | <A HREF="#dhook">D</A> | <A HREF="#ehook">E</A> | <A HREF="#fhook">F</A> | <A HREF="#ghook">G</A> | <A HREF="#hhook">H</A> | <A HREF="#ihook">I</A> | <A HREF="#jhook">J</A> | <A HREF="#khook">K</A> | <A HREF="#lhook">L</A> | <A HREF="#mhook">M</A> | <A HREF="#nhook">N</A> | <A HREF="#ohook">O</A> | <A HREF="#phook">P</A> | <A HREF="#qhook">Q</A> | <A HREF="#rhook">R</A> | <A HREF="#shook">S</A> | <A HREF="#thook">T</A> | <A HREF="#uhook">U</A> | <A HREF="#vhook">V</A> | <A HREF="#whook">W</A> | <A HREF="#xhook">X</A> | <A HREF="#yhook">Y</A> | <A HREF="#zhook">Z</A>
+</STRONG>
+<P><HR>
+
+<P><DT><STRONG>A...</STRONG></DT>
+
+<A NAME="ahook"></A>
+<DT><A HREF="http://www.abast.es/">Abast Systems, S.A.</A></DT>
+  <DD>An HP service provider at Barcelona</DD>
+
+<DT><A HREF="http://www.achilles.net/">Achilles Internet Ltd.</A></DT>
+  <DD>Internet Service and Presence Provider in Ottawa, Ontario, Canada.</DD>
+
+<DT><A HREF="http://www.adnet.ie/">Adnet - Ireland's Interactive Resource Directory</A></DT>
+  <DD>Fred Hanna's Bookstore, U2 Interview, Knickerbox Lingerie, the Explorer magazine, and much more...</DD>
+
+<DT><A HREF="http://www.adsweb.com/">ADSweb</A></DT>
+  <DD>A webspace provider in St. Louis, MO</DD>
+
+<DT><A HREF="http://www.advcs.com/">Advanced Computing Solutions</A></DT>
+  <DD>The best prices on software, hardware and related accessories on the 'Net!</DD>
+
+<DT><A HREF="http://nz.com/">Akiko International</A></DT>
+  <DD>New Zealand on the Web</DD>
+
+<DT><A HREF="http://ugweb.cs.ualberta.ca">University of Alberta Computing Science</A></DT>
+  <DD>University of Alberta Undergraduate Computing Science Labs</DD>
+
+<DT><A HREF="http://www.algonet.se">Algonet</A></DT>
+  <DD>Algonet - Your Internetsupplier in Sweden.</DD>
+
+<DT><A HREF="http://www.aros.net/">ArosNet</A></DT>
+  <DD>An ISP in Salt Lake City, UT.  Complete solutions for business.</DD>
+
+<DT><A HREF="http://www.atlantic.com/">Atlantic Computing Technology Corporation</A></DT>
+  <DD>An Internet consulting firm in Connecticut</DD>
+
+<DT><A HREF="http://www.nla.gov.au">National Library of Australia</A></DT>
+
+<DT><A HREF="http://ftp.ua.pt/">University of Aveiro Software Archive</A></DT>
+  <DD>The biggest software archive in Portugal</DD>
+
+<DT><A HREF="http://www.axxel.nl/">The Home of AXXEL.NL Internet</A></DT>
+  <DD>We trust the developers who trust Apache...:-)</DD>
+
+<A NAME="bhook"></A>
+<P><DT><STRONG>B...</STRONG></DT>
+
+<DT><A HREF="http://www.bns.ee/">Baltic News Service</A></DT>
+ <DD>Newswire about Baltics</DD>
+
+<DT><A HREF="http://www.blackhills.com/">Internet Services of the Black Hills</A></DT>
+  <DD>3 websites up, more to come ;-)</DD>
+
+
+<DT><A HREF="http://www.bayscenes.com/">BayScenes</A></DT>
+  <DD>Unique products and services of Northern California</DD>
+
+<DT><A HREF="http://BowlingGreen.KY.net/">Bowling Green, KY</A></DT>
+<DD>Bowling Green's Internet presence (<A HREF="http://www.KY.net/kiwi/">KIWI</A>)</DD>
+
+<DT><A HREF="http://www.telescope.org/">Bradford Robotic Telescope</A></DT>
+  <DD>An autonomous telescope controlled by the Web</DD>
+
+<DT><A HREF="http://www.buzznet.com/">Buzznet</A></DT>
+  <DD>The cultural voice of the online generation</DD>
+
+<A NAME="chook"></A>
+<P><DT><STRONG>C...</STRONG></DT>
+
+<DT><A HREF="http://www.epibiostat.ucsf.edu/">University of California San Francisco Department of Epidemiology and Biostatistics</A></DT>
+  <DD>Maintainers of the World Wide Web Virtual Library: Epidemiology Page</DD>
+
+<DT><A HREF="http://ucsee.EECS.Berkeley.EDU/">University of California Society of Electrical Engineers</A></DT>
+  <DD>Student-run server at the University of California at Berkeley.</DD>
+
+<DT><A HREF="http://www.caprica.com/">Caprica Internet Services</A></DT>
+  <DD>Southern California's Original Internet Provider!</DD>
+
+<DT><A HREF="http://www.cm.cf.ac.uk/">Cardiff University Computer Science</A></DT>
+  <DD>Home for the Interenet Movie Database and more.</DD>
+
+<DT><A HREF="http://www.careersite.com/">Virtual Resources' <EM>CareerSite</EM> employment service</A></DT>
+<DD>Concept&#173;based profile matching helps job hunters & human resources.</DD>
+
+<DT><A HREF="http://www.cetlink.net/">CetLink.Net</A></DT>
+  <DD>South Carolina ISP and advanced networking services company.</DD>
+
+<DT><A HREF="http://www.cistron.nl/">Cistron Internet Services</A></DT>
+  <DD>An independent Dutch Internet provider.</DD>
+
+<DT><A HREF="http://www.cityline.it">CityLine</A></DT>
+  <DD>Internet business service in Brescia (Italy)</DD>
+
+<DT><A HREF="http://www.dom.de/">DOM -&gt;Cologne - where else?</A></DT>
+  <DD>The best smelling machine on the WEB 8-()</DD>
+
+<DT><A HREF="http://www.cts.richmond.va.us/">Commonwealth Technical Services</A></DT>
+  <DD>Custom built computers, Web services, netowrking, etc...</DD>
+
+<DT><A HREF="http://www.c2.org/">Community ConneXion</A></DT>
+  <DD>ISP in Berkeley, CA. Specializes in privacy.</DD>
+
+<DT><A HREF="http://www.tcp.com/">The Commnet Projetc</A></DT>
+  <DD>Anime Archives, e-zines and personal web pages</DD>
+
+<DT><A HREF="http://www.compusult.nf.ca/">Compusult Limited</A></DT>
+    <DD>Software Development and Systems Integration</DD>
+
+<DT><A HREF="http://www.cdepot.net/">The Computer Depot</A></DT>
+  <DD>Amador County, California, Internet Provider</DD>
+
+<DT><A HREF="http://www.cforc.com/">Computers For Christ</A></DT>
+  <DD>Christian Computer Ministry</DD>
+
+<DT><A HREF="http://www.cst.com.au/">Creative Software Technologies</A></DT>
+  <DD>Videoconferencing and multimedia applications</DD>
+
+<DT><A HREF="http://www.univ-rennes1.fr/">CRI Universite de Rennes 1 (France)</A></DT>
+  <DD>Many thanks to the APACHE team.</DD>
+
+<DT><A HREF="http://cyberspc.mb.ca/">Cyberspace Online Information Services</A></DT>
+  <DD>ISP - Winnipeg, Manitoba, Canada</DD>
+
+<A NAME="dhook"></A>
+<P><DT><STRONG>D...</STRONG></DT>
+
+<DT><A HREF="http://www.dal.net/">The DALnet IRC Network</A></DT>
+ <DD>Friendly, easy-to-use, secure, fun Internet communication.</DD>
+
+<DT><A HREF="http://www.dataway.ch/">dataway</A></DT>
+  <DD>An Internet Service and WWW Provider in Winterthur, Switzerland.</DD>
+
+<DT><A HREF="http://www.davidbowie.com/">David Bowie Outside</A></DT>
+  <DD>Tour info, sound samples, concepts and other happenings<DD>
+
+<DT><A HREF="http://www.cardinal.wisc.edu/">The Digital Cardinal at the 
+UW-Madison</A></DT>
+  <DD>The UW-Madison's student newspaper</DD>
+
+<DT><A HREF="http://www.digimark.net/">Digital Marketing, Inc.</A></DT>
+  <DD>Comprehensive Internet Presence Services.</DD>
+
+<DT><A HREF="http://www.reflections.com.au">Digital Reflections</A></DT>
+  <DD>Giving YOU an Internet Presence.</DD>
+
+<DT><A HREF="http://www.daft.com/">Discordian Alliance For Teaching</A></DT>
+  <DD>Installation, maintenance and training for Information Publishing on the N
+  et.</DD>
+
+<DT><A HREF="http://www.discpro.org/">DISCovery Productions</A></DT>
+ <DD>Dedicated to regional and ethnic folk music (emphasis on Flamenco and Andean)</DD>
+
+<DT><A HREF="http://www.dragon.net.au/">Dragon Net</A></DT>
+  <DD>Internet Service Provider and Web Developers in Syndey, AUSTRALIA.
