httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <>
Subject Re: Announcing mod_websocket v0.1.0
Date Wed, 11 Nov 2015 06:26:22 GMT

> Am 10.11.2015 um 21:34 schrieb Jacob Champion <>:
> I'm happy to announce version 0.1.0 of mod_websocket:
> mod_websocket is an Apache 2.x module that allows developers to write C-
> and C++-based WebSocket services. The intent is for mod_websocket-plugin
> writers to develop their WebSocket services completely independently of
> the Apache server API. Currently, both httpd 2.2 and 2.4 are supported.
> I am not the original author of mod_websocket; it's been orphaned for a
> couple of years now, and I'm stepping in as a new primary maintainer. So
> if you're interested in the development or use of this module, now is an
> excellent time to get involved! Download and test the code, file issues
> (or try your hand at fixing one), star/fork the repo on GitHub, etc. Any
> and all feedback is appreciated.
> = Major New Features/Fixes =
> Since the last upstream commit in 2012, here are some of the major
> changes in 0.1.0:
> - Incoming handshakes are now validated and rejected if they do not
>  conform to the WebSocket specification. This is the primary focus of
>  the 0.1.0 release.
> - Cross-origin connections are now rejected by default, and a new
>  WebSocketOriginCheck directive has been added to control this
>  behavior.
> - A major rearchitecture of the threading model fixes occasional crashes
>  when using mod_ssl.
> - Experimental CMake support has been added for Windows builds.
> - An autotest harness has been added, which uses the Autobahn TestSuite.
> A full changelist can be seen at the release description on GitHub.
> = Major Known Issues =
> This is a pre-release, zero-dot module. There are known issues that may
> preclude its use in production systems. Please understand them and take
> steps to avoid them if you decide to deploy mod_websocket.
> - mod_reqtimeout will prematurely close idle WebSocket connections if it
>  is in use.
> - Apache worker threads are completely monopolized by WebSocket
>  connections. This makes it possible for a large number of connections
>  to DoS the server.
> - mod_websocket suffers from poor performance when receiving extremely
>  fragmented messages (i.e. a large number of small frames). In an
>  untrusted environment, this could also lead to a denial of service
>  condition.
> A more complete (but not necessarily exhaustive) list is available at
> the repo page on GitHub:
> = Binary Compatibility =
> The plugin ABI is *not* yet stable, but the 0.1.x line is
> binary-compatible with the original upstream fork. So if you already
> have mod_websocket plugins based on the original repository, no changes
> should be required for you to use them with this release. There *will*
> eventually be an ABI bump (0.2.x) to fix some known issues with the
> interfaces, but I'll do my best to consolidate those compatibility
> breaks and drive towards a 1.0 as soon as possible.
> Thanks for your interest!
> --Jacob Champion

View raw message