From: Rob Hartill <hartill@ooo.lanl.gov>
Message-Id: <199602060711.AA108450709@ooo.lanl.gov>
Subject: New features chart (fwd)
To: new-httpd@hyperreal.com (Apache)
Date: Tue, 6 Feb 96 0:11:49 MST
Mailer: Elm [revision: 70.85]
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com


Oh boy. Anyone have a week to spare?

****** PLEASE DON'T BOUNCE HALF COMPLETED FORMS BACK AT ME ********

If you have time to complete the form, let everyone know
you're working on it (to save replicating effort), then mail
the results so that we can all verify them.

ta,
rob


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


X-Sender: wwwserv@proper.com
Message-Id: <v02140400ad3c8cbe31d2@[205.199.113.17]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 5 Feb 1996 21:06:53 -0800
To: (Web authors)
From: www-servers@proper.com (WWW server FAQ)
Subject: New features chart
Status: RO

Greetings, all. I hope that you have found your participation in the Web
servers comparison chart worthwhile. The chart is about to make a big
change on March 1st, and I think this will draw more readers to the chart.
(Incidentally, the servers survey is about to get some big coverage in
WebWeek, which will bring even more people to the features chart.)

In order to make this next step, I need each of you to resubmit your
information. The main reasons for this are that I have now added a
description of each feature and I have reworded some of the feature names.
There is a fair amount of ambiguity on some of the features in the current
chart, and I hope these feature descriptions will help resolve that. Of
course, the full feature descriptions you see here will be available with
the new chart.

Please fill in the following as soon as possible. As a slight inducement,
I'll be putting a beta of the revised chart up soon, and only those who
have sent in their responses will get to see it and [praise|criticize] the
new layout and features. Yes, the new chart will come with HTML tables (and
non-tables for folks with non-table browsers).

Of course, I'm still open to suggestions for new features. The feature set
for version 4.0 is set, but I hope to be adding new features each month.
Please let me know what you think, and respond with your new answers as
soon as possible.

--Paul Hoffman
--Proper Publishing

Greetings. I maintain the popular list of supported Web server software,
which you can see at <http://www.proper.com/www/servers-chart.html>. I
would like to add your server to the list. Note that the chart below is
different than the one on the server now: it contains many more features,
and different wording for some of the features in the old chart.

Please answer all the questions below using the feature explanation at the
bottom of this letter. Note that the vast majority of the entries are
yes-no questions: please use "Y" and "N" or "yes" and "no". For features
that are not applicable to your operating system, enter an "X". Note that
entries with a single asterisk (*) are for text responses (not a simple "Y"
or "N"), and entries with a double asterisk (**) can only be answered with
one of the responses indicated in the feature explanation.

Please do not say things like "next release" or "soon"; these responses
don't make it into the full chart and just make it harder for me to enter
your information. Also, please don't add your own desired features to your
response; instead, send separte mail to www-servers@proper.com. If you have
any questions about the format, please feel free to ask me.

I also need the email address of a technical contact person for
further queries. This will be kept internal to WebCompare and I keep these
names private, so there is no formal mailing list involved. I will send
all requests for more information to the address given in this field. I
expect to be adding new features to the chart each month, and having
a responsive person answering questions will assure you that your server
gets the best possible exposure in the chart.

--Paul Hoffman, Editor
--WebCompare

Full name of server: *
Email address of technical contact: *
Version described:

---Operating Systems---
Unix:
Windows NT:
Windows 95:
Windows 3.1:
OS/2:
Macintosh OS:
Novell Netware:
VMS:
Amiga OS:
AS/400:
VM/CMS:
MS-DOS:
Unix variants: *
Windows NT CPUs: *

---Launching and Logging---
Can run from inetd (Unix systems only):
Can serve different directory roots for different IP addresses:
Runs as Windows NT service and/or application:
Logging with syslog (Unix) or Event Log (Windows NT):
CERN/NCSA common log format:
Log files can be automatically cycled or archived:
Normal (hit) log entries can be customized:
Can write to multiple logs:
Server can generate non-hit log entries (such as comments):
CGI scripts can create their own log entries:
Performance measurment logs:
Can generate referer log entries:
Can generate browser log entries:
Can track individual users in log:

---Protocol Support and Includes---
Automatic response to If-Modified-Since:
Select documents based on Accept header:
Select documents based on User-Agent header:
Includes based on HTML comments:
Includes can be based on request headers:
Server can force includes:
Automatically include any HTTP headers in responses:
Access to server state variables from CGI or other scripting:
Has built-in scripting language:
Has built-in image-map handling:
Supports some sort of PUT method:
Non-supported methods can invoke a script:
Supports the Windows CGI interface:
Comes with SNMP agent:
The name that is shown in the "Server:" response header: *

---Security---
Can require password (Authorization: user):
Supports SSL v. 2:
Supprots SSL v. 3:
Supports S-HTTP:
Prohibit by domain name:
Prohibit by IP address:
Configurable user groups (not just a single user list):
Can change user access control list without restarting server:
Can hide part of a document based on security rules:
Security rules can be based on URLs:
Default security model for file-based documents: **
Hierarchical permissions for directory-based documents:
Additional security features: *

---Other Features---
GUI-based setup:
GUI-based maintenance:
Remote maintenance:
Real-time performance measurement tools:
Script or action based on output media type:
Also serves other TCP protocols: *
Automatic directory tree:
User directories:
Search engine: *
Has direct (non-CGI) link to a DBMS:
Includes user interaction tools
: *
Also acts as an HTTP proxy server:
Proxy server also caches:
Includes full source code for server: **
Pricing: **
Best features (as described by server author): *
URL for more information: *

===Feature Descriptions===


Version described
The most recent version reported from the server manufacturer. The values
in this chart are for this version. This version must be publicly
available, meaning that any customer who wants to get this version can.
Beta versions are acceptable as long as there is no limitation on the
number of beta testers.

---Operating Systems---

Unix
Runs on at least one variant of Unix

Windows NT
Runs on Windows NT 3.5 on Intel

Windows 95
Windows 95

Windows 3.1
Windows 3.1

OS/2
OS/2 Warp

Macintosh OS
Macintosh OS

Novell Netware
Novell's Netware

VMS
DEC's VMS

Amiga OS
AmigaOS

AS/400
IBM's AS/400 for minicomputers

VM/CMS
IBM's VM/CMS for mainframes

MS-DOS
Runs under plain MS-DOS

Unix variants
For Unix-based servers, the Unix variants on which the server runs. This
list should be as specific as possible. For example, "Solaris" is not
specific enough if the server runs on "Solaris for SPARC" but not "Solaris
for Intel".

Windows NT CPUs
For NT-based servers, the CPUs on which the server is available. The
choices are "Intel", "MIPS", "PowerPC", and "Alpha".

---Launching and Logging---

Can run from inetd (Unix systems only)
Many Unix-based servers must be run as daemons (that is, all the time).
Others can be started each time a request comes in using the inetd daemon.
Running from inetd is more reliable, since the server can't crash between
requests; however, running from inetd takes many more system resources and
can be much slower. Some servers that have a "Yes" for this feature allow
you to run from inetd, but it is not recommended.

Can serve different directory roots for different IP addresses
If the operating system allows a single CPU to have more than one IP
address (most commonly by having more than one network interface card), it
is nice if the Web server can use different IP addresses to indicate
different Web sites. The easiest way to do this is to say that each IP
address gets a different directory tree to serve from.

Runs as Windows NT service and/or application
For NT-based servers, whether the server is available as an application, a
service, or both.

Logging with syslog (Unix) or Event Log (Windows NT)
These two logging systems allow many servers to keep consistent logs
regardless of load.

CERN/NCSA common log format
Logs are kept in the same format as the CERN and NCSA servers. The format
is:


remote_host ident authuser [date-time] "Request-Line" Status-Code bytes


remote_host: client DNS hostname, or IP address if not available

ident: the identity check token or "-" if not given

authuser: the Authorization username or "-" if not given

data-time: dd/Mmm/yyyy:hh:mm:ss zone

zone: +dddd  or -dddd

Request-Line: exactly as received from client

Status-Code: result from server or "-" if unknown

bytes: size of Entity-Body transmitted or "-" if unknown

Log files can be automatically cycled or archived
The Web administrator can specify that new logs are started regularly
(normally each day), and that old logs are kept for later review.

Normal (hit) log entries can be customized
The format of the log can be changed to be in a different order or to
include different fields.