+
+<A NAME="ehook"></A>
+<P><DT><STRONG>E...</STRONG></DT>
+
+<DT><A HREF="http://www.ecstatic.com/">Ecstatic Communications</A></DT>
+  <DD>Multimedia Productions (Apache on MachTen 2.2 Unix on MacOs 7.5.1 Rules!)</DD>
+
+<DT><A HREF="http://www.ekspress.ee/">Eesti Ekspress</A></DT>
+ <DD>Estonian Ekspress - largest weekly newspaper in Estonia</DD>
+
+<DT><A HREF="http://www.efrei.fr/">EFREI</A></DT>
+  <DD>Ecole Francaise d'Electronique et d'Informatique - PARIS</DD>
+
+<DT><A HREF="http://www.empire.net/">Empire.Net, Inc.</A></DT>
+  <DD>Full Service WWW Hosting and Design Internet Provider</DD>
+
+<DT><A HREF="http://equinet.com/">EQUINET - Horses! on the Internet</A></DT>
+  <DD>Premier site for equestrian products, services and the buying &amp; selling horses.</DD>
+
+<DT><A HREF="http://www.esquadro.com.br/">Esquadro ISP</A></DT>
+  <DD>Internet Acess and Service Provider in Rio de Janeiro, Brazil:-)</DD>
+
+<DT><A HREF="http://travel.digit.ee/">Estonian Travel Guide</A></DT>
+ <DD>Your source to Estonian travel information</DD>
+
+<DT><A HREF="http://www.efi.joensuu.fi/">European Forest Institute</A></DT>
+  <DD>An independent non-governmental organization conducting European forest research</DD>
+
+<DT><A HREF="http://www.imec.be/europractice/europractice.html">The EUROPRACTICE Project</A></DT>
+  <DD>The Small Volume and Prototype Silicon Processing Initiative of the EEC</DD>
+
+<DT><A HREF="http://www.xtc.net/">Expanding Technologies</A></DT>
+  <DD>NorthEast Tennessee's hottest ISP / Web Developer</DD>
+
+<A NAME="fhook"></A>
+<P><DT><STRONG>F...</STRONG></DT>
+
+<DT><A HREF="http://www.flora.ottawa.on.ca/">Flora St. Community WEB</A></DT>
+  <DD>Home/volunteer site of consultant: Flora St,Ottawa,Canada.</DD>
+
+<DT><A HREF="http://www.teaser.fr/">France-Teaser</A><DT>
+  <DD>French Internet Service Provider</DD>
+
+<DT><A HREF="http://www.frankfurt.de/">Frankfurt Digital Marketplace</A></DT>
+  <DD>The Frankfurt server</DD>
+
+<DT><A HREF="http://www.freebsd.org/">FreeBSD</A></DT>
+  <DD>FreeBSD Web Site</DD>
+  
+<A NAME="ghook"></A>
+<P><DT><STRONG>G...</STRONG></DT>
+
+<DT><A HREF="http://www.galaxy.net/">Galaxy Networks</A></DT>
+  <DD>Internet Service Provider and Web Site in New Jersey</DD>
+
+<DT><A HREF="http://www.getnet.com/">GetNet International</A></DT>
+  <DD>Internet Service/Network/Presence Provider, Phoenix, AZ</DD>
+
+<DT><A HREF="http://www.gospelcom.net/">Gospel Communications Network</A></DT>
+  <DD>Online Christian Resources</DD>
+
+<DT><A HREF="http://bull.got.kth.se">BULL.GOT.KTH.SE</A></DT>
+ <DD>The student's server at the Gotland College of Higher Education</DD>
+
+<DT><A HREF="http://www.greyhawkes.com/">Greyhawkes Cyberservices</A></DT>
+  <DD> Web Services, Consulting & Training</DD>
+
+<A NAME="hhook"></A>
+<P><DT><STRONG>H...</STRONG></DT>
+
+<DT><A HREF="http://www.rvs.uni-hannover.de/">University of Hannover, RVS</A></DT>
+  <DD>Lehrgebiet Rechnernetze und Verteilte Systeme</DD>
+
+<DT><A HREF="http://harvard.net/">HarvardNET</A></DT>
+  <DD>Internet Service Provider in Boston, 5 BSDI Web Servers, 100+ virtual domains</DD>
+
+<DT><A HREF="http://www.hway.com/">Hiway Technologies, Inc.</A></DT>
+  <DD>Specializing in virtual domain web space rental.</DD>
+
+<DT><A HREF="http://www.ci.houston.tx.us">The City of Houston, Texas</A></DT>
+  <DD>The City of Houston, Texas WWW Server</DD>
+
+<DT> <A HREF="http://www.uth.tmc.edu/">The UT Houston Health Science Center</A>
+  <DD>Information Resources for UTH faculty, staff and students.
+
+<DT><A HREF="http://www.nightflight.com/">Home Page Services, Free Classified Ads</A></DT>
+  <DD>Low cost, high quality  :-)</DD>
+
+<DT><A HREF="http://www.station.net/">Hong Kong Internet Station</A></DT>
+  <DD>A ISP in Hong Kong. We run both Apache and Apache+SSL.</DD>
+
+<DT><A HREF="http://www.hotwired.com/">HotWired</A></DT>
+ <DD>No description necessary.</DD>
+
+<DT><A HREF="http://www.hyperreal.org/">Hyperreal</A></DT>
+ <DD>The Techno/Ambient/Alternative Culture Archives</DD>
+
+<DT><A HREF="http://www.hypersurf.com/">Hypersurf Internet Services</A></DT>
+  <DD>Hypersurf provides dialup, as well as web hosting to the East SF Bay Area</DD>
+
+<A NAME="ihook"></A>
+<P><DT><STRONG>I...</STRONG></DT>
+
+<DT><A HREF="http://www.IdeaCafe.com/">Idea Cafe</A></DT>
+  <DD>The Small Business Gathering Place...</DD>
+
+<DT><A HREF="http://www.io.com">Illuminati Online</A></DT>
+  <DD>The online services division of Steve Jackson Games</DD>
+
+<DT><A HREF="http://www.indra.com/">Indra's Net, Inc </A></DT>
+  <DD>An Internet access and Web presence provider based in Boulder,Colorado</DD>
+
+<DT><A HREF="http://www.InfoStreet.com/">InfoStreet, Inc.</A></DT>
+  <DD>Commercial Web Weaving and Web Hosting Provider specializing in turn key solutions</DD>
+
+<DT><A HREF="http://www.infinityweb.com/">InfinityWeb Communications</A></DT>
+    <DD>Design and/or Hosting with offices in Honolulu, Tampa, and Tucson.</DD>
+
+<DT><A HREF="http://www.InstantWeb.com/">Instant Web Sites</A></DT>
+  <DD>Fill in a simple form and instantly get your own Web site.</DD>
+
+<DT><A HREF="http://www.mineral.tu-freiberg.de/">Institute of Mineralogy</A></DT>
+  <DD>Freiberg University of Mining and Technology (Germany)</DD>
+
+<DT><A HREF="http://www.inta.net/">IntaNET Communications</A></DT>
+  <DD>After testing several servers, IntaNET chose Apache for its versatility and reliability.</DD>
+
+<DT><A HREF="http://www.nfld.com/">InterActions</A></DT>
+    <DD>Internet Service Provider, Mount Pearl, NF, Canada</DD>
+
+<DT><A HREF="http://www.icsi.net/">Internet Connect Services, Inc.</A></DT>
+  <DD>ICSI's Primary WWW Server - Running 40+ Virtual Domains</DD>
+
+<DT><A HREF="http://www.netdoor.com/">Internet Doorway, Inc</A></DT>
+   <DD>Internet Service Provider in Jackson, Mississippi</DD>
+
+<DT><A HREF="http://www.webnet.com.au/">Internet Interface Systems</A></DT>
+ <DD>ISP in Melbourne, Australia</DD>
+
+<DT><A HREF="http://uk.imdb.com/">Internet Movie Database (UK)</A></DT>
+ <DD>The web's biggest and best movie resource.</DD>
+
+<DT><A HREF="http://us.imdb.com/">Internet Movie Database (US)</A></DT>
+ <DD>The web's biggest and best movie resource.</DD>
+
+<DT><A HREF="http://www.spies.com/">The Internet Wiretap</A></DT>
+   <DD><A HREF="http://wiretap.spies.com">Electronic texts</A> and personal publishing.</DD>
+
+<DT><A HREF="http://www.interpac.net/">Inter-Pacific Networks</A></DT>
+  <DD>Big Island of Hawaii Premire Internet Service Provider</DD>
+
+<DT><A HREF="http://www.is.kiruna.se/">Information Society, Kiruna, Sweden</A></DT>
+<DD>Information should be free (and powered by Apache)</DD>
+
+<A NAME="jhook"></A>
+<P><DT><STRONG>J...</STRONG></DT>
+
+<DT><A HREF="http://www.ju.edu/">Jacksonville University</A></DT>
+  <DD>Making changes in College Education!</DD>
+
+<DT><A HREF="http://www.sjis.com">South Jersey Internet Services</A></DT>
+   <DD>Webmaster/Web Service Providers.  We love Apache!</DD>
+
+<A NAME="khook"></A>
+<P><DT><STRONG>K...</STRONG></DT>
+
+<DT><A HREF="http://www.kemmunet.net.mt/">Kemmunet Ltd</A></DT>
+  <DD>Kemmunet is an Internet Service Provider in the island.</DD>
+
+<DT> <A HREF="http://www.dbnet.ece.ntua.gr"> Knowledge and Data Base Systems Laboratory </A></DT>
