1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
|
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.en.xsl"?>
<!-- $LastChangedRevision$ -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<manualpage metafile="new_features_2_4.xml.meta">
<title>Overview of new features in Apache HTTP Server 2.4</title>
<summary>
<p>This document describes some of the major changes between the
2.2 and 2.4 versions of the Apache HTTP Server. For new features since
version 2.0, see the <a href="new_features_2_2.html">2.2 new features</a>
document.</p>
</summary>
<section id="core">
<title>Core Enhancements</title>
<dl>
<dt>Run-time Loadable MPMs</dt>
<dd>Multiple MPMs can now be <a href="mpm.html#dynamic">built
as loadable modules</a> at compile time.
The MPM of choice can be configured at run time via <directive
module="mod_so">LoadModule</directive> directive.</dd>
<dt>Event MPM</dt>
<dd>The <a href="mod/event.html">Event MPM</a> is no longer experimental
but is now fully supported.</dd>
<dt>Asynchronous support</dt>
<dd>Better support for asynchronous read/write for supporting MPMs and
platforms.</dd>
<dt>Per-module and per-directory LogLevel configuration</dt>
<dd>The <directive module="core">LogLevel</directive> can now be
configured per module and per directory. New levels <code>trace1</code>
to <code>trace8</code> have been added above the <code>debug</code> log
level.</dd>
<dt>Per-request configuration sections</dt>
<dd><directive module="core" type="section">If</directive>,
<directive module="core" type="section">ElseIf</directive>,
and <directive module="core" type="section">Else</directive>
sections can be used to set the configuration based on per-request
criteria.</dd>
<dt>General-purpose expression parser</dt>
<dd>A new expression parser allows to specify
<a href="expr.html">complex conditions</a> using a common syntax
in directives like
<directive module="mod_setenvif">SetEnvIfExpr</directive>,
<directive module="mod_rewrite">RewriteCond</directive>,
<directive module="mod_headers">Header</directive>,
<directive module="core" type="section">If</directive>,
and others.
</dd>
<dt>KeepAliveTimeout in milliseconds</dt>
<dd>It is now possible to specify <directive module="core"
>KeepAliveTimeout</directive> in milliseconds.
</dd>
<dt>NameVirtualHost directive</dt>
<dd>No longer needed and is now deprecated.</dd>
<dt>Override Configuration</dt>
<dd>The new <directive module="core">AllowOverrideList</directive>
directive allows more fine grained control which directives are
allowed in <code>.htaccess</code> files. </dd>
<dt>Config file variables</dt>
<dd>It is now possible to <directive module="core">Define</directive>
variables in the configuration, allowing a clearer representation
if the same value is used at many places in the configuration.
</dd>
<dt>Reduced memory usage</dt>
<dd>Despite many new features, 2.4.x tends to use less memory than
2.2.x.</dd>
</dl>
</section>
<section id="newmods">
<title>New Modules</title>
<dl>
<dt><module>mod_proxy_fcgi</module></dt>
<dd>FastCGI Protocol backend for <module>mod_proxy</module></dd>
<dt><module>mod_proxy_scgi</module></dt>
<dd>SCGI Protocol backend for <module>mod_proxy</module></dd>
<dt><module>mod_proxy_express</module></dt>
<dd>Provides dynamically configured mass reverse proxies for
<module>mod_proxy</module></dd>
<dt><module>mod_remoteip</module></dt>
<dd>Replaces the apparent client remote IP address and hostname for the request
with the IP address list presented by a proxies or a load balancer via
the request headers.</dd>
<dt><module>mod_heartmonitor</module>,
<module>mod_lbmethod_heartbeat</module></dt>
<dd>Allow <module>mod_proxy_balancer</module> to base loadbalancing decisions
on the number of active connections on the backend servers.</dd>
<dt><module>mod_proxy_html</module></dt>
<dd>Formerly a third-party module, this supports fixing of HTML