Can write to multiple logs
Some servers keep many logs, such as error logs. Others allow the same
information to be written to different logs in different formats, with the
formats often defined by the administrator. Others allow different logs for
different kinds of actions (GET vs. POST, for example).

Server can generate non-hit log entries (such as comments)
Particular events (time passing, server load over a certain limit) can
generate entries in the log.

CGI scripts can create their own log entries
CGI scripts can enter information in the log, such as security alerts or
abnormal user requests.

Performance measurment logs
These can be logs of items such as server load, number of hits per minute,
number of requests refused due to being too busy, and number of requests
aborted mid-transmission.

Can generate referer log entries
It is important for many Web administrators to know how people found out
about their site. This referer log can either be integrated with the
stanard log, be its own log, or just be a field that an administrator can
add to custom logs.

Can generate browser log entries
Determining which browsers (more properly called "user agents") are being
used to view a site can help determine which features to use. This log can
either be integrated with the stanard log, be its own log, or just be a
field that an administrator can add to custom logs.

Can track individual users in log
Some servers can track users as they move around a Web site using automatic
cookie-generation and other techniques. In order to qualify for this
feature, the server must do user tracking automatically without the Web
administrator having to make changes to the HTML source of the content.

---Protocol Support and Includes---

Automatic response to If-Modified-Since
The server responds to all GET requests that have If-Modified-Since headers
without using CGI scripts. See section 10.9 of the HTTP/1.0 spec.

Select documents based on Accept header
The server allows the Web administrator to specify a set of responses that
all may be returned for the same URL, and the rules for how the server
chooses between them based on the Accept, Accept-Charset, Accept-Encoding,
and Accept-Language headers. These rules must be implemented without CGI
scripts. Note that the Accept headers are no longer part of the HTTP/1.0
spec.

Select documents based on User-Agent header
The server allows the Web administrator to specify a set of responses that
all may be returned for the same URL depending on the value in the
User-Agent header. This must be implemented without CGI scripts. See
section 10.16 of the HTTP/1.0 spec.

Includes based on HTML comments
Document authors can include HTML comments that the server expands into
standard information before the document is sent out.

Includes can be based on request headers
Server-side includes can be triggered by values of request headers. For
example, the include might be a construct "if-User-Agent-is Netscape" or
"if-Referer-is"

Server can force includes
The server can force information to appear at the beginning or end of  all
documents, of certain document types, or of documents in a particular
directory.

Automatically include any HTTP headers in responses
Without using CGI, the server can include any administrator-defined headers
in responses for all document types.

Access to server state variables from CGI or other scripting
Scripts or programs written by the Web administrator can include non-CGI
values such as date, time, server load, number of accesses in a particular
timeframe, and so on.

Has built-in scripting language
Servers with built-in scripting languages usually let a Web administrator
do more to customize their site using fewer programming skills. These
scripting languages also often allow greater access to the state variables
than plain CGI interfaces.

Has built-in image-map handling
Built-in image map handling means that the description of the hot spots of
an image map can be entered using something other than CGI scripts. Some
servers implement this feature with HTML comments, others as server
directives that are usually easier to enter than CGI script commands.

Supports some sort of PUT method
The PUT method was not well-defined in the early HTTP/1.0 drafts, and the
final draft will not describe how it actually works. Nonetheless, some
servers and clients support some form of the PUT method, although there are
no guarantee of compatibility between them.

Non-supported methods can invoke a script
If a client sends a non-supported method, the server may automatically
start a script or program instead of just sending back a 501 error. This
feature allows Web administrators to deal with methods not anticipated by
the server author.

Supports the Windows CGI interface
The server supports the Windows CGI protocol, defined at
<http://www.city.net/win-httpd/httpddoc/wincgi.htm>. This is an extended
CGI mostly of use only to Windows-based servers.

Comes with SNMP agent
The Simple Network Management Protocol lets network administrators watch
and change remote services. To qualify for this feature, HTTP servers must
have their own SNMP agents (and the accompanying MIB) since there is no
standard agent and MIB for HTTP servers.

The name that is shown in the "Server:" response header
Each server software should respond with its name in the Server: response
header, as described in section 10.15 of the HTTP/1.0 spec. Note that a few
servers reply with names that contain spaces; this violates the HTTP/1.0
spec.

---Security---

Can require password (Authorization: user)
The server can require realm-based passwords, as described in section 11 of
the HTTP/1.0 spec.