+  <DD> based at the National Technical University of Athens, GREECE </DD>
+
+<A NAME="lhook"></A>
+<P><DT><STRONG>L...</STRONG></DT>
+ 
+<DT><A HREF="http://www.lansoft.com/">LANsoft U.S.A.</A></DT>
+  <DD>Commercial Email To Internet Provider</DD>
+
+<DT><A HREF="http://www.lls.se/">Lightning Line Service</A></DT>
+  <DD>Swedish Internet provider & WWW hotel located in Gothenburg</DD>
+
+<DT><A HREF="http://www.links.net/">Links from the Underground</A></DT>
+  <DD>A collection of writings and pointers from net.superstar Justin Hall</DD>
+
+<DT><A HREF="http://www.littleblue.com">Little Blue Productions</A></DT>
+  <DD>Web space provider in Kansas City, powered by Apache on Silcon Graphics.</DD>
+
+<DT><A HREF="http://xxx.lanl.gov/">XXX e-print archives at Los Alamos National Lab</A></DT>
+  <DD>Repository for electronic publishing in the fields of physics, math and more.</DD>
+
+<DT><A HREF="http://www.louisville.edu/">The University of Louisville</A></DT>
+  <DD>Univ. of Lou.  Louisville, KY.  Main WWW server.</DD>
+
+<DT><A HREF="http://www.lth.se/">Lund Institute of Technology</A></DT>
+  <DD>The technical faculty at Lund University in the south of Sweden</DD>
+
+<A NAME="mhook"></A>
+<P><DT><STRONG>M...</STRONG></DT>
+
+<DT><A HREF="http://www.madcap.com/">MadCap</A><DT>
+  <DD>A San Francisco Geek Arcology/Consulting Group</DD>
+
+<DT><A HREF="http://www.magpage.com/">The Magnetic Page</A></DT>
+  <DD>An internet service provider for Delaware, Maryland, and Pennsylvania.</DD>
+
+<DT><A HREF="http://WWW.Zmall.Com/">Mall of Cyberspace</A></DT>
+  <DD>Your Storefront on the Information Superhighway</DD>
+
+<DT><A HREF="http://www.mediabridge.com">Mediabridge Infosystems</A></DT>
+  <DD>Custom Web and other Internet servers</DD>
+
+<DT><A HREF="http://www.metwest.com/">Metwest.com</A></DT>
+  <DD>Commercial low cost web services Serving Metro-West/Boston.</DD>
+
+<DT><A HREF="http://www.ml.ee/">Microlink</A></DT>
+ <DD>Microlink computer manufacturer</DD>
+
+<DT><A HREF="http://www.mwci.net/">Midwest Communications Inc.</A></DT>
+  <DD>Nationwide Internet and Web Service Provider</DD>
+
+<DT><A HREF="http://www.state.net/">Minnesota OnLine</A></DT>
+  <DD>Minnesota's Premier Access Provider</DD>
+
+<DT><A HREF="http://www.msstate.edu/">Mississippi State University</A></DT>
+  <DD>US mirror of the Internet Movie Database and Fineart Forum online</DD>
+
+<DT><A HREF="http://www.modcomp.com/">MODCOMP</A></DT>
+  <DD>A vendor of realtime low-latency computer systems</DD>
+
+<DT><A HREF="http://jamcha.witness.com/">More Email BBS</A><DT>
+
+<DT><A HREF="http://www.musicblvd.com/">Music Boulevard</A></DT>
+  <DD>Music CDs, samples, magazines, and more</DD>
+
+<A NAME="nhook"></A>
+<P><DT><STRONG>N...</STRONG></DT>
+
+<DT><A HREF="http://www.netaxis.com/">NETAXIS</A></DT>
+  <DD>Your On-line Marketing and Communications Resource</DD>
+
+<DT><A HREF="http://Nettvik.no/">Nettvik</A></DT>
+  <DD>Norway's fastest growing town.</DD>
+
+<DT><A HREF="http://www.netway.it/">Netway Italia S.r.l.</A></DT>
+  <DD>Full Internet Service Provider, Naples, Italy</DD>
+
+<DT><A HREF="http://www.gatewy.net/"> New Orleans Gateway</A></DT>
+  <DD>New Orleans most affordable Full Internet Service.  Come visit us.</DD>
+
+<DT><A HREF="http://www.next.com.au">Next Online</A></DT>
+  <DD>Internet Presence Provider, Sydney, Australia</DD>
+
+<DT><A HREF="http://www.northsea.com/">North Sea, Ltd.</A></DT>
+  <DD>Internet-Based Health Care Analyis and Provider Management Systems.</DD>
+
+<DT><A HREF="http://marg.ntu.ac.uk/">Nottingham Trent University,Department of Manufacturing Engineering</A></DT>
+  <DD>Web server run by the Manufacturing Automation Research Group</DD>
+
+<DT><A HREF="http://nps.venture-web.or.jp">NPS Inc.</A></DT>
+  <DD>A Japanese trading company with anb internet twist.</DD>
+
+<DT><A HREF="http://www.cas.unt.edu/">The University of North Texas College of A
+rts and Sciences</A></DT>
+  <DD>Running under FreeBSD v2.x since apache_0.6.5.</DD>
+
+<DT><A HREF="http://www.nucleus.com/">Nucleus Inc.</A></DT>
+  <DD>Specializing in Web Advertising. Internet Provider for the Calgary Area</DD>
+
+<DT><A HREF="http://www.nueva.pvt.k12.ca.us/">The Nueva School</A></DT>
+  <DD>An independent K-8 school in Hillsborough, California.</DD>
+
+<A NAME="ohook"></A>
+<P><DT><STRONG>O...</STRONG></DT>
+
+<DT><A HREF="http://oasi.shiny.it/">OASI Association - Asti, Italy</A></DT>
+  <DD>The one and only I.T. power group in our town. Linux + little RAM = Apache :)</DD>
+
+<DT><A HREF="http://www.omnes.net/">Omnes</A></DT>
+  <DD>Omnes - global communications solutions</DD>
+
+<DT><A HREF="http://www.opencad.com/">OpenCAD International, Inc.</A></DT>
+   <DD>Web Prescence Providers in Santa Monica, California</DD>
+
+<DT><A HREF="http://www.organic.com/">Organic Online</A></DT>
+ <DD>Web Site Developers/Networked Hypermedia Designers</DD>
+
+<DT><A HREF="http://www.lib.ox.ac.uk/">Oxford University Libraries Automation Service</A></DT>
+  <DD>Running Apache under FreeBSD</DD>
+
+<A NAME="phook"></A>
+<P><DT><STRONG>P...</STRONG></DT>
+
+<DT><A HREF="http://www.pacinfo.com/">PacInfo</A></DT>
+  <DD>Internet Service Provider in Eugene, Oregon</DD>
+
+<DT><A HREF="http://www.pasadena.net/">Network Pasadena</A></DT>
+  <DD>Wide area network services, domestic and international.</DD>
+
+<DT><A HREF="http://www.passageway.com/">Passageway Communications</A></DT>
+  <DD>Calgary's Presence Provider</DD>
+
+<DT><A HREF="http://www.pair.com/">pair Networks</A></DT>
+  <DD>Web presence provider</DD>
+
+<DT><A HREF="http://www.pcug.co.uk/">PC User Group (UK)</A></DT>
+  <DD>The PC Users' Group in the UK</DD>
+
+<DT><A HREF="http://www.Phoenix.Volant.ORG">Phoenix Volant</A></DT>
+  <DD>A consulting service/personal site/webspace provider.</DD>
+
+<DT><A HREF="http://www.pindar.co.uk">Pindar plc</A></DT>
+  <DD>Printing company based in York, UK.</DD>
+
+<DT><A HREF="http://planet-hawaii.com/">Planet Hawaii</A></DT>
+  <DD>Hawaii's web site for travel, culture, business, and shopping information</DD>
+
+<DT><A HREF="http://pleasure.com/">Pleasure Unlimited</A></DT>
+  <DD>Your run of the mill adult site</DD>
+
+<DT><A HREF="http://www.programmers.net/">Programmer's WEB</A></DT>
+  <DD>The first italian WEB for developers</DD>
+
+<DT><A HREF="http://www.glue.umd.edu/">Project Glue</A></DT>
+  <DD>University of Maryland at College Park</DD>
+
+<A NAME="qhook"></A>
+<P><DT><STRONG>Q...</STRONG></DT>
+
+<DT><A HREF="http://www.quake.net/">QuakeNet Internet Services</A></DT>
+  <DD>We use Apache and CyberCash to make Internet Commerce a reality.</DD>
+
+<A NAME="rhook"></A>
+<P><DT><STRONG>R...</STRONG></DT>
+
+<DT><A HREF="http://www.ravens-nest.com/">The Raven's Nest</A></DT>
+  <DD>Design & develop corporate internet strategies and solutions</DD>
+
+<DT><A HREF="http://www.module.vympel.msk.ru/">Research Centre "Module"</A></DT>
+  <DD>Internet Service Provider in Moscow, Russia. Apache Project HTTP-mirror.</DD>
+
+<DT><A HREF="http://www.rsp.com.au/">Rising Sun Pictures</A></DT>
+  <DD>3D Animation and Visual Effects for Film and Television</DD>
+
+<DT><A HREF="http://inet-unx.unisys.nl/robegids/html/US/home.htm">The Rob&eacute Directory</A></DT>
+  <DD>The on-line database containing more than 110,000 companies in The Netherlands</DD>