links in a reverse proxy situation, where the backend generates
URLs that are not valid for the proxy's clients.</dd>
<dt><module>mod_sed</module></dt>
<dd>An advanced replacement of <module>mod_substitute</module>, allows
to edit the response body with the full power of sed.</dd>
<dt><module>mod_auth_form</module></dt>
<dd>Enables form-based authentication.</dd>
<dt><module>mod_session</module></dt>
<dd>Enables the use of session state for clients, using cookie or
database storage.</dd>
<dt><module>mod_allowmethods</module></dt>
<dd>New module to restrict certain HTTP methods without interfering with
authentication or authorization.</dd>
<dt><module>mod_lua</module></dt>
<dd>Embeds the <a href="http://www.lua.org/">Lua</a> language into httpd,
for configuration and small business logic functions. (Experimental)</dd>
<dt><module>mod_log_debug</module></dt>
<dd>Allows the addition of customizable debug logging at different phases of the
request processing.</dd>
<dt><module>mod_buffer</module></dt>
<dd>Provides for buffering the input and output filter stacks</dd>
<dt><module>mod_data</module></dt>
<dd>Convert response body into an RFC2397 data URL</dd>
<dt><module>mod_ratelimit</module></dt>
<dd>Provides Bandwidth Rate Limiting for Clients</dd>
<dt><module>mod_request</module></dt>
<dd>Provides Filters to handle and make available HTTP request bodies</dd>
<dt><module>mod_reflector</module></dt>
<dd>Provides Reflection of a request body as a response via the output filter stack.</dd>
<dt><module>mod_slotmem_shm</module></dt>
<dd>Provides a Slot-based shared memory provider (ala the scoreboard).</dd>
<dt><module>mod_xml2enc</module></dt>
<dd>Formerly a third-party module, this supports internationalisation
in libxml2-based (markup-aware) filter modules.</dd>
<dt><module>mod_macro</module> (available since 2.4.5)</dt>
<dd>Provide macros within configuration files.</dd>
<dt><module>mod_proxy_wstunnel</module> (available since 2.4.5)</dt>
<dd>Support web-socket tunnels.</dd>
<dt><module>mod_authnz_fcgi</module> (available since 2.4.10)</dt>
<dd>Enable FastCGI authorizer applications to authenticate and/or
authorize clients.</dd>
<dt><module>mod_http2</module> (available since 2.4.17)</dt>
<dd>Support for the HTTP/2 transport layer.</dd>
<dt><module>mod_proxy_http2</module> (available since 2.4.19)</dt>
<dd>HTTP/2 Protocol backend for <module>mod_proxy</module></dd>
<dt><module>mod_proxy_hcheck</module> (available since 2.4.21)</dt>
<dd>Support independent dynamic health checks for remote proxiy backend servers.</dd>
<dt><module>mod_brotli</module> (available since 2.4.26)</dt>
<dd>Support the Brotli compression algorithm.</dd>
<dt><module>mod_md</module> (available since 2.4.30)</dt>
<dd>Support the ACME protocol to automate certificate provisionning.</dd>
<dt><module>mod_proxy_uwsgi</module> (available since 2.4.30)</dt>
<dd>UWSGI gateway module for <module>mod_proxy</module>.</dd>
<dt><module>mod_socache_redis</module> (available since 2.4.39)</dt>
<dd>Support <a href="http://redis.io/">Redis</a> based shared object cache provider.</dd>
<dt><module>mod_systemd</module> (available since 2.4.42)</dt>
<dd>systemd integration. It allows httpd to be used in a service with the systemd
<code>Type=notify</code>.</dd>
</dl>
</section>
<section id="module">
<title>Module Enhancements</title>
<dl>
<dt><module>mod_ssl</module></dt>
<dd><module>mod_ssl</module> can now be configured to use an
OCSP server to check the validation status of a client
certificate. The default responder is configurable, along with
the decision on whether to prefer the responder designated in
the client certificate itself.</dd>
<dd><module>mod_ssl</module> now also supports OCSP stapling, where the
server pro-actively obtains an OCSP verification of its certificate and
transmits that to the client during the handshake. </dd>
<dd><module>mod_ssl</module> can now be configured to share SSL Session