Supports SSL v. 2
The server can communicate using the SSL version 2 protocol described at

http://www.proper.com/www/draft-hickman-netscape-ssl

Supprots SSL v. 3
The server can communicate using the SSL version 2 protocol described at
http://www.proper.com/www/draft-freier-ssl-version3

Supports S-HTTP
The server can communicate using using the S-HTTP protocol currently
described at http://www.proper.com/www/draft-ietf-wts-shttp

Prohibit by domain name
The Web administrator can deny access to some or all documents based on the
requestor's domain name. The domain name is determined by a reverse-lookup
on the requestor's IP address (not using the From header field).

Prohibit by IP address
The Web administrator can deny access to some or all documents based on the
requestor's IP address.

Configurable user groups (not just a single user list)
The Web administrator can create multiple user groups based on domain name,
IP address, or authenticated user name of requestors. The user groups then
determine access to documents.

Can change user access control list without restarting server
Changes to the access control list(s) take effect without the Web
administrator having to restart the server software.

Can hide part of a document based on security rules
Within a single document, you may want to display certain parts only to
certain users. Servers that allow this have security rules that hide those
parts except for users in particular user groups, or those coming from
certain domain names or IP addresses.

Security rules can be based on URLs
Security rules can be set for resources based on the URL requested instead
of the file to which the URL might refer.

Default security model for file-based documents
The model that describes the basic security for files if no other security
is specified. The four choices are:

Deny access to all files unless listed in an access file

Allow access to all files unless listed in an access file

Allow access to all files (no access file)

Doesn't access file system at all (pure database)

Hierarchical permissions for directory-based documents
If a file comes from a directory that has no access file, the server checks
each sucessively higher level of the directory tree and uses the
permissions of the first access file found.

Additional security features
Many servers have security features other than those listed here. Few are
standardized, and many have not been extensively tested on the Web.

---Other Features---

GUI-based setup
The server is configured using a GUI program (instead of editing a text
file).

GUI-based maintenance
The server's running information (hit counts, load, performance) is
displayed using a GUI (instead of as a text file).

Remote maintenance
The server software can have its configuration changed using a terminal or
client program running on a computer different than the server. The remote
connection must be able to be established using software that comes as part
of the operating system or the server software (no extra expense for the
remote software).

Real-time performance measurement tools
The server has real-time indicators for turnaround time for requests and/or
number of requests refused because the server was too busy.

Script or action based on output media type
The Web administrator can specify a program automatically run or an action
automatically be taken if the outgoing document has a particular media type
(such as "image/gif"). This is useful for repackaging documents as
"multipart/alternative", or for adding additional headers for certain media
types.

Also serves other TCP protocols
A few Web server packages also serve other TCP protocols such as Gopher and
FTP.

Automatic directory tree
If the URL is for a file directory (not a specific file), the server is
able to respond with a listing of all the readable files in that directory.

User directories
The server can remap file directories from outside its normal directory
hierarchy to within the hierarchy without using filesystem aliases. This is
normally done to all users to make part of their home directory space be
available on a central Web site.

Search engine
The server includes a built-in search engine.

Has direct (non-CGI) link to a DBMS
The server has a direct link to a DBMS package that does not require a CGI
script to use. Such servers usually create an active link to the DBMS when
they start up and keep the link open the entire time they run. Thus, DBMS
requests through such a server is inherently faster than through a CGI that
must start up the DBMS link each time it is run.

Includes user interaction tools

The server software includes software that helps users of the Web site
communicate with each other, and that interaction software is supported to
the same level as the core server software is.

Also acts as an HTTP proxy server
The server software can also be used as an HTTP proxy.

Proxy server also caches
If the server software can also be used as an HTTP proxy, that proxy also
acts as a caching proxy.

Includes full source code for server
The server comes with full source code for compiling it from scratch. This
gives the Web administrator great assurance that the code is secure, and
allows a programmer to change the way the server works if that is desired.
The possible responses are:
Always included
Extra fee
None available

Pricing
The choices are:

Commercial

Free

Free with fee for support

Shareware

Best features (as described by server author)
Every server author has opinions about why their server is better than
others. This is a short (25 words or fewer) description of what the server
author or company thinks are the best features of the server.

URL for more information
Link to the server's home site.