+
+<A NAME="shook"></A>
+<P><DT><STRONG>S...</STRONG></DT>
+
+<DT><A HREF="http://sapo.ua.pt/">SAPO - Servidor de Apontadores Portugueses</A></DT>
+  <DD>Exhaustive list of Pointers to Portuguese Servers</DD>
+
+<DT><A HREF="http://www.pbm.com/">Shadow Island Games</A></DT>
+  <DD>A play-by-net gaming company</DD>
+
+<DT><A HREF="http://www.siam.net/">SiamGuide to Thailand</A></DT>
+  <DD>Commercial Web Development service in Thailand  :-)</DD>
+
+<DT><A HREF="http://www.sierraclub.org/">Sierra Club</A></DT>
+  <DD>A non-profit organization promoting conservation of the environment</DD>
+
+<DT><A HREF="http://www.skynet.ie/">Skynet</A></DT>
+  <DD>The University of Limerick Comp. Soc., appreciating Apache's performance</DD>
+
+<DT><A HREF="http://soilcrop.tamu.edu">Soil & Crop Sciences, TAMU</A></DT>
+  <DD>The departmental WWW server of Soil & Crop Sciences dept. at Texas A&M</DD>
+
+<DT><A HREF="http://www.sonoma.net/">Sonoma.Net</A></DT>
+  <DD>An ISP hosting a growing list of different Websites...</DD>
+
+<DT><A HREF="http://www.stel.com">Stanford Telecommunications Inc.,</A></DT>
+  <DD>Bringing you the world of communications through wireless and Web services.</DD>
+
+<DT><A HREF="http://www.Stardot.com/">Stardot Consulting</A></DT>
+  <DD>Political resources and consulting on the Web</DD>
+
+<DT><A HREF="http://www.stonesworld.com/">Stones World</A></DT>
+  <DD>Tour info, sound samples, audio/video streams, and happenings<DD>
+
+<DT><A HREF="http://www.dis.strath.ac.uk/">Information Science at Strathclyde University</A></DT>
+ <DD>A surprisingly busy little site in Scotland.</DD>
+
+<DT><A HREF="http://www.suck.com/">Suck</A></DT>
+     <DD>Hindenburg. Titanic. Edsel. Suck.</DD>
+
+<DT><A HREF="http://www.ee.ethz.ch/">Department of Electrical Engineering, Swiss Federal Institute of Technology Zurich</A></DT>
+  <DD>Only the best is good enough ...</DD>
+
+<DT><A HREF="http://www.sjs.com/">sjs.com</A></DT>
+  <DD>Systems & Network Consultant in Central Massachusetts</DD>
+
+<DT><A HREF="http://www.skl.com/">Systems Knowledge Link</A></DT>
+  <DD>A full service Internet Provider in West Hill, Ontario  :-)</DD>
+
+<A NAME="thook"></A>
+<P><DT><STRONG>T...</STRONG></DT>
+
+<DT><A HREF="http://www.tbi.net/">Tampa Bay Interactive</A></DT>
+  <DD>Quality Counts!</DD>
+
+<DT><A HREF="http://www.ton.tut.fi/"></A></DT>
+  <DD>Tampere District Student Housing Foundation (TOAS)</DD>
+
+<DT><A HREF="http://www.targed.org.uk">TARGED North West Wales Training & Enterprise Council Ltd</A></DT>
+  <DD>Linux based Apache server.</DD>
+
+<DT><A HREF="http://www.tecnet.com/">TECNET</A></DT>
+  <DD>The Worldwide Classifieds for New and Used Hi-Tech Equipment</DD>
+
+<DT><A HREF="http://www.teksouth.com/">Teksouth Corporation</A></DT>
+  <DD>Network printing products and high-tech personnel services.</DD>
+
+<DT><A HREF="http://www.telebase.com/">Telebase Systems</A></DT>
+  <DD>Information providers to the world</DD>
+
+<DT><A HREF="http://www.tembel.org/">Tembel's Hedonic Commune</A></DT>
+  <DD>Tembel's Hedonic Commune external server (also used internally).</DD>
+
+<DT><A HREF="http://stimpy.music.ua.edu/">TEMPUS - The University of Alabama Sch
+ool of Music</A></DT>
+  <DD>Perhaps the oldest web server in the state of Alabama</DD>
+
+<DT><A HREF="http://www.terraware.net/">TerraWare Systems</A></DT>
+  <DD>Making software that is biodegradable and containing no Phosphates!</DD>
+
+<DT><A HREF="http://www.metronet.com/">Texas Metronet</A></DT>
+  <DD>Internet Service Provider for Dallas/Fort Worth</DD>
+
+<DT><A HREF="http://trex.org">Trex, The place to visit</A></DT>
+  <DD>a Full Service BBS and much more. Runs on a Solbourn 5e/602</DD>
+
+<DT><A HREF="http://troubador.com/">Troubador Systems Web Sites and Business Packages</A></DT>
+  <DD>Personalized Service!!! for real...  :-)</DD>
+
+<DT><A HREF="http://www.uniserve.com/">TVS-UNIServe</A></DT>
+  <DD>ISP and Web site developer for Vancouver</DD>
+
+<A NAME="uhook"></A>
+<P><DT><STRONG>U...</STRONG></DT>
+
+<DT><A HREF="http://xweb.com">Universal Algorithms, Inc.</A></DT>
+  <DD>CollegeNET, Precision Guides, Schedule25, Equinet</DD>
+
+<DT><A HREF="http://wwwedms.redstone.army.mil">US Army JEDMICS EDMS Program Office</A></DT>
+  <DD>Engineering Data Management Systems, Redstone Arsenal, Alabama</DD>
+
+<DT><A HREF="http://www.uu.net">UUNET/AlterNet technologies</A></DT>
+  <DD>Internet Service Provider</DD>
+
+<A NAME="vhook"></A>
+<P><DT><STRONG>V...</STRONG></DT>
+
+<DT><A HREF="http://www.vicksburg.com/">Vicksburg Online</A></DT>
+  <DD>Vicksburg, MS. Internet Service Provider</DD>
+
+<DT><A HREF="http://iuinfo.tuwien.ac.at/">Univ. of Technology Vienna, Dept's Support</A></DT>
+  <DD>IU Info Service, Campus Software Service, Goodie Domain Service, Platform Support S.</DD>
+
+<DT><A HREF="http://www.v-site.net/">Virtual Sites</A></DT>
+  <DD>A sense of Place in Cyberspace </DD>
+
+<DT><A HREF="http://www.vrx.net/">VRx Network Services INC.</A></DT>
+  <DD>Internet Solutions Provider in Toronto, CANADA</DD>
+
+<A NAME="whook"></A>
+<P><DT><STRONG>W...</STRONG></DT>
+
+<DT><A HREF="http://www.law.washington.edu/">The University of Washington School of Law</A></DT>
+  <DD>Linux-based Apache server since 0.6.2...</DD>
+
+<DT><A HREF="http://www.wadesign.co.uk/">WebArt Design</A></DT>
+  <DD>Providing Internet and Web solutions to business. Located in the UK</DD>
+
+<DT><A HREF="http://www.webpub.com/">Web Publishers</A></DT>
+  <DD>A Commercial Web Service Provider specializing in high-end clients.</DD>
+
+<DT><A HREF="http://websmith.ca/">The WebSmith Group</A></DT>
+ <DD>Web site hosting and authoring, located in Ottawa, Ontario</DD>
+
+<DT><A HREF="http://www.win-uk.net/">WinNET Communications Ltd</A></DT>
+  <DD>Internet Provider in the UK</DD>
+
+<DT><A HREF="http://wwns.com/wwns/">World Wide Network Services</A><DT>
+  <DD>An Internet Presence Provider.  "Creating Your Image For The World" </DD>
+
+<A NAME="xhook"></A>
+<P><DT><STRONG>X...</STRONG></DT>
+<DT><A HREF="http://www.xensei.com/">Xensei</A></DT>
+  <DD>The Xensei Corp.  Webmasters/ISP who love Apache.</DD>
+
+<A NAME="yhook"></A>
+
+<A NAME="zhook"></A>
+<P><DT><STRONG>Z...</STRONG></DT>
+
+<DT><A HREF="http://www.zycad.com/">Zycad</A></DT>
+  <DD>Suppliers of EDA acceleration products</DD>
+
+<DT><A HREF="http://www.zyzzyva.com/">Zyzzyva Enterprises</A></DT>
+  <DD>Commercial Web Development Services</DD>
+
+</DL>
+
+
+<HR><P>
+<STRONG>
+<A HREF="#ahook">A</A> | <A HREF="#bhook">B</A> | <A HREF="#chook">C</A> | <A HREF="#dhook">D</A> | <A HREF="#ehook">E</A> | <A HREF="#fhook">F</A> | <A HREF="#ghook">G</A> | <A HREF="#hhook">H</A> | <A HREF="#ihook">I</A> | <A HREF="#jhook">J</A> | <A HREF="#khook">K</A> | <A HREF="#lhook">L</A> | <A HREF="#mhook">M</A> | <A HREF="#nhook">N</A> | <A HREF="#ohook">O</A> | <A HREF="#phook">P</A> | <A HREF="#qhook">Q</A> | <A HREF="#rhook">R</A> | <A HREF="#shook">S</A> | <A HREF="#thook">T</A> | <A HREF="#uhook">U</A> | <A HREF="#vhook">V</A> | <A HREF="#whook">W</A> | <A HREF="#xhook">X</A> | <A HREF="#yhook">Y</A> | <A HREF="#zhook">Z</A>
+</STRONG>
+<P><HR>
+
+<P>Send additions to <A HREF="mailto:running-apache@zyzzyva.com">running-apache@zyzzyva.com</A>,
+in the form of HTML &lt;DT&gt; and &lt;DD&gt; entries, e.g.