data between servers through memcached</dd>
<dd>EC keys are now supported in addition to RSA and DSA.</dd>
<dd>Support for TLS-SRP (available in 2.4.4 and later).</dd>
<dt><module>mod_proxy</module></dt>
<dd>The <directive module="mod_proxy">ProxyPass</directive> directive
is now most optimally configured within a
<directive module="core">Location</directive> or
<directive module="core">LocationMatch</directive>
block, and offers a significant performance advantage over the traditional
two-parameter syntax when present in large numbers.</dd>
<dd>The source address used for proxy requests is now configurable.</dd>
<dd>Support for Unix domain sockets to the backend (available in 2.4.7
and later).</dd>
<dt><module>mod_proxy_balancer</module></dt>
<dd>More runtime configuration changes for BalancerMembers via balancer-manager</dd>
<dd>Additional BalancerMembers can be added at runtime via balancer-manager</dd>
<dd>Runtime configuration of a subset of Balancer parameters</dd>
<dd>BalancerMembers can be set to 'Drain' so that they only respond to existing sticky
sessions, allowing them to be taken gracefully offline.</dd>
<dd>Balancer settings can be persistent after restarts.</dd>
<dt><module>mod_cache</module></dt>
<dd>The <module>mod_cache</module> CACHE filter can be optionally inserted
at a given point in the filter chain to provide fine control over caching.
</dd>
<dd><module>mod_cache</module> can now cache HEAD requests.</dd>
<dd>Where possible, <module>mod_cache</module> directives can now be set
per directory, instead of per server.</dd>
<dd>The base URL of cached URLs can be customised, so that a cluster of
caches can share the same endpoint URL prefix.</dd>
<dd><module>mod_cache</module> is now capable of serving stale cached
data when a backend is unavailable (error 5xx).</dd>
<dd><module>mod_cache</module> can now insert HIT/MISS/REVALIDATE into
an X-Cache header.</dd>
<dt><module>mod_include</module></dt>
<dd>Support for the 'onerror' attribute within an 'include' element,
allowing an error document to be served on error instead of the default
error string.</dd>
<dt><module>mod_cgi</module>, <module>mod_include</module>,
<module>mod_isapi</module>, ...</dt>
<dd>Translation of headers to environment variables is more strict than
before to mitigate some possible cross-site-scripting attacks via header
injection. Header names containing invalid characters (including underscores)
are no longer converted to environment variables. <a href="env.html">Environment Variables
in Apache</a> has some pointers on how to work around broken legacy
clients which require such headers. (This affects all modules which
use these environment variables.)</dd>
<dt><module>mod_authz_core</module> Authorization Logic Containers</dt>
<dd>Advanced authorization logic may now be specified using the
<directive module="mod_authz_core">Require</directive> directive
and the related container directives, such as
<directive module="mod_authz_core"
type="section">RequireAll</directive>.</dd>
<dt><module>mod_rewrite</module></dt>
<dd><module>mod_rewrite</module> adds the <code>[QSD]</code>
(Query String Discard) and <code>[END]</code> flags for
<directive module="mod_rewrite">RewriteRule</directive> to
simplify common rewriting scenarios.</dd>
<dd>Adds the possibility to use complex boolean expressions in <directive
module="mod_rewrite">RewriteCond</directive>.</dd>
<dd>Allows the use of SQL queries as <directive
module="mod_rewrite">RewriteMap</directive> functions.</dd>
<dt><module>mod_ldap</module>, <module>mod_authnz_ldap</module></dt>
<dd><module>mod_authnz_ldap</module> adds support for nested groups.</dd>
<dd><module>mod_ldap</module> adds
<directive module="mod_ldap">LDAPConnectionPoolTTL</directive>,
<directive module="mod_ldap">LDAPTimeout</directive>, and
other improvements in the handling of timeouts.