+
+<PRE>
+&lt;DT&gt;&lt;A HREF="http://www.apache.org/"&gt;The Apache Project&lt;/A&gt;&lt;/DT&gt;
+  &lt;DD&gt;The developers trust it  :-)&lt;/DD&gt;
+</PRE>
+
+<P>Any description over 80 characters will be truncated.</P>
+
+<P>See <A HREF="http://www.netcraft.com/Survey">http://www.netcraft.com/Survey</A> for Netcraft's survey of Apache (and other servers) usage.</P>
+
+<HR>
+<P><STRONG>Disclaimer</STRONG>: just because these sites run Apache, doesn't 
+imply they offer good services, or that the Apache Project associates
+themsleves with the companies/organizations we list.</P>
+
+<HR>
+
+<P>Help spread the word... feel free to use the "Powered by Apache" logo (below) on your pages.</P>
+
+<P ALIGN="CENTER"><A HREF="../images/apache_pb.gif"><IMG BORDER=0
+SRC="../images/apache_pb.gif" ALT="Powered by Apache" WIDTH="259" HEIGHT="32"></A>
+</P>
+
+<HR>
+
+<P ALIGN="CENTER">
+<A HREF="/"><IMG SRC="../images/apache_home.gif" ALT="Home"></A>
+</P>
+
+
+</BODY>
+</HTML>

Propchange: httpd/site/trunk/content/info/apache_users.html
------------------------------------------------------------------------------
    svn:eol-style = native

Added: httpd/site/trunk/content/info/css-security/apache_1.3.11_css_patch.txt
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/info/css-security/apache_1.3.11_css_patch.txt?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/info/css-security/apache_1.3.11_css_patch.txt (added)
+++ httpd/site/trunk/content/info/css-security/apache_1.3.11_css_patch.txt Sun May  6 13:14:42 2012
@@ -0,0 +1,581 @@
+This patch is against Apache 1.3.11.  It may be updated as the situation
+warrants.
+
+Last updated: Wed Feb  2 01:09:23 MST 2000
+
+Index: htdocs/manual/mod/core.html
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/core.html,v
+retrieving revision 1.162
+diff -u -r1.162 core.html
+--- core.html	2000/01/18 19:32:49	1.162
++++ core.html	2000/02/02 07:59:17
+@@ -23,6 +23,8 @@
+ <UL>
+ <LI><A HREF="#accessconfig">AccessConfig</A>
+ <LI><A HREF="#accessfilename">AccessFileName</A>
++<LI><A HREF="#adddefaultcharset">AddDefaultCharset</A>
++<LI><A HREF="#adddefaultcharsetname">AddDefaultCharsetName</A>
+ <LI><A HREF="#addmodule">AddModule</A>
+ <LI><A HREF="#allowoverride">AllowOverride</A>
+ <LI><A HREF="#authname">AuthName</A>
+@@ -162,6 +164,42 @@
+ &lt;Directory /&gt;<BR>
+ AllowOverride None<BR>
+ &lt;/Directory&gt;</CODE></BLOCKQUOTE><P><HR>
++
++<H2><A NAME="adddefaultcharset">AddDefaultCharset directive</A></H2>
++<A HREF="directive-dict.html#Syntax" REL="Help"><STRONG>Syntax:</STRONG></A> 
++AddDefaultCharset <EM>on / off</EM><BR>
++<A HREF="directive-dict.html#Context" REL="Help" ><STRONG>Context:</STRONG></A> 
++all<BR>
++<A HREF="directive-dict.html#Status" REL="Help" ><STRONG>Status:</STRONG></A> 
++core<BR>
++<A HREF="directive-dict.html#Default" REL="Help"><STRONG>Default:</STRONG></A>
++<CODE>AddDefaultCharset off</CODE><BR>
++<A HREF="directive-dict.html#Compatibility" REL="Help"><STRONG>Compatibility:
++</STRONG></A> AddDefaultCharset is only available in Apache 1.3.12 and later<P>
++If enabled, any response that does not have any parameter on the content 
++type in the HTTP headers will have a charset parameter added specifying 
++the character set the client should use for the document.  This will 
++override any character set specified in the body of the document via a 
++<CODE>META</CODE> tag.  The character set added is specified by the 
++<CODE>AddDefaultCharsetName</CODE> directive.
++<P><HR>
++
++<H2><A NAME="adddefaultcharsetname">AddDefaultCharsetName directive</A></H2>
++<A HREF="directive-dict.html#Syntax" REL="Help"><STRONG>Syntax:</STRONG></A> 
++AddDefaultCharsetName <EM>charset</EM><BR>
++<A HREF="directive-dict.html#Context" REL="Help" ><STRONG>Context:</STRONG></A> 
++all<BR>
++<A HREF="directive-dict.html#Status" REL="Help" ><STRONG>Status:</STRONG></A> 
++core<BR>
++<A HREF="directive-dict.html#Default" REL="Help"><STRONG>Default:</STRONG></A>
++<CODE>AddDefaultCharsetName iso-8859-1</CODE><BR>
++<A HREF="directive-dict.html#Compatibility" REL="Help"><STRONG>Compatibility:
++</STRONG></A> AddDefaultCharsetName is only available in Apache 1.3.12 and 
++later<P>
++This directive specifies the name of the character set that will be added
++if the <A HREF="#adddefaultcharset">AddDefaultCharset</A> directive is 
++enabled.
++<P><HR>
+ 
+ <H2><A NAME="addmodule">AddModule directive</A></H2>
+ <!--%plaintext &lt;?INDEX {\tt AddModule} directive&gt; -->
+Index: htdocs/manual/mod/directives.html
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/directives.html,v
+retrieving revision 1.60
+diff -u -r1.60 directives.html
+--- directives.html     1999/12/19 16:34:32     1.60
++++ directives.html     2000/02/02 08:09:07
+@@ -30,6 +30,9 @@
+ <LI><A HREF="mod_autoindex.html#addalt">AddAlt</A>
+ <LI><A HREF="mod_autoindex.html#addaltbyencoding">AddAltByEncoding</A>
+ <LI><A HREF="mod_autoindex.html#addaltbytype">AddAltByType</A>
++<LI><A HREF="mod_mime.html#addcharset">AddCharset</A>
++<LI><A HREF="core.html#adddefaultcharset">AddDefaultCharset</A>
++<LI><A HREF="core.html#adddefaultcharsetname">AddDefaultCharsetName</A>
+ <LI><A HREF="mod_autoindex.html#adddescription">AddDescription</A>
+ <LI><A HREF="mod_mime.html#addencoding">AddEncoding</A>
+ <LI><A HREF="mod_mime.html#addhandler">AddHandler</A>
+Index: htdocs/manual/mod/mod_include.html
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/mod_include.html,v
+retrieving revision 1.23
+diff -u -r1.23 mod_include.html
+--- mod_include.html	1998/09/17 12:06:40	1.23
++++ mod_include.html	2000/02/02 07:59:18
+@@ -89,15 +89,34 @@
+ routine when printing dates.
+ </DL>
+ 
++<A NAME="echo">
+ <DT><STRONG>echo</STRONG>
+ <DD>
+ This command prints one of the include variables, defined below.
+ If the variable is unset, it is printed as <CODE>(none)</CODE>.
+ Any dates printed are subject to the currently configured <CODE>timefmt</CODE>.
++
+ Attributes:
+ <DL>
+ <DT>var
+ <DD>The value is the name of the variable to print.
++<DT>encoding 
++<DD>Specifies how Apache should encode special characters contained
++in the variable before outputting them.  If set to "none", no encoding
++will be done.  If set to "url", then URL encoding (also known as
++%-encoding; this is appropriate for use within URLs in links, etc.)
++will be performed.  At the start of an <CODE>echo</CODE> element,
++the default is set to "entity", resulting in entity encoding (which
++is appropriate in the context of a block-level HTML element, eg.
++a paragraph of text).  This can be changed by adding an
++<CODE>encoding</CODE> attribute, which will remain in effect until
++the next <CODE>encoding</CODE> attribute is encountered or the
++element ends, whichever comes first.  Note that only special
++characters as defined in the ISO-8859-1 character encoding will be
++encoded.  This encoding process may not have the desired result if
++a different character encoding is in use.  Apache 1.3.12 and above; previous
++versions do no encoding.
++
+ </DL>
+ 
+ <DT><STRONG>exec</STRONG>
+@@ -181,7 +200,9 @@
+ 
+ <DT><STRONG>printenv</STRONG>
+ <DD>This prints out a listing of all existing variables and their values.
+-    No attributes.
++   Starting with Apache 1.3.12, special characters are entity encoded (see the 
++   <A HREF="#echo"><CODE>echo</CODE></A> element for details) before being
++   output.  No attributes.
+ <DD>For example: <CODE>&lt;!--#printenv --&gt;</CODE>
+ <DD>Apache 1.2 and above.
+ 
+Index: src/CHANGES
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
+retrieving revision 1.1502
+diff -u -r1.1502 CHANGES
+--- CHANGES     2000/01/18 17:12:13     1.1502
++++ CHANGES     2000/02/02 08:09:11
+@@ -1,3 +1,31 @@
++Changes with Apache 1.3.12
++
++  *) Add an explicit charset=iso-8859-1 to pages generated by
++     ap_send_error_response(), such as the default 404 page.
++     [Marc Slemko]
++
++  *) Add the AddDefaultCharset and AddDefaultCharsetName directives.  
++     These allow you to tell Apache to specify the given character
++     set on any document that does not have one explicitly specified in 
++     the headers.  [Marc Slemko]
++
++  *) Properly escape various messages output to the client from a number
++     of modules and places in the core code.  [Marc Slemko]
++
++  *) Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to
++     not consider any parameters such as charset when making decisions 
++     based on content type.  This does remove some functionality for 
++     some users, but means that when these modules are configured to do 
++     particular things with particular MIME types, the charset should 
++     not be included.  A better way of addressing this for users who 
++     want to set things on a per charset basis is necessary in the future.  
++     [Marc Slemko]
++
++  *) mod_include now entity encodes output from "printenv" and "echo var"
++     by default.  The encoding for "echo var" can be set to URL encoding
++     or no encoding using the new "encoding" attribute to the echo tag.
++     [Marc Slemko]
++
+ Changes with Apache 1.3.11
+ 
+   *) MPE builds are no longer stripped, which caused the executable
+Index: src/include/http_core.h
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/include/http_core.h,v
+retrieving revision 1.59
+diff -u -r1.59 http_core.h
+--- http_core.h	1999/06/28 22:38:25	1.59
++++ http_core.h	2000/02/02 07:59:24
+@@ -243,6 +243,15 @@
+      */
+     unsigned d_is_fnmatch : 1;
+ 
++    /* should we force a charset on any outgoing parameterless content-type?
++     * if so, which charset?
++     */
++#define ADD_DEFAULT_CHARSET_OFF   (0)
++#define ADD_DEFAULT_CHARSET_ON    (1)
++#define ADD_DEFAULT_CHARSET_UNSET (2)
++    unsigned add_default_charset : 2;
++    char *add_default_charset_name;
++
+     /* System Resource Control */
+ #ifdef RLIMIT_CPU
+     struct rlimit *limit_cpu;
+Index: src/include/httpd.h
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v
+retrieving revision 1.303
+diff -u -r1.303 httpd.h
+--- httpd.h	2000/01/30 19:46:11	1.303
++++ httpd.h	2000/02/02 07:59:24
+@@ -409,6 +409,12 @@
+ #endif /* default limit on number of request header fields */
+ 
+ /*
++ * The default default character set name to add if AddDefaultCharset is 
++ * enabled.  Overridden with AddDefaultCharsetName.
++ */
++#define DEFAULT_ADD_DEFAULT_CHARSET_NAME "iso-8859-1"
++
++/*
+  * The below defines the base string of the Server: header. Additional
+  * tokens can be added via the ap_add_version_component() API call.
+  *
+Index: src/main/http_core.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/main/http_core.c,v
+retrieving revision 1.277
+diff -u -r1.277 http_core.c
+--- http_core.c	2000/01/11 14:13:40	1.277
++++ http_core.c	2000/02/02 07:59:25
+@@ -154,6 +154,9 @@
+ 
+     conf->server_signature = srv_sig_unset;
+ 
++    conf->add_default_charset = ADD_DEFAULT_CHARSET_UNSET;
++    conf->add_default_charset_name = DEFAULT_ADD_DEFAULT_CHARSET_NAME;
++
+     return (void *)conf;
+ }
+ 
+@@ -281,6 +284,14 @@
+ 	conf->server_signature = new->server_signature;
+     }
+ 
++    if (new->add_default_charset != ADD_DEFAULT_CHARSET_UNSET) {
++	conf->add_default_charset = new->add_default_charset;
++    }
++
++    if (new->add_default_charset_name) {
++	conf->add_default_charset_name = new->add_default_charset_name;
++    }
++
+     return (void*)conf;
+ }
+ 
+@@ -1035,6 +1046,28 @@
+ }
+ #endif /*GPROF*/
+ 
++static const char *set_add_default_charset(cmd_parms *cmd, 
++	core_dir_config *d, int arg)
++{
++    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
++    if (err != NULL) {
++        return err;
++    }
++    d->add_default_charset = arg != 0;
++    return NULL;
++}
++
++static const char *set_add_default_charset_name(cmd_parms *cmd, 
++	core_dir_config *d, char *arg)
++{
++    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
++    if (err != NULL) {
++        return err;
++    }
++    d->add_default_charset_name = arg;
++    return NULL;
++}
++
+ static const char *set_document_root(cmd_parms *cmd, void *dummy, char *arg)
+ {
+     void *sconf = cmd->server->module_config;
+@@ -2786,6 +2819,10 @@
+ { "GprofDir", set_gprof_dir, NULL, RSRC_CONF, TAKE1,
+   "Directory to plop gmon.out files" },
+ #endif
++{ "AddDefaultCharset", set_add_default_charset, NULL, OR_FILEINFO, FLAG,
++  "whether or not to add a default charset to any Content-Type without one" },
++{ "AddDefaultCharsetName", set_add_default_charset_name, NULL, OR_FILEINFO, 
++  TAKE1, "The name of the charset to add if AddDefaultCharset is enabled" },
+ 
+ /* Old resource config file commands */
+   
+Index: src/main/http_log.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/main/http_log.c,v
+retrieving revision 1.82
+diff -u -r1.82 http_log.c
+--- http_log.c	2000/01/31 22:24:07	1.82
++++ http_log.c	2000/02/02 07:59:25
+@@ -487,7 +487,8 @@
+     if (((level & APLOG_LEVELMASK) <= APLOG_WARNING)
+ 	&& (ap_table_get(r->notes, "error-notes") == NULL)) {
+ 	ap_table_setn(r->notes, "error-notes",
+-		      ap_pvsprintf(r->pool, fmt, args));
++		      ap_escape_html(r->pool, ap_pvsprintf(r->pool, fmt, 
++		      args)));
+     }
+     va_end(args);
+ }
+Index: src/main/http_protocol.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/main/http_protocol.c,v
+retrieving revision 1.286
+diff -u -r1.286 http_protocol.c
+--- http_protocol.c	2000/01/11 14:13:41	1.286
++++ http_protocol.c	2000/02/02 07:59:28
+@@ -103,6 +103,35 @@
+ 
+ #endif /*CHARSET_EBCDIC*/
+ 
++/*
++ * Builds the content-type that should be sent to the client from the
++ * content-type specified.  The following rules are followed:
++ *    - if type is NULL, type is set to ap_default_type(r)
++ *    - if charset adding is disabled, stop processing and return type.
++ *    - then, if there are no parameters on type, add the default charset
++ *    - return type
++ */
++static const char *make_content_type(request_rec *r, const char *type) {
++    const char *i;
++    core_dir_config *conf = (core_dir_config *)ap_get_module_config(
++	r->per_dir_config, &core_module);
++    if (!type) type = ap_default_type(r);
++    if (conf->add_default_charset != ADD_DEFAULT_CHARSET_ON) return type;
++
++    i = type;
++    while (*i && *i != ';') i++;
++    if (*i && *i == ';') {
++	/* already has parameter, do nothing */
++	/* XXX should check for actual charset=, but then we need real 
++	 * parsing code 
++	 */
++    } else {
++	type = ap_pstrcat(r->pool, type, "; charset=", 
++	    conf->add_default_charset_name, NULL);
++    }
++    return type;
++}
++
+ static int parse_byterange(char *range, long clength, long *start, long *end)
+ {
+     char *dash = strchr(range, '-');
+@@ -265,7 +294,7 @@
+     }
+ 
+     if (r->byterange > 1) {
+-        const char *ct = r->content_type ? r->content_type : ap_default_type(r);
++        const char *ct = make_content_type(r, r->content_type);
+         char ts[MAX_STRING_LEN];
+ 
+         ap_snprintf(ts, sizeof(ts), "%ld-%ld/%ld", range_start, range_end,
+@@ -1636,10 +1665,8 @@
+         ap_table_setn(r->headers_out, "Content-Type",
+                   ap_pstrcat(r->pool, "multipart", use_range_x(r) ? "/x-" : "/",
+                           "byteranges; boundary=", r->boundary, NULL));
+-    else if (r->content_type)
+-        ap_table_setn(r->headers_out, "Content-Type", r->content_type);
+-    else
+-        ap_table_setn(r->headers_out, "Content-Type", ap_default_type(r));
++    else ap_table_setn(r->headers_out, "Content-Type", make_content_type(r, 
++	r->content_type));
+ 
+     if (r->content_encoding)
+         ap_table_setn(r->headers_out, "Content-Encoding", r->content_encoding);
+@@ -2550,7 +2577,7 @@
+         r->content_languages = NULL;
+         r->content_encoding = NULL;
+         r->clength = 0;
+-        r->content_type = "text/html";
++        r->content_type = "text/html; charset=iso-8859-1";
+ 
+         if ((status == METHOD_NOT_ALLOWED) || (status == NOT_IMPLEMENTED))
+             ap_table_setn(r->headers_out, "Allow", make_allow(r));
+Index: src/main/util.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/main/util.c,v
+retrieving revision 1.176
+diff -u -r1.176 util.c
+--- util.c	2000/01/12 20:57:48	1.176
++++ util.c	2000/02/02 07:59:29
+@@ -127,6 +127,8 @@
+ {
+     const char *semi;
+ 
++    if (intype == NULL) return NULL;
++
+     semi = strchr(intype, ';');
+     if (semi == NULL) {
+ 	return ap_pstrdup(p, intype);
+Index: src/modules/proxy/proxy_util.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/proxy/proxy_util.c,v
+retrieving revision 1.83
+diff -u -r1.83 proxy_util.c
+--- proxy_util.c	2000/01/11 14:13:47	1.83
++++ proxy_util.c	2000/02/02 07:59:29
+@@ -844,9 +844,12 @@
+     ap_table_setn(r->notes, "error-notes",
+ 		  ap_pstrcat(r->pool, 
+ 			     "The proxy server could not handle the request "
+-			     "<EM><A HREF=\"", r->uri, "\">",
+-			     r->method, "&nbsp;", r->uri, "</A></EM>.<P>\n"
+-			     "Reason: <STRONG>", message, "</STRONG>", NULL));
++			     "<EM><A HREF=\"", ap_escape_uri(r->pool, r->uri),
++			     "\">", r->method, "&nbsp;", 
++			     ap_escape_html(r->pool, r->uri), "</A></EM>.<P>\n"
++			     "Reason: <STRONG>",
++			     ap_escape_html(r->pool, message), 
++			     "</STRONG>", NULL));
+ 
+     /* Allow the "error-notes" string to be printed by ap_send_error_response() */
+     ap_table_setn(r->notes, "verbose-error-to", ap_pstrdup(r->pool, "*"));