This is especially useful for setups where a
stateful firewall drops idle connections to the LDAP server.</dd>
<dd><module>mod_ldap</module> adds
<directive module="mod_ldap">LDAPLibraryDebug</directive> to log
debug information provided by the used LDAP toolkit.</dd>
<dt><module>mod_info</module></dt>
<dd><module>mod_info</module> can now dump the pre-parsed configuration
to stdout during server startup.</dd>
<dt><module>mod_auth_basic</module></dt>
<dd>New generic mechanism to fake basic authentication (available in
2.4.5 and later).</dd>
</dl>
</section>
<section id="programs">
<title>Program Enhancements</title>
<dl>
<dt><program>fcgistarter</program></dt>
<dd>New FastCGI daemon starter utility</dd>
<dt><program>htcacheclean</program></dt>
<dd>Current cached URLs can now be listed, with optional metadata
included.</dd>
<dd>Allow explicit deletion of individual cached URLs from the
cache.</dd>
<dd>File sizes can now be rounded up to the given block size, making
the size limits map more closely to the real size on disk.</dd>
<dd>Cache size can now be limited by the number of inodes, instead
of or in addition to being limited by the size of the files on
disk.</dd>
<dt><program>rotatelogs</program></dt>
<dd>May now create a link to the current log file.</dd>
<dd>May now invoke a custom post-rotate script.</dd>
<dt><program>htpasswd</program>, <program>htdbm</program></dt>
<dd>Support for the bcrypt algorithm (available in 2.4.4 and later).
</dd>
</dl>
</section>
<section id="documentation">
<title>Documentation</title>
<dl>
<dt>mod_rewrite</dt>
<dd>The <module>mod_rewrite</module> documentation has been
rearranged and almost completely rewritten, with a focus on
examples and common usage, as well as on showing you when other
solutions are more appropriate. The <a href="rewrite/">Rewrite
Guide</a> is now a top-level section with much more detail and
better organization.</dd>
<dt>mod_ssl</dt>
<dd>The <module>mod_ssl</module> documentation has been greatly
enhanced, with more examples at the getting started level, in
addition to the previous focus on technical details.</dd>
<dt>Caching Guide</dt>
<dd>The <a href="caching.html">Caching Guide</a> has been rewritten
to properly distinguish between the RFC2616 HTTP/1.1 caching
features provided by <module>mod_cache</module>, and the generic
key/value caching provided by the <a href="socache.html">socache</a>
interface, as well as to cover specialised caching provided by
mechanisms such as <module>mod_file_cache</module>.</dd>
</dl>
</section>
<section id="developer">
<title>Module Developer Changes</title>
<dl>
<dt>Check Configuration Hook Added</dt>
<dd>A new hook, <code>check_config</code>, has been added which runs
between the <code>pre_config</code> and <code>open_logs</code>
hooks. It also runs before the <code>test_config</code> hook
when the <code>-t</code> option is passed to
<program>httpd</program>. The <code>check_config</code> hook
allows modules to review interdependent configuration directive
values and adjust them while messages can still be logged to the
console. The user can thus be alerted to misconfiguration problems
before the core <code>open_logs</code> hook function redirects
console output to the error log.</dd>
<dt>Expression Parser Added</dt>
<dd>We now have a general-purpose expression parser, whose API is
exposed in <var>ap_expr.h</var>. This is adapted from the
expression parser previously implemented in
<module>mod_ssl</module>.</dd>
<dt>Authorization Logic Containers</dt>
<dd>Authorization modules now register as a provider, via
ap_register_auth_provider(), to support advanced authorization logic,
such as <directive module="mod_authz_core" type="section"
>RequireAll</directive>.</dd>
<dt>Small-Object Caching Interface</dt>
<dd>The <var>ap_socache.h</var> header exposes a provider-based
interface for caching small data objects, based on the previous
implementation of the <module>mod_ssl</module> session cache.
Providers using a shared-memory cyclic buffer, disk-based dbm
files, and a memcache distributed cache are currently
supported.</dd>
<dt>Cache Status Hook Added</dt>
<dd>The <module>mod_cache</module> module now includes a new
<code>cache_status</code> hook, which is called when the caching
decision becomes known. A default implementation is provided
which adds an optional <code>X-Cache</code> and
<code>X-Cache-Detail</code> header to the response.</dd>
</dl>
<p>The developer documentation contains a
<a href="developer/new_api_2_4.html">detailed list of API changes</a>.</p>
</section>
</manualpage>
|