+Index: src/modules/standard/mod_actions.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_actions.c,v
+retrieving revision 1.33
+diff -u -r1.33 mod_actions.c
+--- mod_actions.c	2000/01/11 14:23:03	1.33
++++ mod_actions.c	2000/02/02 07:59:30
+@@ -195,7 +195,8 @@
+ {
+     action_dir_config *conf = (action_dir_config *)
+         ap_get_module_config(r->per_dir_config, &action_module);
+-    const char *t, *action = r->handler ? r->handler : r->content_type;
++    const char *t, *action = r->handler ? r->handler : 
++	ap_field_noparam(r->pool, r->content_type);
+     const char *script;
+     int i;
+ 
+Index: src/modules/standard/mod_autoindex.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_autoindex.c,v
+retrieving revision 1.113
+diff -u -r1.113 mod_autoindex.c
+--- mod_autoindex.c	1999/12/31 05:35:52	1.113
++++ mod_autoindex.c	2000/02/02 07:59:30
+@@ -732,7 +732,7 @@
+ 
+ static char *find_item(request_rec *r, array_header *list, int path_only)
+ {
+-    const char *content_type = r->content_type;
++    const char *content_type = ap_field_noparam(r->pool, r->content_type);
+     const char *content_encoding = r->content_encoding;
+     char *path = r->filename;
+ 
+Index: src/modules/standard/mod_expires.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_expires.c,v
+retrieving revision 1.33
+diff -u -r1.33 mod_expires.c
+--- mod_expires.c	1999/10/21 20:45:26	1.33
++++ mod_expires.c	2000/02/02 07:59:30
+@@ -437,7 +437,8 @@
+     if (r->content_type == NULL)
+         code = NULL;
+     else
+-        code = (char *) ap_table_get(conf->expiresbytype, r->content_type);
++        code = (char *) ap_table_get(conf->expiresbytype, 
++		ap_field_noparam(r->pool, r->content_type));
+ 
+     if (code == NULL) {
+         /* no expires defined for that type, is there a default? */
+Index: src/modules/standard/mod_include.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_include.c,v
+retrieving revision 1.121
+diff -u -r1.121 mod_include.c
+--- mod_include.c	1999/12/31 05:35:52	1.121
++++ mod_include.c	2000/02/02 07:59:30
+@@ -922,7 +922,10 @@
+ {
+     char tag[MAX_STRING_LEN];
+     char *tag_val;
++    enum {E_NONE, E_URL, E_ENTITY} encode;
+ 
++    encode = E_ENTITY;
++
+     while (1) {
+         if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1))) {
+             return 1;
+@@ -931,7 +934,15 @@
+             const char *val = ap_table_get(r->subprocess_env, tag_val);
+ 
+             if (val) {
+-                ap_rputs(val, r);
++		if (encode == E_NONE) {
++		    ap_rputs(val, r);
++		}
++		else if (encode == E_URL) {
++		    ap_rputs(ap_escape_uri(r->pool, val), r);
++		}
++		else if (encode == E_ENTITY) {
++		    ap_rputs(ap_escape_html(r->pool, val), r);
++		}
+             }
+             else {
+                 ap_rputs("(none)", r);
+@@ -940,6 +951,19 @@
+         else if (!strcmp(tag, "done")) {
+             return 0;
+         }
++	else if (!strcmp(tag, "encoding")) {
++	    if (!strcasecmp(tag_val, "none")) encode = E_NONE;
++	    else if (!strcasecmp(tag_val, "url")) encode = E_URL;
++	    else if (!strcasecmp(tag_val, "entity")) encode = E_ENTITY;
++	    else {
++		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
++			    "unknown value \"%s\" to parameter \"encoding\" of "
++			    "tag echo in %s",
++			    tag_val, r->filename);
++		ap_rputs(error, r);
++	    }
++	}
++
+         else {
+             ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+                         "unknown parameter \"%s\" to tag echo in %s",
+@@ -2116,7 +2140,8 @@
+     }
+     else if (!strcmp(tag, "done")) {
+         for (i = 0; i < arr->nelts; ++i) {
+-            ap_rvputs(r, elts[i].key, "=", elts[i].val, "\n", NULL);
++            ap_rvputs(r, ap_escape_html(r->pool, elts[i].key), "=", 
++		ap_escape_html(r->pool, elts[i].val), "\n", NULL);
+         }
+         return 0;
+     }
+Index: src/modules/standard/mod_log_config.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_log_config.c,v
+retrieving revision 1.80
+diff -u -r1.80 mod_log_config.c
+--- mod_log_config.c	1999/12/15 23:04:22	1.80
++++ mod_log_config.c	2000/02/02 07:59:30
+@@ -391,7 +391,7 @@
+ {
+     const char *cp = ap_table_get(r->headers_out, a);
+     if (!strcasecmp(a, "Content-type") && r->content_type) {
+-        cp = r->content_type;
++        cp = ap_field_noparam(r->pool, r->content_type);
+     }
+     if (cp) {
+         return cp;
+Index: src/modules/standard/mod_status.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_status.c,v
+retrieving revision 1.110
+diff -u -r1.110 mod_status.c
+--- mod_status.c	2000/01/12 15:55:02	1.110
++++ mod_status.c	2000/02/02 07:59:31
+@@ -597,9 +597,10 @@
+ 			format_byte_out(r, bytes);
+ 			ap_rputs(")\n", r);
+ 			ap_rprintf(r, " <i>%s {%s}</i> <b>[%s]</b><br>\n\n",
+-			    score_record.client,
++			    ap_escape_html(r->pool, score_record.client),
+ 			    ap_escape_html(r->pool, score_record.request),
+-			    vhost ? vhost->server_hostname : "(unavailable)");
++			    vhost ? ap_escape_html(r->pool, 
++				vhost->server_hostname) : "(unavailable)");
+ 		    }
+ 		    else {		/* !no_table_report */
+ 			if (score_record.status == SERVER_DEAD)
+@@ -671,8 +672,9 @@
+ 			else
+ 			    ap_rprintf(r,
+ 			     "<td>%s<td nowrap>%s<td nowrap>%s</tr>\n\n",
+-			     score_record.client,
+-			     vhost ? vhost->server_hostname : "(unavailable)",
++			     ap_escape_html(r->pool, score_record.client),
++			     vhost ? ap_escape_html(r->pool, 
++				vhost->server_hostname) : "(unavailable)",
+ 			     ap_escape_html(r->pool, score_record.request));
+ 		    }		/* no_table_report */
+ 		}			/* !short_report */

Propchange: httpd/site/trunk/content/info/css-security/apache_1.3.11_css_patch.txt
------------------------------------------------------------------------------
    svn:eol-style = native

Added: httpd/site/trunk/content/info/css-security/apache_specific.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/info/css-security/apache_specific.html?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/info/css-security/apache_specific.html (added)
+++ httpd/site/trunk/content/info/css-security/apache_specific.html Sun May  6 13:14:42 2012
@@ -0,0 +1,105 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<HTML>
+ <HEAD>
+  <TITLE>Cross Site Scripting Info: Apache Specific</TITLE>
+ </HEAD>
+
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+ <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#000080" 
+       ALINK="#FF0000">
+  <DIV ALIGN="CENTER">
+   <IMG SRC="../../images/apache_sub.gif" ALT="[APACHE DOCUMENTATION]">
+  </DIV>
+  <H1 ALIGN="CENTER">Cross Site Scripting Info: Apache Specific</H1>
+
+<H2>Introduction:</H2>
+
+<P>While reviewing the Apache code for any problems related to this
+problem, we have discovered a number of issues.  Many of them are
+not bugs in Apache, but are places where Apache can do more to
+avoid being vulnerable to the Cross Site Scripting security problem.
+None of the changes fix any security holes in Apache itself that
+can compromise the server directly, but are focused towards its
+interaction with clients.
+
+<P>Included below is a summary of the current known issues and
+fixes, where available.  This information will be expanded on as
+information becomes available and time permits.
+
+<H2>Issues outstanding:</H2>
+<UL>
+
+<LI>Older versions of the <CODE>printenv</CODE> CGI script distributed with
+Apache did not properly encode their output.  If you have one of these on
+your system, and this issue impacts your site, you should disable the CGI.
+
+<LI>Current versions of <CODE>printenv</CODE> and <CODE>test-cgi</CODE>
+send content with a MIME type of text/plain, meaning that no encoding
+is required or possible.  This was changed effective in Apache
+1.3.11 to fix the problem of <CODE>printenv</CODE> not properly
+encoding its output.  Unfortunately, Microsoft Internet Explorer
+does not respect that MIME type, and incorrectly processes the
+output as HTML that is what it guesses it to be.  This security
+problem has been reported to Microsoft.  At this time, the recommended
+workaround is to simply remove the <CODE>printenv</CODE> and
+<CODE>test-cgi</CODE> scripts from your site if this issue impacts
+you.
+
+<LI>If you do have other legitimate text/plain content on your site
+that is generated based on user input, you may need to configure
+your server to prevent IE from accessing it or change it to text/html
+so you can encode it.  Alternatively, you can filter special
+characters if that is possible in your situation.  Thankfully, this
+only impacts a very few sites.
+
+<LI>A number of Apache modules such as <CODE>mod_status</CODE> do not
+set an explicit character set on their output.  Using the AddDefaultCharset
+directive will work around this.  The modules that don't set an explicit
+character set are not normally accessible to users and they are not 
+thought to pose a significant risk.
+
+<LI>What is necessary to ensure that sites that legitimately use character
+sets with different encodings of special characters, such as UTF-7, are 
+protected.  How can Apache facilitate this?  This is a major issue for 
+those with a significant amount of content in character sets other than
+iso-8859-1.
+
+
+</UL>
+
+<H2>Fixes from CHANGES file:</H2>
+<P>These will be expanded on as time permits.  These patches are available
+in the current <A HREF="apache_1.3.11_css_patch.txt">Apache patch</A> 
+against Apache 1.3.11.
+
+<PRE>
+  *) Add an explicit charset=iso-8859-1 to pages generated by
+     ap_send_error_response(), such as the default 404 page.
+     [Marc Slemko]
+
+  *) Add the AddDefaultCharset and AddDefaultCharsetName directives.
+     These allow you to tell Apache to specify the given character
+     set on any document that does not have one explicitly specified in
+     the headers.  [Marc Slemko]
+
+  *) Properly escape various messages output to the client from a number
+     of modules and places in the core code.  [Marc Slemko]
+
+  *) Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to
+     not consider any parameters such as charset when making decisions
+     based on content type.  This does remove some functionality for
+     some users, but means that when these modules are configured to do
+     particular things with particular MIME types, the charset should
+     not be included.  A better way of addressing this for users who
+     want to set things on a per charset basis is necessary in the future.
+     [Marc Slemko]
+
+  *) mod_include now entity encodes output from "printenv" and "echo var"
+     by default.  The encoding for "echo var" can be set to URL encoding
+     or no encoding using the new "encoding" attribute to the echo tag.
+     [Marc Slemko]
+
+</PRE>
+
+</BODY>
+</HTML>

Propchange: httpd/site/trunk/content/info/css-security/apache_specific.html
------------------------------------------------------------------------------
    svn:eol-style = native

Added: httpd/site/trunk/content/info/css-security/encoding_examples.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/info/css-security/encoding_examples.html?rev=1334622&view=auto
==============================================================================
--- httpd/site/trunk/content/info/css-security/encoding_examples.html (added)
+++ httpd/site/trunk/content/info/css-security/encoding_examples.html Sun May  6 13:14:42 2012
@@ -0,0 +1,167 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<HTML>
+ <HEAD>
+  <TITLE>Cross Site Scripting Info: Encoding Examples</TITLE>
+ </HEAD>
+
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+ <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#000080" 
+       ALINK="#FF0000">
+  <DIV ALIGN="CENTER">
+   <IMG SRC="../../images/apache_sub.gif" ALT="[APACHE DOCUMENTATION]">
+  </DIV>
+  <H1 ALIGN="CENTER">Cross Site Scripting Info: Encoding Examples</H1>
+
+<H2>Introduction:</H2>
+
+<P>We trust you are already familiar with the Cross Site Scripting
+security problem and the concept behind how it works.  If not, see
+the <A HREF="http://www.cert.org/advisories/CA-2000-02.html">CERT
+Advisory CA-2000-02</A> that has been released on this issue for 
+details before continuing.
+
+<P>This document focuses on how you can safely encode data before 
+it is output to the client.  The main method of doing this is through
+entity encoding, as described in the CERT advisory, using entities
+such as "&amp;lt;".
+
+<H2>General Comments on Encoding:</H2>
+
+<P>Note that, in general, many functions that perform entity encoding
+do so in a way which is only suitable for use outside attribute
+values, in normal block level elements such as a paragraph of text.
+Many of the functions referenced below are in this category.  This
+means they may not encode characters such as the double or single
+quote.  If you don't use quotation marks around an attribute value
+supplied from user input, then you need to encode even more
+characters.  Always use quotes and you won't have to worry about
+that particular issue.
+
+<P>Unfortunately, the situation for encoding data within attribute
+values or within the body scripts (eg. within "&lt;SCRIPT&gt;"
+tags) is more complex and less understood.  If you are in this 
+situation, you may be wise to consider filtering special characters
+(as described in the <A
+HREF="http://www.cert.org/tech_tips/malicious_code_mitigation.html">CERT
+Tech Tip</A>) instead of encoding them.  Generally, encoding is 
+recommended because it does not require you to make a decision about
+what characters could legitimately be entered and need to be passed
+through and it has less of an impact on existing functionality.  
+
+<P>The reason why safely encoding data within attribute values is 
+difficult is because some characters that are not considered special
+characters can be arranged to have unexpected effects in certain
+attribute values.  This is very specific to the tag the attribute
+is associated with and to how the client interprets it.  For example,
+if you let the user enter the value for a HREF attribute, and you
+encode it properly, you could end up outputting a tag such as:
+
+<PRE>
+&lt;A HREF="javascript:document.writeln(document.cookie + &amp;quot;&amp;lt;BR&amp;gt;&amp;quot;)"&gt;
+</PRE>
+
+Even though you have properly encoded special characters, many popular
+browsers will interpret a "javascript:" URL as containing JavaScript
+to execute in the context of the current document.
+
+<P>One of the issues that is still unresolved is exactly what HTML 
+tags are "safe" to allow through, and what the algorithm for doing so
+is like.  Many sites wish to allow users to enter a limited subset
+of "safe" HTML.  This is still very much an open issue.  It has been 
+an issue for quite some time, and it is our hope that this Cross Site
+Scripting problem will help prompt more work into addressing it.
+
+<P>If you are encoding user entered data in a URL, then URL encoding (also
+known as percent encoding) is appropriate.  Unfortunately, this can be
+a complex thing to get right because the special characters in "http://",
+for example, must remain unencoded because they are part of the syntax
+of the URL.  Better solutions to deal with this are necessary.
+
+<P>Also note that some URL encoding functions encode a space into a "+" for
+historical reasons.  This will only work in the query string for CGIs, and
+will not properly encode a space in other parts of the URL.
+
+<P>We realize that all these special situations and the lack of a single
+bulletproof set of steps for encoding user data, wherever it may occur on 
+the page, makes the task of fixing this problem quite challenging in some
+cases.  We wish we had a better answer, and are working on filling in the
+fuzzy areas.
+
+<H2>PHP Example:</H2>
+
+<PRE>
+&lt;?
+$Text = "foo&lt;b&gt;bar";
+$URL = "foo&lt;b&gt;bar.html";
+echo HTMLSpecialChars($Text), "&lt;BR&gt;";     
+echo "&lt;A HREF=\"", rawurlencode($URL), "\"&gt;link&lt;/A&gt;";
+?&gt;
+</PRE>
+
+<P>Note that PHP also has a strip_tags() function that will remove all 
+HTML tags from a string.  Using this function in a manner such as:
+
+<PRE>
+	echo strip_tags($Text);
+</PRE>
+
+will strip all HTML from the input.  However, if you use it in the form:
+
+<PRE>
+	echo strip_tags($Text, "&lt;B&gt;");
+</PRE>
+
+which only allows the "&lt;B&gt;" tag through, you are still often
+vulnerable to users inserting script code.  By design, this function
+does not strip attributes from the tags.  This means it is often
+possible to include things such as JavaScript event attributes.
+An example of a tag that would be allowed by the above strip_tags()
+call is:
+
+<PRE>
+	&lt;B onmouseover="document.location='http://www.cert.org/'"&gt;
+</PRE>
+
+<P>Some clients accept such attributes on tags that are otherwise benign.
+
+<H2>Apache Module Example:</H2>
+
+<PRE>
+char *Text = "foo&lt;b&gt;bar";
+char *URL = "foo&lt;b&gt;bar.html";
+ap_rvputs(r, ap_escape_html(r-&gt;pool, Text), "&lt;BR&gt;", NULL);
+ap_rvputs(r, "&lt;A HREF=\"", ap_escape_uri(r-&gt;pool, URL), "\"&gt;link&lt;/A&gt;", NULL);
+</PRE>
+
+<H2>mod_perl Example:</H2>
+
+<PRE>
+$Text = "foo&lt;b&gt;bar";
+$URL = "foo&lt;b&gt;bar.html";
+$r-&gt;print(Apache::Util::escape_html($Text), "&lt;BR&gt;");
+$r-&gt;print("&lt;A HREF=\"", Apache::Util::escape_uri($URL), "\"&gt;link&lt;/A&gt;");
+</PRE>
+
+<P>This uses the same functions as in the Apache Module Example, called
+from Perl instead of directly from C.
+
+<H2>Perl Example:</H2>
+
+<PRE>
+use CGI ();
+$Text = "foo&lt;b&gt;bar";
+$URL = "foo&lt;b&gt;bar.html";
+print CGI::escapeHTML($Text), "&lt;BR&gt;";
+print qq(&lt;A HREF="), CGI::escape($URL), qq("&gt;link&lt;/A&gt;);
+</PRE>
+
+<P>Note that if you use the CGI.pm module in its full intended role,
+instead of just using helper functions from it, it will automatically 
+encode special characters in many places.  Unfortunately, this is yet
+again likely not sufficient in all situations.  See the documentation at 
+<A HREF="http://stein.cshl.org/WWW/software/CGI/">
+http://stein.cshl.org/WWW/software/CGI/</A> for more details on what
+this module can do.
+
+</BODY>
+</HTML>

Propchange: httpd/site/trunk/content/info/css-security/encoding_examples.html
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message